High-severity Qualcomm bug hits Android devices in targeted attacks

Google has patched 129 vulnerabilities in Android in its March 2026 Android Security Bulletin, including a Qualcomm display flaw that is known to be actively exploited. You can check your device’s Android version, security update level, and Google Play system update in Settings. You should get a...

CVE-2026-20427

In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5537...

CVE-2025-20779

In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184084; Issue ID: MSV-4720...

CVE-2025-20774

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796...

The vulnerability in the cursor display implementation of Mozilla Firefox, Firefox ESR, and the Thunderbird email client allows a hacker to obtain arbitrary permissions on a website without user consent.

The vulnerability in the cursor display implementation of Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to an incorrect limitation on the number of layers or frames that can be displayed. Exploiting this vulnerability allows a malicious actor to obtain arbitrary...

SUSE CVE-2013-1699

The Internationalized Domain Name IDN display algorithm in Mozilla Firefox before 22.0 does not properly handle the .com, .name, and .net top-level domains, which allows remote attackers to spoof the address bar via unspecified homograph characters...

CVE-2022-28421

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=posts&action=display&value=1&postid=...

CVE-2022-0751

Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands...

CVE-2022-0112

Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL...

The vulnerability of Blink’s web page display mechanism in Google Chrome browser allows attackers to access confidential information or cause service failures.

The vulnerability of Blink’s web page rendering mechanism in Google Chrome browsers is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information or cause service failures...

Access Control Bypass

seamonkey is vulnerable to access control bypass. Several flaws were found in the display of malformed web content. A web page containing specially-crafted content could, potentially, trick a SeaMonkey user into surrendering sensitive information...

CloudBees Jenkins S3 Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version release/testing projects and some timed tasks . S3 Plugin is used in one of the...

Design/Logic Flaw

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Files Widget" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device...