CVE-2026-0016

In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

Google Android security vulnerabilities

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from a permission bypass in the handleBondStateChanged method within AdapterService.java. This vulnerability may lead to the disclosure of...

Google Android security vulnerabilities

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from incorrect bounds checking in the setTo method within ResourceTypes.cpp. This vulnerability may lead to out-of-bound reading, resulting i...

Palo Alto Prisma Access Agent 24.x / 25.x / 26.x < 26.2.1 Multiple Vulnerabilities

The version of Palo Alto Networks Prisma Access Agent installed on the remote host is 24.x, 25.x, or 26.x prior to 26.2.1. It is, therefore, affected by multiple vulnerabilities: - Multiple information disclosure vulnerabilities allow a local user to access sensitive configuration data and...

EUVD-2026-10833

The register protection of the PowerVR GPU is incorrectly configured. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-20429

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535...

PT-2026-22670

In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permission check. This could lead to local information disclosure where the extent of interaction and...

Microsoft Excel Information Disclosure Vulnerability

Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally...

CVE-2026-20821

Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally...

CVE-2023-40639

In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...

Apple macOS Tahoe 安全漏洞

Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a privilege issue vulnerability that stems from the system having insufficient security...

CVE-2025-36889

In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Google Pixel 安全漏洞

Google Pixel is a smartphone from Google, an American company. Google Pixel suffers from a security vulnerability that stems from improper validation of AreFencesRegistered inputs in gxpfencemanager.cc, which could lead to the disclosure of local information...

PT-2025-50703

In ProtocolPsUnthrottleApn of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation...

EUVD-2025-202209

Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally...

CVE-2025-48608

In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2025-49581

In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-412662901

In ProcessArea of dngmiscopcodes.cpp, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36083 Multiple Vulnerabilities in IBM Concert Software.

IBM Concert Software 1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release...

Microsoft Failover Cluster Virtual Driver Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally...