CVE-2026-21374 Buffer Over-read in Camera

Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation...

CVE-2026-21374

CVE-2026-21374 describes memory corruption in the camera path due to insufficient buffer size validation when processing auxiliary sensor input/output control commands. The CVE is characterized as a buffer over-read in the camera subsystem, with a CVSSv3.1 base score of 7.8 (HIGH) and a Local att...

PT-2026-30647

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver...

PT-2026-30644

Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. There is a security vulnerability in Qualcomm Chipsets, which stems from the lack of size verification when accessing the output buffer during the IOCTL processing of the camera sensor driver. This...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. There is a security vulnerability in Qualcomm Chipsets, which stems from the lack of size verification when accessing the output buffer during the IOCTL processing of the camera sensor driver. This...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. There are security vulnerabilities in Qualcomm Chipsets, which stem from insufficient buffer size validation when processing commands for auxiliary sensor input/output control, potentially leading t...

[SECURITY] Fedora 43 Update: domoticz-2026.1-1.fc43

Domoticz is a Home Automation System that lets you monitor and configure vari ous devices like: Lights, Switches, various sensors/meters like Temperature, Rain, Wind, UV, Electra, Gas, Water and much more. Notifications/Alerts can be sent to any mobile device...

Cross-Site Scripting

Home Assistant is vulnerable to Cross Site Scripting. The vulnerability is due to the lack of output escaping or sanitization in the History-graph card, where an attacker can inject arbitrary tags that execute JavaScript by changing the name of a sensor to a malicious value...

Linux Distros Unpatched Vulnerability : CVE-2026-23323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: hwmon: macsmc Fix regressions in Apple Silicon SMC hwmon driver The recently added...

EUVD-2026-16775

Home Assistant has stored XSS in history-graphs...

CVE-2026-33045

Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable cross-site scripting, simila...

CVE-2026-33045

Home Assistant CVE-2026-33045 is a stored XSS vulnerability in the Energy dashboard triggered by an energy entity name. Affected versions are 2025.02 through 2026.00.x (prior to 2026.01); it is fixed in 2026.01. The issue arises when entity names containing HTML are rendered in graph tooltips, en...

CVE-2026-33045 Home Assistant has stored XSS in history-graphs

Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable cross-site scripting, simila...

CVE-2026-33045 Home Assistant has stored XSS in history-graphs

Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable cross-site scripting, simila...

PT-2026-28467

Name of the Vulnerable Software and Affected Versions Home Assistant versions 2025.02 through 2026.01 Description The "remaining charge time" sensor for mobile phones imported from Android Auto in Home Assistant is susceptible to cross-site scripting XSS. This issue is similar to CVE-2025-62172...

Home Assistant 跨站脚本漏洞

Home Assistant is an open-source family automation management system developed by Home Assistant. This system is primarily used to control household automation devices. In versions of Home Assistant from 2025.02 to 2026.01, there was a cross-site scripting vulnerability. This vulnerability...

CVE-2026-32843

Location Aware Sensor System by Linkit ONE, up to commit f06bd20 2023-04-26, contains a reflected cross-site scripting vulnerability in the PM25.php file that allows remote attackers to execute arbitrary JavaScript by injecting malicious code into GET parameters. Attackers can craft a malicious U...

SUSE CVE-2026-23323

In the Linux kernel, the following vulnerability has been resolved: hwmon: macsmc Fix regressions in Apple Silicon SMC hwmon driver The recently added macsmc-hwmon driver contained several critical bugs in its sensor population logic and float conversion routines. Specifically: - The voltage sens...

EUVD-2026-15276

In the Linux kernel, the following vulnerability has been resolved: hwmon: macsmc Fix regressions in Apple Silicon SMC hwmon driver The recently added macsmc-hwmon driver contained several critical bugs in its sensor population logic and float conversion routines. Specifically: - The voltage sens...