CVE-2026-49189

Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations...

CVE-2026-49189

CVE-2026-49189 involves unchecked public access permissions on a core Broadcast Receiver, enabling unauthorized local software components to invoke administrative operations. The available documents identify the vulnerable component as a Broadcast Receiver and describe the root cause as permissio...

GHSA-QG8R-F7X3-25F7 imageproc: Out-of-bounds read via NaN coordinates in bilinear/bicubic sampling

A bounds check was performed in floating points before a cast to the index passed to an unchecked access function. This checked considered NaN cases improperly, causing them to succeed the check instead of failing it. The floating point coordinate is under caller control by passing a selected...

RUSTSEC-2026-0123 Out-of-bounds read in `bytes_helper` public safe functions

The byteshelper module contains multiple public functions intoarr4, intoarr2, u8fromlebytes that use slice.getuncheckedpos..pos + N without verifying that pos + N = slice.len. These are public safe API functions, allowing any caller to trigger undefined behavior by passing invalid positions. For...

Fragile bounds check when sampling from image

A bounds check was performed in floating points before a cast to the index passed to an unchecked access function. This checked considered NaN cases improperly, causing them to succeed the check instead of failing it. The floating point coordinate is under caller control by passing a selected...

EUVD-2020-29840

Malware in sbrugna...

Arbitrary File Upload

Overview alexstack/laravel-cms is a Simple Bootstrap Laravel CMS Affected versions of this package are vulnerable to Arbitrary File Upload due to unchecked access to the downloadFile function in index in LaravelCmsFileAdminController.php. Remediation There is no fixed version for...

Doctor’s Appointment System 安全漏洞

Doctor's Appointment System is a doctor's appointment system by Hashen Udara, an individual developer. A security vulnerability exists in Doctor's Appointment System version 1.0, which stems from an incorrect access control in its edoc/patient/settings.php that results in an interrupted access...

rust: memory safety violation in Zip implementation for nested iter::Zips

In the standard library in Rust before 1.51.0, the Zip implementation calls iteratorgetunchecked for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait...

rust: memory safety violation in Zip implementation for nested iter::Zips

In the standard library in Rust before 1.51.0, the Zip implementation calls iteratorgetunchecked for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait...

DEBIAN-CVE-2021-28878

In the standard library in Rust before 1.52.0, the Zip implementation calls iteratorgetunchecked more than once for the same index under certain conditions when nextback and next are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the...

PT-2021-17972 · Rust +6 · Rust +6

Name of the Vulnerable Software and Affected Versions: Rust versions prior to 1.52.0 Description: The issue is related to a panic safety problem in the Zip implementation of the Rust standard library. It occurs when the underlying iterator panics under certain conditions, causing iterator get...

jboss-as-server: Unchecked access to MSC Service Registry under JSM

In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container MSC service registry without any permission checks. This could allow malicious deployments to modify the internal state of the...

jboss-as-server: Unchecked access to MSC Service Registry under JSM

In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container MSC service registry without any permission checks. This could allow malicious deployments to modify the internal state of the...

Design/Logic Flaw

WebAPP before 0.9.9.5 does not check access in certain contexts related to 1 Calendar Administration, 2 Instant Messages Administration, and 3 the Image Uploader, which has unknown impact and attack vectors...