67 matches found
CVE-2026-21033
Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...
CVE-2026-21032
Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...
CVE-2026-21033
Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...
CVE-2026-21033
Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...
CVE-2026-21033
The CVE-2026-21033 entry concerns Samsung Assistant, specifically the ExpressHomeWidgetReceiver component. The flaw is described as an improper export of Android application components that, in versions prior to 9.3.14, can allow a local attacker to execute arbitrary scripts. The available docume...
CVE-2026-21033
Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...
CVE-2026-21032
Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...
CVE-2026-21032
Samsung Assistant’s SmartHomeWidgetReceiver component is vulnerable due to improper export of Android components prior to version 9.3.14. The issue allows a local attacker to execute arbitrary scripts. Affected software: Samsung Assistant, SmartHomeWidgetReceiver. Underlying cause: improper compo...
CVE-2026-21032
Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...
CVE-2026-21032
Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...
SAMSUNG Assistant 安全漏洞
SAMSUNG Assistant is a device assistance component developed by South Korea’s Samsung Corporation. Versions of SAMSUNG Assistant prior to 9.3.14 contained security vulnerabilities. These vulnerabilities stemmed from improper export of the ExpressHomeWidgetReceiver component, which could allow loc...
PT-2026-46923
Name of the Vulnerable Software and Affected Versions Samsung Assistant versions prior to 9.3.14 Description Improper export of Android application components in the ExpressHomeWidgetReceiver allows a local attacker to execute arbitrary script. Recommendations Update to version 9.3.14 or later...
PT-2026-46922
Name of the Vulnerable Software and Affected Versions Samsung Assistant versions prior to 9.3.14 Description Improper export of android application components in the SmartHomeWidgetReceiver allows a local attacker to execute arbitrary scripts via intent redirection. Intent redirection occurs when...
CVE-2026-41360
OpenClaw
CVE-2026-32979 OpenClaw < 2026.3.11 - Unbound Interpreter and Runtime Commands Bypass in node-host Approval
OpenClaw before 2026.3.11 contains an approval integrity vulnerability allowing attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can change approved local scripts before execution to achieve...
CVE-2026-32901
Rejected reason: This CVE ID has been rejected...
CVE-2026-32901
...
PT-2026-27235
OpenClaw before 2026.3.2 contains a semantic drift vulnerability in node system.run approval hardening that rewrites wrapper command argv, allowing execution of unintended local scripts. Attackers who can influence wrapper argv and place malicious files in the approved working directory can execu...
Arbitrary Argument Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Argument Injection via the system.run process. An attacker can execute unintended local scripts by manipulating the wrapper arguments and placing a malicious file in the approve...
CVE-2026-20976
Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script...