CVE-2025-26452

CVE-2025-26452 affects Android Framework via the ResourcesImpl.java: loadDrawableForCookie path, where a confused deputy may allow an app’s task snapshots to be accessed, enabling local elevation of privilege without extra execution privileges or user interaction. Public sources (Android bulletin...

CVE-2025-26452

In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26428

In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2025-26428

In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2024-13073

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Akinsoft TaskPano allows Cross-Site Scripting XSS. This issue affects TaskPano: s1.06.04...

fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats

...

An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.

...

sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers

...

PT-2025-36022

Name of the Vulnerable Software and Affected Versions: ResourcesImpl.java affected versions not specified Description: The loadDrawableForCookie function in ResourcesImpl.java may allow access to task snapshots of other applications due to a confused deputy condition. This could lead to local...

vhost_task: Handle SIGKILL by flushing work and exiting

...

drm/amdgpu: change vm->task_info handling

...

ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING"

...

scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue

...

CVE-2025-8700

Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context...

CVE-2025-8597

MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context despite...

Linux Distros Unpatched Vulnerability : CVE-2017-16907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. CVE-2017-16907 Note that Nessus relies on the presence of t...

WordPress Task Manager plugin <= 3.0.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Task Manager versions = 3.0.2...

MAL-2025-41464 Malicious code in @twork-data-services/aggregator-sme-task-info (npm)

--- -= Per source details. Do not edit below this line.=-...

PromptSleuth: Detecting Prompt Injection Via Semantic Intent Invariance

Large Language Models LLMs are increasingly integrated into real-world applications, from virtual assistants to autonomous agents. However, their flexibility also introduces new attack vectors-particularly Prompt Injection PI, where adversaries manipulate model behavior through crafted inputs. As...

Scammers Steal $1 Million in Crypto Using Fake Delta and AMC Sites

Cybersecurity firm Netcraft has discovered a new task scam cluster that has stolen over $1 million in crypto.…...