EUVD-2026-33807

In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-25351

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded...

PT-2026-28739

The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication 'get current active user' without any privilege checks e.g., 'is superuser'...

PT-2026-22117

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.80.1 Description Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

PT-2025-48418

Name of the Vulnerable Software and Affected Versions nr modem affected versions not specified Description A flaw exists in nr modem where improper input validation can cause a system crash, potentially leading to a remote denial of service. No additional execution privileges are required for...

EUVD-2024-54915

Malicious code in bioql PyPI...

CVE-2025-0076

In multiple locations, there is a possible way to view icons belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Astra Linux - уязвимость в net-tools

net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities like ifconfig from the net-tools package do not properly validate the structure of /proc files when...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a no-privilege checksum vulnerability in the window management module...

CVE-2023-21031

In setPowerMode of HWC2.cpp, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242688355...

DEBIAN-CVE-2023-0461

There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIGTLS or CONFIGXFRMESPINTCP has to be configured, but the operation does not require any privilege. There is a...

SUSE CVE-2019-14847

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue...

PT-2022-9135 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue arises from the method PVRSRVBridgeTLDiscoverStreams, which allocates a buffer on the heap and fills it via TLServerDiscoverStreamsKM. If TLServerDiscoverStreamsKM fails due t...

DEBIAN-CVE-2019-14847

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue...

UBUNTU-CVE-2019-14847

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue...

WAGO IO PLC 758-870 / 750-849 Credential Management / Privilege Separation

WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilities Background According to WAGO’s Web site, WAGO is an international company based in Germany. They operate production facilities in Germany, Switzerland, Poland, China, and India. WAGO maintains offices worldwide. According to WAGO, its products...