PT-2026-4693

In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-4705

Name of the Vulnerable Software and Affected Versions versions prior to 2026-0025 Description A permissions bypass exists in the hasImage function of Notification.java, potentially allowing information disclosure across users. This could lead to local escalation of privilege without requiring...

PT-2026-4707

Name of the Vulnerable Software and Affected Versions ManagedServices affected versions not specified Description An issue exists in the setPackageOrComponentEnabled function of ManagedServices.java related to improper input validation. This can result in a notification policy desync, potentially...

PT-2026-4715

In multiple functions of ubsan throwing runtime.cpp, there is a possible way to cause the system to crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-10254

A vulnerability was found in Ascensio System SIA OnlyOffice up to 12.7.0. This issue affects some unknown processing of the file /Products/Projects/Messages.aspx of the component SVG Image Handler. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The...