Android Is Fighting Phone Scams With a New Feature to Prove Who’s Calling

Available for Android 12 and later, the anti-scam feature is baked into Google Dialer, which sends a silent “confirmation signal” to ensure whoever’s calling you is who they appear to be...

CVE-2026-22069

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface...

EUVD-2026-30825

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface...

CVE-2026-22069

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface...

CVE-2026-22069 O+ Connect Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface...

CVE-2026-22069 O+ Connect Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface...

PT-2026-41813

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface...

ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data

Summary The generic webhook channel trusts caller-supplied identity fields sender, chatid from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled authtoken: None, an attacker who can reach POST /webhook can spoo...

EUVD-2026-11667

ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data...

StudioCMS: IDOR — Admin-to-Owner Account Takeover via Password Reset Link Generation

Summary The POST /studiocmsapi/dashboard/create-reset-link endpoint allows any authenticated user with admin privileges to generate a password reset token for any other user, including the owner account. The handler verifies that the caller is an admin but does not enforce role hierarchy, nor doe...

Incorrect Permission Assignment for Critical Resource

Overview neutron is an OpenStack project to provide “network connectivity as a service” between interface devices e.g., vNICs managed by other OpenStack services e.g., nova. It implements the Neutron API. Affected versions of this package are vulnerable to Incorrect Permission Assignment for...

Who - Caller ID, Spam Block 安全漏洞

Who - Caller ID, Spam Block is a globally recognized excellent caller identification and spam call blocking application from RD Labs LLC, USA. A security vulnerability exists in Who - Caller ID, Spam Block version 15.0 that stems from storing sensitive information in the system log...

Cryptbond Network Authorization Issues Vulnerability

Cryptbond Network CBN is a cryptocurrency. A security vulnerability exists in the 'ToOwner' function in CBN's smart contract implementation, which stems from the fact that the function does not check the identity of the caller. An attacker could use the vulnerability to modify the owner of the...

DDQ Authorization Issues Vulnerability

DDQ is a cryptocurrency.A security vulnerability exists in the 'owned' function of DDQ's smart contract implementation, which stems from the fact that the function does not check the identity of the caller. An attacker could use the vulnerability to modify the owner of a smart contract...

BOMBBA Override Vulnerability

BOMBBA BOMB is a cryptocurrency. BOMBBA BOMB has an override vulnerability in the 'quaker' function in its smart contract implementation, which stems from the function's failure to check the identity of the caller. An attacker could use the vulnerability to modify the owner of the smart contract...

Cryptbond Network Override Vulnerability

Cryptbond Network CBN is a cryptocurrency. An override vulnerability exists in the 'ToOwner' function in the smart contract implementation of Cryptbond Network CBN, which stems from the fact that the function does not check the identity of the caller. An attacker could use the vulnerability to...

CVE-2018-19834

The quaker function of a smart contract implementation for BOMBBA BOMB, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity...

Information Disclosure

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

DEBIAN-CVE-2017-8422

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app...

JBoss: CallerIdentityLoginModule retaining password from previous call if a null password is provided

The CallerIdentityLoginModule in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's...