CVE-2026-0138

In lwis_io_buffer_write (lwis_io_buffer.c), there is a vulnerability causing an out-of-bounds write due to memory corruption. This can lead to local escalation of privilege with System execution privileges required, and exploitation does not require user interaction. The CVE is referenced in the ...

CVE-2026-0137

In edgetpusyncfencegroupshutdown of edgetpu-dmabuf.c, there is a possible elevation of privilege due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0136

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0135

The CVE-2026-0135 entry concerns a flaw in Modem where a missing bounds check enables an out-of-bounds read, leading to remote code execution with no extra privileges and no user interaction required. Both the CVE record and the OSV PUB-A-449725960 entry corroborate the same description. Document...

CVE-2026-0135

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0131

The provided connected documents confirm a vulnerability in the RtpPacket::decodePacket path, described as an out-of-bounds access caused by an integer overflow. The impact stated is local escalation of privilege with no additional execution privileges required, and exploitation requires user int...

CVE-2026-0131

In RtpPacket::decodePacket, there is a possible out of bounds access due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2026-0130

In RtcpChunk::decodeRtcpChunk, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2026-0130

In CVE-2026-0130, a heap-based out-of-bounds read in RtcpChunk::decodeRtcpChunk could enable remote information disclosure with no additional execution privileges. Exploitation is stated as requiring user interaction. The connected OSV entry and CVE list carry the same description. No product/ven...

CVE-2026-0129

In RtcpByePacket::decodeByePacket, there is a possible due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2026-0129

CVE-2026-0129 concerns a missing bounds check in RtcpByePacket::decodeByePacket, enabling potential remote information disclosure with user interaction. The connected documents reiterate the flaw but do not specify affected products, versions, root cause details beyond the function name, exploita...

CVE-2026-0128

CVE-2026-0128 concerns an out-of-bounds read in the function RtcpFbPacket::decodeRtcpFbPacket caused by an integer overflow. The issue could allow remote information disclosure with no additional execution privileges, and requires user interaction to exploit. Connected documents reiterate this de...

CVE-2026-0126

In WC-Radio, a missing bounds check enables an out-of-bounds write, potentially allowing remote code execution without extra privileges or user interaction. This is supported by the CVE entry and OSV detail; no vendor/version specifics or remediation are provided in the supplied documents.

CVE-2026-0126

In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0125

The connected documents report a race-condition–induced use-after-free in multiple functions of vpu_ioctl.c, leading to local privilege escalation without requiring user interaction. The CVE-2026-0125 entry itself notes this default impact, but the provided sources do not specify affected product...

CVE-2026-0125

In multiple functions of vpuioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-47963

The CVE-2026-47963 entry concerns DNG SDK versions 1.7.1 2536 and earlier, which are affected by an out-of-bounds read (CWE-125). The vulnerability can disclose sensitive memory and requires user interaction: a victim must open a malicious file. This is the explicit impact and attack condition de...

CVE-2026-47964

Affected software : DNG SDK (version 1.7.1 2536 and earlier). Vulnerability : Heap-based buffer overflow (CWE-122) in the DNG SDK, potentially allowing arbitrary code execution in the context of the current user. Impact : Arbitrary code execution with high impact (confidentiality/ integrity/ avai...

CVE-2026-6045

A flaw was found in LibreOffice. A heap buffer overflow exists when importing EMF+ graphics, which may be embedded in documents. An attacker could exploit this by convincing a user to open a specially crafted document. This could lead to denial of service or memory corruption, potentially allowin...

Ivanti Connect Secure - XXE

Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. id: CVE-2024-22024 info: name: Ivanti Connect Secure - XXE author: watchTowr severity: high description: | Ivanti Connect Secure is vulnerable to XXE XML External Entity injection. impact: | Successful exploitation of this...