CVE-2026-0870

MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launching external applications with improper privileges, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges...

CVE-2026-0870 GIGABYTE｜MacroHub - Local Privilege Escalation

MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launching external applications with improper privileges, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges...

PT-2026-7072

MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launching external applications with improper privileges, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges...

CVE-2026-20985

Samsung Members app (versions before 5.6.00.11) contains an input validation flaw that allows remote attackers to connect arbitrary URLs and launch arbitrary activities with Samsung Members privileges. Trigger requires user interaction. Impact is elevated privileges within the Samsung Members con...

CVE-2025-22432

In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48572

In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2025-201776

In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48572

In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48572

In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-22432

In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-21079

Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability...

MCPTotal Launches to Power Secure Enterprise MCP Workflows

New York, USA, New York, 15th October 2025, CyberNewsWire...

EUVD-2010-2008

Malware in sbrugna...

CVE-2025-22437

In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2025-35634

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: A logic error in the code within setMediaButtonReceiver of multiple files may allow launching arbitrary activities from the background. This could lead to loc...

CVE-2023-21256

In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

PT-2025-12830

Name of the Vulnerable Software and Affected Versions NASA cFS Core Flight System Aquila affected versions not specified Description The issue allows the onboard software to be put into a state that prevents the launch of any external application, resulting in a platform denial of service...

CVE-2024-11700

Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox 133 and Thunderbird 133...

UBUNTU-CVE-2024-11700

Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox 133 and Thunderbird 133...

CVE-2024-2315

APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability...