CVE-2024-31328

In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed...

CVE-2024-31328

In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed...

CVE-2025-48635

In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-50195

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30...

CVE-2025-50195

CVE-2025-50195 affects the Chamilo learning management system. A vulnerability in the file /plugin/vchamilo/views/manage.controller.php allows an OS Command Injection on Chamilo installations running versions prior to 1.11.30 . The issue has been addressed in Chamilo release 1.11.30 (patch/commit...

CVE-2025-50195 Chamilo: OS Command Injection in /plugin/vchamilo/views/manage.controller.php

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30...

CVE-2025-50195 Chamilo: OS Command Injection in /plugin/vchamilo/views/manage.controller.php

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30...

EUVD-2025-208164

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30...

CVE-2025-50195 Chamilo: OS Command Injection in /plugin/vchamilo/views/manage.controller.php

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30...

Cisco AppDynamics Controller Path Traversal Vulnerability (cisco-sa-appd-traversal-m7N8mZpF)

According to its self-reported version, Cisco AppDynamics is affected by a vulnerability. - A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerabili...

📄 Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control / Lockout

The Honeywell IQ4 Trend IQ4 exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System User level 100 context, granting read/write privileges to any party able to...

CVE-2026-28408

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionartipodocsatendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like...

GHSA-9H8M-3FM2-QJRQ vulnerabilities

Vulnerabilities for packages: rke2-runtime, cluster-api-provider-vsphere, volsync, cloudbeat-fips, gogatekeeper, velero-plugin-for-gcp-fips, envoy-gateway-fips, cert-manager-webhook-pdns-fips, jobset, traefik-fips, kyverno-policy-reporter-plugins-kyverno-fips, cosign,...

net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts

...

CVE-2026-3286

A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save of the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java of the component Image Save Endpoint. Such manipulation of the...

CVE-2026-3269

A flaw has been found in psi-probe PSI Probe up to 5.3.0. The impacted element is the function handleRequestInternal of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/ExpireSessionsController.java of the component Session Handler. Executing a manipulation can lead to denial o...

openSUSE 16 Security Update : openQA, os-autoinst, openQA-devel-container (openSUSE-SU-2026:20261-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20261-1 advisory. Changes in openQA: - Update to version 5.1771422749.560a3b26: fixmcp: set navbar check expression to read-only feat: support inverted result filters in...

rubyipmi is vulnerable to OS Command Injection through malicious usernames

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote...

GHSA-HFCP-477W-3WJW rubyipmi is vulnerable to OS Command Injection through malicious usernames

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote...

CVE-2026-0980

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote...