PT-2026-24156

The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms. Access to this data, combined with user?initiated interaction, may allow modifications to occur without validation. Such changes coul...

CVE-2026-20429

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535...

PT-2026-22670

In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permission check. This could lead to local information disclosure where the extent of interaction and...

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by the American company Google. Google Android has security vulnerabilities, and these vulnerabilities stem from lack of permission checks, which may lead to the leakage of local information...

MediaTek Chipsets 安全漏洞

MediaTek Chipsets are a series of chips developed by MediaTek Corporation in China. The MediaTek Chipsets contain security vulnerabilities; these vulnerabilities stem from the lack of boundary checks, leading to out-of-bound reads and potentially exposing local information...

Cisco Catalyst SD-WAN Manager < 20.18 Multiple Vulnerabilities (cisco-sa-sdwan-authbp-qwCX8D4v)

According to its self-reported version, Cisco Catalyst SD-WAN Manager is affected by multiple vulnerabilities: - A vulnerability could allow an unauthenticated, remote attacker to bypass authentication mechanisms and gain unauthorized access to the system. CVE-2026-20129 - A vulnerability could...

CVE-2026-27189 OpenSift: Race-prone local persistence could cause state corruption/loss

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state...

OpenSift 安全漏洞

OpenSift is an open-source artificial intelligence learning assistant developed by OpenSift. Versions of OpenSift 1.1.2-alpha and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of non-atomic and insufficiently synchronized local JSON persistence processes,...

Microsoft Excel Information Disclosure Vulnerability

Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally...

CVE-2026-20984

Improper handling of insufficient permission in Galaxy Wearable installed on non-Samsung Device prior to version 2.2.68 allows local attackers to access sensitive information...

SUSE CVE-2026-24056

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...

CVE-2026-24056

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...

CVE-2026-24056

CVE-2026-24056 affects pnpm prior to 10.28.2: when installing file: or git: dependencies, symlinks are followed and their target contents read outside the package root, enabling possible leakage of local data (e.g., credentials) into node_modules. Root cause: store/cafs/src/addFilesFromDir.ts use...

EUVD-2026-4658

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...

CVE-2026-24056

pnpm is a package manager. Prior to version 10.28.2, when pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd,...

pnpm has symlink traversal in file:/git dependencies

Summary When pnpm installs a file: directory or git: dependency, it follows symlinks and reads their target contents without constraining them to the package root. A malicious package containing a symlink to an absolute path e.g., /etc/passwd, /.ssh/idrsa causes pnpm to copy that file's contents...

PT-2026-4827

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.28.2 Description pnpm, a package manager, is affected by an issue where installing a file: or git: dependency allows it to follow symlinks and read their target contents without restricting them to the package root. A...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003563)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003563 advisory. System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from...

CVE-2025-67399

An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller Wi-Fi and BLE module on the device is open to access...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001721)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001721 advisory. An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpftailcall function with a key larger than the maxentries of...