CVE-2026-22225

A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2 and Archer AXE75 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

CVE-2026-22225 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 and AXE75 v1.0

A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2 and Archer AXE75 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

EUVD-2024-54959

Malicious code in bioql PyPI...

CVE-2024-40653

In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

CVE-2024-40653

In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

CVE-2024-40653

In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in Google Android that stems from a logic error in ConnectionServiceWrapper.java that could lead to local elevation of privilege...

The vulnerability of the SetDefaultConnectionService() function in microprogrammed routing software such as Linksys WRT1900ACS, EA7200, EA7450, and EA7500 allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the SetDefaultConnectionService function in microprogrammed routing software such as Linksys WRT1900ACS, EA7200, EA7450, and EA7500 is related to the operation of writing data outside of the buffer in memory when processing the NewDefaultConnectionService parameter...

SUSE-SU-2025:20339-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_2

This update for kernel-livepatch-MICRO-6-0-RTUpdate2 fixes the following issues: - CVE-2024-53042: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow bsc1233678 - CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847 - CVE-2024-50115: KVM:...

The vulnerability of the SetDefaultConnectionService() function in Netgear WNR854T router software allows a hacker to induce a service failure.

The vulnerability of the SetDefaultConnectionService function in Netgear WNR854T router microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failure...

libsoup: infinite loop while reading websocket data

A flaw was found in Libsoup. The soupwebsocketconnectionread function uses a loop that reads incoming WebSocket data via the glib library. This issue makes it possible to cause the loop to run indefinitely by sending a continuous stream of data to it. The effect will prevent the DCV service from...

CVE-2024-40656

In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by an obfuscated agent in handleCreateConferenceComplete of ConnectionServiceWrapper.java. An attacker can exploit this vulnerability to obtain...

PT-2024-28970 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to the handleCreateConferenceComplete function in ConnectionServiceWrapper.java, where a confused deputy could lead to revealing...

ASB-A-246933359

In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

CVE-2020-26823

SAP Solution Manager JAVA stack, version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service...

CVE-2020-26823

SAP Solution Manager JAVA stack, version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service...

BlackBerry Enterprise Server 4.0/4.1 MDS Connection Service Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34573/info BlackBerry Enterprise Server MDS Connection Service is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input. An attacker may leverage this issue to execute...

BlackBerry Enterprise Server vulnerable to malicious image file

BlackBerry Enterprise Server vulnerable to malicious image file There are remotely and easily exploitable vulnerabilities in the BlackBerry Enterprise Server that could allow an attacker to gain access to the server by simply sending a malicious image file to a user's BlackBerry device. The...

Severe Remote Flaw Fixed in BlackBerry Enterprise Server

There are remotely and easily exploitable vulnerabilities in the BlackBerry Enterprise Server that could allow an attacker to gain access to the server by simply sending a malicious image file to a user’s BlackBerry device. The vulnerabilities are in several version of BES for Exchange, Lotus...