138 matches found
Shark vacuum flaw exposes cameras, home maps and Wi-Fi passwords
Shark’s cloud-connected robot vacuums are currently exposed by an unpatched AWS Amazon Web Services IoT Internet of Things policy flaw that could turn one compromised device into a remote-control skeleton key for many others in the same region, with access to cameras, maps, and Wi‑Fi passwords. A...
CVE-2026-54568
CVE-2026-54568 affects Microsoft UFO (open‑source framework). From 3.0.0 through 3.0.6, a client connected as a DEVICE to the UFO WebSocket server could call DEVICE_INFO_REQUEST with another device’s target_id and receive that device’s server‑side system_info due to missing constellat ion/ object...
CVE-2026-54568 Microsoft UFO: Missing Authorization in DEVICE_INFO_REQUEST Allows a DEVICE Client to Read Another Device's system_info
Microsoft UFO open-source framework for intelligent automation across devices and platforms. From 3.0.0 until 3.0.6, a client connected to the UFO WebSocket server as a DEVICE could call DEVICEINFOREQUEST with another device's targetid and receive that device's server-side systeminfo through...
[SECURITY] Fedora 44 Update: nextcloud-33.0.6-1.fc44
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
[SECURITY] Fedora 43 Update: nextcloud-33.0.5-1.fc43
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
CVE-2026-46538
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...
(Pwn2Own) Microsoft Edge Origin Validation Error Security Bypass Vulnerability
This vulnerability allows remote attackers to access restricted functionality on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2026-46538
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...
EUVD-2026-32677
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...
CVE-2026-46538
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...
CVE-2026-46538 Microsoft UFO accepts cross-device TASK_END messages by session_id only, allowing peer task-result injection
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...
CVE-2026-46538 Microsoft UFO accepts cross-device TASK_END messages by session_id only, allowing peer task-result injection
Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...
UFO³ 安全漏洞
UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains a security vulnerability. This vulnerability stems from variable instance fields being overwritten in the shared WebSocket processor instances, whi...
UFO³ 数据伪造问题漏洞
UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Version UFO³ 3.0.1-4-ge2626659 contains a data manipulation vulnerability. This vulnerability arises from the fact that task responses are tracked using only the sessionid without verifyi...
PT-2026-44121
Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description The constellation client in this open-source framework for intelligent automation tracks pending task responses using only the session id and fails to verify if a TASK END message originated...
[SECURITY] Fedora 42 Update: nextcloud-33.0.3-1.fc42
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs
Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool RAT and a previous undocumented plugin dubbed Pheno with the aim of facilitating credential theft. "According to the functionalities of the CloudZ RAT and Pheno plugin, this was...
CVE-2026-35364
A flaw was found in the mv utility of uutils coreutils. A local attacker with write access to a destination directory can exploit a Time-of-Check to Time-of-Use TOCTOU race condition during cross-device file operations. This allows the attacker to replace the intended destination with a symbolic...
CVE-2026-35354
A flaw was found in the mv utility of uutils coreutils. A local attacker with write access to a directory can exploit a Time-of-Check to Time-of-Use TOCTOU vulnerability during cross-device moves. This race condition allows the attacker to swap files between system calls, leading to the destinati...
OpenClaw: Paired-device pairing actions were not limited to the caller device
Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact A paired device session with limited pairing scope could enumerate global pairing state and act on pairing requests that belonged to another device within the same gateway scope...