CVE-2026-0110

In MMDATAIND of cnNrSmMsgHdlrFromMM.cpp, there is a possible EoP due to memory corruption. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Google Pixel 安全漏洞

The Google Pixel is a smartphone produced by Google Inc. The Google Pixel has a security vulnerability, which stems from memory corruption in the MMDATAIND component of cnNrSmMsgHdlrFromMM.cpp. This vulnerability may lead to remote privilege escalation...

UBUNTU-CVE-2025-71139

In the Linux kernel, the following vulnerability has been resolved: kernel/kexec: fix IMA when allocation happens in CMA area Bug description When I tested kexec with the latest kernel, I ran into the following warning: 40.712410 ------------ cut here ------------ 40.712576 WARNING: CPU: 2 PID:...

Malicious code in superb_hedgehog_blue-67 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 760a571948803bafdf742b5f3d2150efa5cb504b777b2ac559aa1fce89f725a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2023-24218

Malicious code in bioql PyPI...

CVE-2025-53507

Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under Product Status...

CVE-2025-53508

CVE-2025-53508 affects iND Co.,Ltd embedded devices including HL330-DLS (MC7700/MC7330 variants), HL320-DLS, LM-100, LM-200 (AMP570/EC25-J variants), L2X Assist, L2X Assist-RS-A/E, F2L Assist-SS-A/E. Root cause is OS command injection allowing an arbitrary OS command to be executed, potentially l...

CVE-2025-53508

Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under Product Status...

iND多款产品 操作系统命令注入漏洞

The iND HL330-DLS and iND LM-100 are both embedded hardware terminals from Japan-based iND Corporation. Operating system command injection vulnerability exists in several iND products. The vulnerability stems from OS command injection, which may result in executing arbitrary commands or obtaining...

CVE-2023-20039

A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the...

CVE-2023-20036

A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input validation when uploading a Device Pack. An...

CVE-2023-20039

A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the...

CVE-2023-20036

A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input validation when uploading a Device Pack. An...

EUVD-2023-24215

A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input validation when uploading a Device Pack. An...

Realtek RTL8762E BLE SDK 安全漏洞

The Realtek RTL8762E BLE SDK is a low-power Bluetooth 5 solution from China-based Realtek Semiconductor Realtek. A security vulnerability exists in the Realtek RTL8762E BLE SDK version v1.4.0, which originates from an attacker being able to trigger a denial of service DoS by providing a carefully...

DEBIAN-CVE-2024-50006

In the Linux kernel, the following vulnerability has been resolved: ext4: fix idatasem unlock order in ext4indmigrate Fuzzing reports a possible deadlock in jbd2logwaitcommit. This issue is triggered when an EXT4IOCMIGRATE ioctl is set to require synchronous updates because the file descriptor is...

CVE-2024-6444

No proper validation of the length of user input in olcpindhandler in zephyr/subsys/bluetooth/services/ots/otsclient.c...

PT-2024-21853 · Samsung · Exynos 1330 +8

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor Exynos versions Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930 Description: An issue was discovered in the function slsi rx blockack ind, where there ...

CVE-2024-34463

BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. The packet data also lacks authentication and integrity protection...

ind-art.nl Improper Access Control vulnerability OBB-3922229

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...