15 matches found
CVE-2026-40839
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40839 Authenticated SQLi in getComponentScalings function
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40839
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-40839
The CVE-2026-40839 entry describes a SQL Injection in the getComponentScalings function. An unauthenticated/low-privileged remote attacker can leverage improper neutralization of input in a SQL SELECT, potentially leading to total confidentiality loss. The vulnerability is noted with CVSS 3.1 bas...
EUVD-2026-32138
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
PT-2026-43605
An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2025-48615
In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48615
In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48615
Technical details (affected product/version, root cause, exploitability, impact, patch) for CVE-2025-48615 are not publicly provided in the supplied documents. The CVE is referenced in patch previews but no specifics are available here.
PT-2025-43493
Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A flaw exists in the Framework component of Android operating systems due to insufficient input validation. Exploitation of this issue may allow an attacker to escalate privileges...
EUVD-2025-26892
Malicious code in bioql PyPI...
CVE-2025-26439
In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...
PT-2025-36090
Name of the Vulnerable Software and Affected Versions: AccessibilitySettingsUtils.java affected versions not specified Description: A logic error in the getComponentName function within AccessibilitySettingsUtils.java may allow a malicious Talkback service to be enabled instead of the system...
The vulnerability in the implementation of the get_component_fields method of the comments module in the Netcat CMS system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the getcomponentfields method in the comments module of the Netcat CMS system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information from...
DEBIAN-CVE-2012-4024
Stack-based buffer overflow in the getcomponent function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file aka a crafted file for the -ef option. NOTE: probably in most cases, the list file is a trusted file...