CVE-2026-49189

Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations...

CVE-2026-49189

CVE-2026-49189 involves unchecked public access permissions on a core Broadcast Receiver, enabling unauthorized local software components to invoke administrative operations. The available documents identify the vulnerable component as a Broadcast Receiver and describe the root cause as permissio...

EUVD-2026-34208

Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations...

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from public access rights that are not checked by the core Broadcast Receiver. This vulnerability may allow unauthorized local software component...

CVE-2026-44513

Diffusers 0.38.0 fixes a trust_remote_code bypass in DiffusionPipeline.from_pretrained that allowed arbitrary remote code execution when using custom_pipeline or local snapshots. Root cause: the security gate was checked inside DiffusionPipeline.download(), but some code paths bypassed download()...

CVE-2026-44513 Diffusers: `trust_remote_code` bypass via `custom_pipeline` and local custom components

Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...