51 matches found
CVE-2026-50207
The CVE-2026-50207 issue involves the system Binder boundary that accepts unverified pass-through AT commands, enabling local applications to read baseband files or disable cellular connectivity. The vulnerability is described as local, with impact to confidentiality, integrity, and availability ...
CVE-2026-50207 Local Modem Manipulation via Binder Interfaces
The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...
PT-2026-46159
The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity...
CVE-2026-0634
Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection...
CVE-2026-33335
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from window.open calls directly to shell.openExternal without any validation or protocol allowlisting. An attacker who can place ...
CVE-2026-33335 Vikunja Desktop allows arbitrary local application invocation via unvalidated shell.openExternal
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from window.open calls directly to shell.openExternal without any validation or protocol allowlisting. An attacker who can place ...
CVE-2026-33335
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from window.open calls directly to shell.openExternal without any validation or protocol allowlisting. An attacker who can place ...
PT-2026-27443
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from window.open calls directly to shell.openExternal without any validation or protocol allowlisting. An attacker who can place ...
EUVD-2006-6090
Malware in sbrugna...
EUVD-2010-4419
Malware in sbrugna...
EUVD-2023-57420
Malicious code in bioql PyPI...
CVE-2023-5080
A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands...
The vulnerability of the software for optimizing performance of cloud and local applications in Intel Granulate, related to deficiencies in access control, allows attackers to enhance their privileges.
The vulnerability of the software for optimizing performance of cloud and local applications in Intel Granulate is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
GHSA-48CQ-79QQ-6F7X Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files
Impact This CVE covers the ability of 3rd party websites to access routes and upload files to users running Gradio applications locally. For example, the malicious owners of www.dontvisitme.com could put a script on their website that uploads a large file to http://localhost:7860/upload and anyon...
Motorola Time Weather Widget 安全漏洞
Motorola Time Weather Widget is a mobile weather forecasting application from Motorola, Inc. A security vulnerability exists in Motorola Time Weather Widget, which stems from an implicit intent vulnerability that could allow a local application to gain unauthorized access to the device's location...
com.factory.mmigroup 安全漏洞
SAMSUNG com.factory.mmigroup is a component of Samsung South Korea. A security vulnerability exists in com.factory.mmigroup, which originates from third-party software that contains a security vulnerability that allows local third-party applications to perform various operations. The following...
CVE-2023-5081
An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier...
Privilege escalation
A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands...
PT-2024-1559 · Lenovo · Lenovo Tablet
Name of the Vulnerable Software and Affected Versions: Lenovo tablet products affected versions not specified Description: A privilege escalation issue is present in some Lenovo tablet products, related to insecure privilege management. This could allow a local application to access device...
SUSE CVE-2006-6107
Unspecified vulnerability in the matchruleequal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service lost process messages...