Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click

Impact Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. When a user connects to a malicious SSH server, the attacker can print a crafted URI in the terminal output. If the victim clicks the link,...

Ubuntu: Security Advisory (USN-8153-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Neo4j Enterprise Edition 安全漏洞

Neo4j Enterprise Edition is a graph database developed by the American company Neo4j. Versions prior to 2026.02 and 5.26.22 contained security vulnerabilities. These vulnerabilities were caused by errors in namespace resolution within composite databases, which could potentially allow...

CVE-2026-20984

Improper handling of insufficient permission in Galaxy Wearable installed on non-Samsung Device prior to version 2.2.68 allows local attackers to access sensitive information...

CVE-2025-67399

An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller Wi-Fi and BLE module on the device is open to access...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001721)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001721 advisory. An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpftailcall function with a key larger than the maxentries of...

CVE-2025-21076

CVE-2025-21076 affects Samsung Account prior to version 15.5.00.18. The issue is caused by improper handling of permissions/privileges, enabling a local attacker to access data within Samsung Account with user interaction required to trigger. Documented impact in multiple sources confirms local a...

SAMSUNG Account 安全漏洞

SAMSUNG Account is an account management software from Samsung South Korea. A security vulnerability exists in SAMSUNG Account versions prior to 15.5.00.18, which stems from improper handling of permissions and could allow a local attacker to access Samsung Account data...

PT-2025-45076

Name of the Vulnerable Software and Affected Versions Samsung Account versions prior to 15.5.00.18 Description Improper handling of insufficient permissions or privileges in Samsung Account allows local attackers to access data within the application. User interaction is required to trigger this...

CVE-2025-21050

CVE-2025-21050 affects Samsung Mobile devices in the Contacts component prior to SMR Oct-2025 Release 1. The root cause is improper input validation, enabling a local attacker to access data across multiple user profiles. Impact is confidentiality-focused (high), with local, low-complexity access...

EUVD-2025-33682

Improper access control in SecSettings prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414539)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414539 advisory. A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that functio...

EUVD-2023-35099

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-0558

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is...

Linux Distros Unpatched Vulnerability : CVE-2016-6720

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before...

Linux Distros Unpatched Vulnerability : CVE-2016-6753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in Android before 2016-11-0...

Linux Distros Unpatched Vulnerability : CVE-2017-0425

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is...

CVE-2025-32317

In App Widget, there is a possible Information Disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21478

Improper input validation vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data...

CVE-2025-20996

Improper authorization in Smart Switch installed on non-Samsung Device prior to version 3.7.64.10 allows local attackers to read data with the privilege of Smart Switch. User interaction is required for triggering this vulnerability...