CVE-2026-0070

In multiple functions of DevicePolicyManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0070

In multiple functions of DevicePolicyManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0070

CVE-2026-0070 affects Android’s DevicePolicyManagerService.java, where improper input validation can enable hiding a system critical package, causing a local denial of service without extra privileges. The available documents consistently describe the issue as a local DoS through the described co...

CVE-2026-0070

In multiple functions of DevicePolicyManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45583

Name of the Vulnerable Software and Affected Versions Android Framework affected versions not specified Description Improper input validation in multiple functions of DevicePolicyManagerService.java allows a system critical package to be hidden. This can result in a local denial of service withou...

ASB-A-438186009

In multiple functions of DevicePolicyManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

Malicious code in @design-system-coopeuch/web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a871445c3913d747a2f1383bcfdac02d6dec26ddb2053260340284cf4ee02233 Package @design-system-coopeuch/[email protected] is a dependency-confusion squat of an internal-looking scope, published at an inflated 999.x version to...

ASB-A-454062218

In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-22873

A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in "../", an attacker may be able t...

Photon OS 4.0: Alsa PHSA-2026-4.0-0958

An update of the alsa package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0958. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2022-42041

The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0...

CVE-2025-48538

In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitatio...

CVE-2025-48538

In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitatio...

CVE-2025-48538

In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitatio...

Malicious code in @hishprorg/special-system (npm)

The package @hishprorg/special-system was found to contain malicious code...

MAL-2025-8059 Malicious code in @hishprorg/special-system (npm)

The package @hishprorg/special-system was found to contain malicious code...

MAL-2025-7121 Malicious code in @bmw-ds/components (npm)

The package @bmw-ds/components was found to contain malicious code...

MAL-2025-3991 Malicious code in fanotify (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bad587097321dd0862dbb332c1103171c68338080d4f4a935afd9ed80f56ba3f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Linux Distros Unpatched Vulnerability : CVE-2022-49406

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: block: Fix potential deadlock in blkiarangesysfsshow When being read, a sysfs attribute is...

MAL-2025-2115 Malicious code in mahesh.testpackage (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5da4352c00899514a295b12922e7fb0db7bfe4d6a4ae270d951903a7962d3901 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...