8752 matches found
CVE-2026-15029
The CVE-2026-15029 entry covers an Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager. The vulnerability permits a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests...
EUVD-2026-44589
Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protection...
CVE-2026-9492 GIGABYTE|Gigabyte Control Center - Improper Access Control
The MBStorage DRAM lighting control module within Gigabyte Control Center GCC developed by GIGABYTE Technology has an Improper Access Control vulnerability. Authenticated local attackers can send specific IOCTL commands through the driver MyPortIOx64.sys bundled with the module, thereby arbitrari...
PT-2026-57623
Name of the Vulnerable Software and Affected Versions Gigabyte Control Center affected versions not specified Description The MBStorage DRAM lighting control module within Gigabyte Control Center GCC contains an improper access control issue. Authenticated local attackers can send specific IOCTL...
CVE-2026-10663
In Zephyr's experimental USB host stack CONFIGUSBHOSTSTACK, usbhdevicedisconnect subsys/usb/host/usbhdevice.c freed the root usbdevice slab object without clearing the cached pointer ctx-root. The bus removal handler devremovedhandler subsys/usb/host/usbhcore.c decides what to tear down solely fr...
CVE-2026-10663
The vulnerability CVE-2026-10663 affects Zephyr’s experimental USB host stack (CONFIG_USB_HOST_STACK). freed root usb_device slab in usbh_device_disconnect() leaves ctx->root dangling; bus removal handler dev_removed_handler() uses ctx->root to decide teardown. Synthesis of DEV_REMOVED even...
CVE-2026-10663 Use-after-free / double-free of the root USB device in the experimental USB host stack
In Zephyr's experimental USB host stack CONFIGUSBHOSTSTACK, usbhdevicedisconnect subsys/usb/host/usbhdevice.c freed the root usbdevice slab object without clearing the cached pointer ctx-root. The bus removal handler devremovedhandler subsys/usb/host/usbhcore.c decides what to tear down solely fr...
CVE-2026-10663 Use-after-free / double-free of the root USB device in the experimental USB host stack
In Zephyr's experimental USB host stack CONFIGUSBHOSTSTACK, usbhdevicedisconnect subsys/usb/host/usbhdevice.c freed the root usbdevice slab object without clearing the cached pointer ctx-root. The bus removal handler devremovedhandler subsys/usb/host/usbhcore.c decides what to tear down solely fr...
CVE-2026-7639
CVE-2026-7639 describes a vulnerability where software running as a non-privileged user can trigger a sequence of improper GPU system calls that cause use-after-free in the driver, enabling unprivileged access to memory from shader code. The failure path in MMU mapping can prevent complete cleanu...
CVE-2026-34196 GPU DDK - UAF read and/or write of arbitrary physical memory due to integer truncation in PMRDevPhysAddrOSMem
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an integer overflow and map two GPU virtual addresses to the same physical address. One of these virutal mappings can be freed along with the physical page, allowing for a read/write UAF via the...
CVE-2026-34196
CVE-2026-34196 concerns GPU-driver code: when non-privileged software makes improper GPU system calls, an integer overflow can cause two GPU virtual addresses to map to the same physical page. After freeing the first mapping and the physical page, the second mapping can be used to read/write to m...
EUVD-2026-43032
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an integer overflow and map two GPU virtual addresses to the same physical address. One of these virutal mappings can be freed along with the physical page, allowing for a read/write UAF via the...
Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched
Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card's password to anything the attacker picks. No old password. No backup card. Once it is reset, whoever did it controls the wallet and...
CVE-2026-36028
A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset...
PT-2026-56535
Name of the Vulnerable Software and Affected Versions Code 27 Companion Hub affected versions not specified Description A protection mechanism failure allows an attacker with physical access to completely bypass kiosk restrictions by performing a factory reset. Recommendations At the moment, ther...
CVE-2026-36028
A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset...
CVE-2026-36028
Technical details are not publicly available in the provided documents. Monitor for updates as no specific affected components, versions, or remediation are disclosed here.
CVE-2026-58583
FluxInk formerly Sunia SPB Peripheral Color Management Driver TcnPeripheral64.sys 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows...
EUVD-2026-42094
FluxInk formerly Sunia SPB Peripheral Color Management Driver TcnPeripheral64.sys 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \Device\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows...
CVE-2026-58583
CVE-2026-58583 affects FluxInk Color Management Driver (TcnPeripheral64.sys) 1.0.7.2, enabling local privilege escalation for a standard user via arbitrary physical memory mapping at \Device\PhysicalMemory. Root cause: memory mapping vulnerability in the driver. Impact: potential elevation of pri...