CVE-2026-10068

CVE-2026-10068 affects Shibby Tomato 1.28. The vulnerability lies in the SUBSCRIBE Call Handler’s miniupnpd component, specifically the send function in usr/sbin/miniupnpd, enabling server-side request forgery. The issue can be triggered remotely and is documented as affecting products superseded...

Shibby Tomato 安全漏洞

Shibby Tomato is a third-party router firmware developed by Shibby’s individual developers. Version 1.28 of Shibby Tomato contains a security vulnerability. This vulnerability stems from the send function in the us/sbin/miniupnpd file within the SUBSCRIBE Call Handler component, which involves...

CVE-2026-4957

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handletoolcall of the file XAgent/functionhandler.py of the component API Key Handler. This manipulation of the argument apikey causes sensitive information in log files. The attack may be initiate...

EUVD-2026-16658

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handletoolcall of the file XAgent/functionhandler.py of the component API Key Handler. This manipulation of the argument apikey causes sensitive information in log files. The attack may be initiate...

CVE-2026-4957

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handletoolcall of the file XAgent/functionhandler.py of the component API Key Handler. This manipulation of the argument apikey causes sensitive information in log files. The attack may be initiate...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992777)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992777 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: fix oops in concurrently setting insnemulation sysctls emulationprochandler changes...

EUVD-2022-42720

Malicious code in bioql PyPI...

Android malware FakeCall intercepts your calls to the bank

An Android banking Trojan called FakeCall is capable of hijacking the phone calls you make to your bank. Instead of reaching your bank, your call will be redirected to the cybercriminals. The Trojan accomplishes this by installing itself as the default call handler on the infected device. The...

SUSE CVE-2012-2655

PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service server crash by adding the 1 SECURITY DEFINER or 2 SET attributes to a procedural language's call handler...

CVE-2022-42269

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components...

Input validation

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components...

CVE-2022-42269

CVE-2022-42269 affects NVIDIA Trusted OS via an SMC call handler where untrusted input is not validated, allowing a highly privileged local attacker to disclose information and compromise integrity. The issue is documented across multiple sources, with NVIDIA’s security bulletin indicating affect...

CVE-2022-42269

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components...

CVE-2022-3333

A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible ...

Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely

WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 CVSS score: 9.8, a critical integer overflow vulnerability in WhatsApp that results in the...

CVE-2022-3333

CVE-2022-3333 affects Zephyr Project Manager up to 3.2.4. The issue resides in the REST Call Handler’s file /v1/tasks/create/, where manipulation of the onanimationstart argument enables cross-site scripting. The vulnerability can be triggered remotely, implying network-accessible exploitation. A...

PT-2022-21772 · Unknown · Zephyr Project Manager

Name of the Vulnerable Software and Affected Versions: Zephyr Project Manager versions up to 3.2.4 Description: A problematic issue was found in the REST Call Handler component, affecting an unknown function of the file /v1/tasks/create/. The manipulation of the onanimationstart argument leads to...

PT-2022-3191 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to the Advanced Local Procedure Call ALPC handler in Microsoft Windows operating systems, which is associated with inadequate access control. This can allow a...

Qualcomm 封闭源组件安全漏洞

A security vulnerability exists in a Qualcomm closed source component that stems from insufficient checks in the system call handler...

Google Android Qualcomm component buffer overflow vulnerability (CNVD-2017-25682)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA in the U.S. Qualcomm is one of the Qualcomm components used in Qualcomm devices. A buffer overflow vulnerability exists in the 1x call handler of the Qualcomm component in Android...