9080 matches found
CVE-2026-57270
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
EUVD-2026-41232
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
EUVD-2026-40011
A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...
CVE-2026-13514
A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...
CVE-2026-13514 Chess Play and Learn App com.chess AndroidManifest.xml backup
A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Avoid buffer overflow attacks in the smusyssetpptable function. If a malicious user provides a smaller pptable through sysfs, followed by a larger one, it may lead to a buffer overflow attack in the smusyssetpptable...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: media: av7110: prevent underflow in writetstodecoder The value of buf4 comes from the user via tsplay. This value is within the u8 range. The final length that we pass to av7110ipackinstantrepack is “len – buf4 + 1 – 4”. Therefor...
Astra Linux – Vulnerability in wpa, pupnp-1.8
The Open Connectivity Foundation’s UPnP specification prior to April 17, 2020, does not prohibit the acceptance of a subscription request with a delivery URL located in a different network segment than the fully qualified event-subscription URL. This is known as the “CallStranger” issue...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: PNP: The memory leak caused by the name of devices being allocated dynamically has been fixed in pnpallocdev. After the commit 1fa5ae857bb1 “Driver core: get rid of struct device’s busid string array”, the name of devices is now...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fixed a memory leak in nfcmrvlplaydeferred. Similar to the handling of playdeferred in commit 19cfe912c37b “Bluetooth: btusb: Fixed a memory leak in playdeferred”, we thought a patch might be necessary here as well...
New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds
Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla , that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together, they give an operator near-total control of an infected phone: it lifts lock-screen PINs, reads and sends...
Android 17 Security Release NotesStay organized with collectionsSave and categorize content based on your preferences.
This Android Security Release Notes contains details of security vulnerabilities affecting Android devices which are addressed as part of Android 17. Android 17 devices with a security patch level of 2026-07-01 or later are protected against these issues Android 17, as released on AOSP, will have...
CVE-2026-42846
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly...
CVE-2026-42846 ClipBucket: Remote Play URL Command Injection
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly...
CVE-2026-42846 ClipBucket: Remote Play URL Command Injection
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly...
CVE-2026-42846
CVE-2026-42846 affects ClipBucket v5 prior to 5.5.3 (pre-release #140) where the Remote Play feature concatenates a user-provided URL into shell commands without escaping. This allows an authenticated user to trigger arbitrary command execution via shell metacharacters in the URL. The issue has b...
EUVD-2026-36367
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly...
Malicious Package
Overview @vtmn-play/react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
PT-2026-48790
Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.3 Description The Remote Play feature in ClipBucket v5 allows authenticated users to import external URLs as video sources. The application concatenates these URLs directly into shell commands without proper...
CVE-2026-45635
Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...