EUVD-2026-29907

Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity...

PT-2026-5352

Name of the Vulnerable Software and Affected Versions versions prior to 2026-0010 Description An issue exists in the onTransact function within IDrmManagerService.cpp that may lead to a local escalation of privilege. This is due to a missing bounds check, potentially resulting in an out-of-bounds...

PT-2026-5350

Name of the Vulnerable Software and Affected Versions versions prior to 2026-0007 Description A flaw exists in the writeToParcel function within WindowInfo.cpp that could allow an attacker to trick a user into granting permissions through a tapjacking or overlay attack. This could result in local...

PT-2026-5351

Name of the Vulnerable Software and Affected Versions Versions affected versions not specified Description A privilege escalation issue exists due to a confused deputy condition. Successful exploitation could lead to local privilege escalation without requiring additional execution privileges or...

CVE-2025-58480

Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

PT-2025-48597

Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-61663

A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the normal command is not properly unregistered when the module is unloaded. An attacker who can execute this comman...

EUVD-2025-33684

Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs...

CVE-2025-21014

Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information...

CVE-2022-39855

Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices...

CVE-2025-20909

Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information...

*ring* is unmaintained

The author has announced an indefinite hiatus in its development, noting that any reported security vulnerabilities may go unaddressed for prolonged periods of time. Update: security maintenance only After this advisory was published, the author graciously agreed to give access to the rustls team...

PT-2025-7652 · Ring · Ring

Name of the Vulnerable Software and Affected Versions: ring affected versions not specified Description: The development of the ring software has been put on indefinite hiatus, which may result in reported security issues going unaddressed for extended periods. However, the rustls team has agreed...

PT-2024-26032 · Unknown · Knoxdualdarpolicy

Name of the Vulnerable Software and Affected Versions: KnoxDualDARPolicy versions prior to SMR Aug-2024 Release 1 Description: The issue is related to the improper handling of insufficient permission, allowing local attackers to access sensitive data. This could potentially lead to unauthorized...

CVE-2024-34594

Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address...

CLSA-2024-1718192341 Update of alt-php

Bump epoch Disable ESM notification after installation: - remove ESM hook for apt-system - remove ESM infra/apps repositories from apt sources list Automatically mark some pytest to skip if FIPS kernel is running in a disabled state they always fail in this mode...

PT-2024-18711 · Google +1 · Android 11 +3

Name of the Vulnerable Software and Affected Versions: MyFiles versions prior to SMR Jan-2024 Release 1 in Android 11 and Android 12 MyFiles version 14.5.00.21 in Android 13 Description: A path traversal vulnerability in the ZipCompressor of MyFiles allows local attackers to write arbitrary files...

Qognify NiceVision

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : Qognify Equipment : NiceVision Vulnerability : Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve sensitive...

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung. A security vulnerability exists in SAMSUNG Mobile devices SMR Aug-2023 Release 1 version, which stems from an improper privilege management vulnerability in...

PT-2023-22898 · Libsimba · Libsimba

Name of the Vulnerable Software and Affected Versions: libsimba library versions prior to SMR Aug-2023 Release 1 Description: The issue is an out-of-bounds write vulnerability in the parser hvcC function of the libsimba library. This vulnerability allows code execution by remote attackers...