CVE-2026-0146

In mfccoregetdecmetadataseinal of mfccoreregapi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0146

CVE-2026-0146 affects the Exynos MFC component referenced in Pixel security bulletins. The issue is a possible out-of-bounds write in mfc_core_get_dec_metadata_sei_nal (within mfc_core_reg_api.c) caused by a missing bounds check, which could allow remote code execution with no privileges and no u...

CVE-2026-0139

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0139

CVE-2026-0139 affects the Modem with an out-of-bounds write caused by a missing bounds check, enabling remote code execution without privileges or user interaction. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) yields a base score of 8.8 (HIGH). The Android Pixel bulletin and related ...

CVE-2026-0135

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0135

CVE-2026-0135 affects the Modem component, where a missing bounds check can enable an out-of-bounds read. This can lead to remote code execution with no additional privileges required and no user interaction. Several connected sources (NVD, EUVD-ENISA, CVE listings, OSV and PT-Security entries) c...

CVE-2026-0132

In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0132

CVE-2026-0132 concerns the Modem component. The connected documents describe a vulnerability where an out-of-bounds write occurs due to a heap buffer overflow, enabling remote code execution with no additional privileges and no user interaction required. The CVSS metrics indicate network attack v...

CVE-2026-0126

In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers

A flaw was found in the Linux kernel's Bluetooth subsystem. This vulnerability, a Use-After-Free UAF, exists within the Secure Simple Pairing SSP passkey handlers. It occurs when hciconn lookup and field access are performed without proper locking, allowing a connection to be freed concurrently...

CVE-2026-53858 OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment Variable

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATEDIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATEDIRECTORY variable to load runtime dependencies from unintended local paths, potentially...

CVE-2026-53858

OpenClaw (pre-2026.5.2) is affected by CVE-2026-53858: an environment variable injection flaw where the workspace .env STATE_DIRECTORY can influence bundled runtime dependency roots. An attacker can manipulate STATE_DIRECTORY to load runtime dependencies from unintended local paths, potentially e...

CVE-2026-53842

OpenClaw prior to 2026.5.2 is affected by an environment variable injection in CLOUDSDK_PYTHON that can influence Python runtime selection during Gmail setup gcloud execution. Attackers with repository access can set CLOUDSDK_PYTHON to point to unintended local Python paths, potentially enabling ...

CVE-2026-48775

LangGraph SQLite Checkpoint (JsonPlusSerializer) is vulnerable in 4.1.0 and earlier due to unsafe deserialization of JSON checkpoint payloads. If an unauthorized party can modify checkpoint bytes at rest in the backing store, the deserialization path could reconstruct objects beyond what the appl...

MINI-V3WW-V4Q4-PP94

Bulletin has no description...

CVE-2026-10748

Nexus Repository 3 is affected by CVE-2026-10748: an authenticated user with nx-licensing-create can upload a crafted license file to trigger remote code execution as the Nexus process user. Vulnerable in versions before 3.92.0. Remediation: upgrade to 3.92.0 or later according to Sonatype releas...

MINI-X3FV-F728-V28V

Bulletin has no description...

MINI-79GR-XRQF-9XXC

Bulletin has no description...

CGA-97CQ-3228-HPCQ

Bulletin has no description...

CGA-3J3W-43WH-4C9Q

Bulletin has no description...