CVE-2026-0148

The connected sources confirm a concrete issue in VideoRtpPayloadDecoderNode.cpp: an integer overflow can cause an out-of-bounds write, enabling remote code execution without extra privileges or user interaction. Affected component is VideoRtpPayloadDecoderNode.cpp (multiple functions). The CVE e...

CVE-2026-0147

CVE-2026-0147 affects the mfc_core_nal_q_get_dec_metadata_sei_nal function in mfc_core_nal_q.c. The issue is an out-of-bounds write caused by a missing bounds check, which the documents state could enable remote code execution with no extra privileges and no user interaction. The vulnerability is...

CVE-2026-0147

In mfccorenalqgetdecmetadataseinal of mfccorenalq.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0146

In mfccoregetdecmetadataseinal of mfccoreregapi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0146

CVE-2026-0146 affects the Exynos MFC component referenced in Pixel security bulletins. The issue is a possible out-of-bounds write in mfc_core_get_dec_metadata_sei_nal (within mfc_core_reg_api.c) caused by a missing bounds check, which could allow remote code execution with no privileges and no u...

CVE-2026-0139

CVE-2026-0139 affects the Modem with an out-of-bounds write caused by a missing bounds check, enabling remote code execution without privileges or user interaction. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) yields a base score of 8.8 (HIGH). The Android Pixel bulletin and related ...

CVE-2026-0139

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0135

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0135

CVE-2026-0135 affects the Modem component, where a missing bounds check can enable an out-of-bounds read. This can lead to remote code execution with no additional privileges required and no user interaction. Several connected sources (NVD, EUVD-ENISA, CVE listings, OSV and PT-Security entries) c...

CVE-2026-0132

In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0132

CVE-2026-0132 concerns the Modem component. The connected documents describe a vulnerability where an out-of-bounds write occurs due to a heap buffer overflow, enabling remote code execution with no additional privileges and no user interaction required. The CVSS metrics indicate network attack v...

CVE-2026-0126

In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-10748

Nexus Repository 3 is affected by CVE-2026-10748: an authenticated user with nx-licensing-create can upload a crafted license file to trigger remote code execution as the Nexus process user. Vulnerable in versions before 3.92.0. Remediation: upgrade to 3.92.0 or later according to Sonatype releas...

CVE-2024-24909

Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulnerability to escalate privileges. The malicious user may gain the ability to run arbitrary code...

Malicious code in chai-as-tokenized (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55c10da182a0c79ca5eb0f85c6b2e334b7ee4e90946dfcc34feb44e80afa4485 Package name impersonates chai-as-promised, and the README is a copy of pino's documentation, but the actual code is a remote-code-execution dropper...

MAL-2026-5902 Malicious code in chai-as-tokenized (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55c10da182a0c79ca5eb0f85c6b2e334b7ee4e90946dfcc34feb44e80afa4485 Package name impersonates chai-as-promised, and the README is a copy of pino's documentation, but the actual code is a remote-code-execution dropper...

CVE-2026-44932

Wicked (openSUSE/SUSE Linux) is affected by CVE-2026-44932 through an indirect remote shell command injection via unsanitized DHCP options. The root cause is unsanitized DHCP strings being handled by the wicked DHCP client, with leaseinfo dump output and certain option processing allowing code ex...

CVE-2026-44932 indirect remote shell command injection via unsanitized DHCP options in wicked

Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine...

EUVD-2024-55622

Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulnerability to escalate privileges. The malicious user may gain the ability to run arbitrary code...

CVE-2024-24909

The CVE affects Dell OpenManage Integration with Microsoft Windows Admin Center, specifically the gateway plugin, which contains a Remote Code Execution vulnerability. A remote authenticated user could potentially escalate privileges and run arbitrary code remotely, with a CVSS v3.1 base score of...