8 matches found
PT-2026-4690
In multiple locations, there is a possible way to reset user-selected permissions selections due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-4701
Name of the Vulnerable Software and Affected Versions versions prior to 2026-0021 Description A cross-user permission bypass exists due to a confused deputy condition in the hasInteractAcrossUsersFullPermission function within the AppInfoBase.java file. This could allow for local escalation of...
PT-2026-4706
Look at the security patch preview section of https://t.co/ySklSke3uy. These are from the upcoming patch levels: Critical: CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044 High: CVE-2025-22424, CVE-2025-22426, CVE-2025-32348, CVE-2025-48561, CVE-2025-48615,...
PT-2026-4697
In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
PT-2026-4698
In onChange of BiometricService.java, there is a possible way to enable fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-4702
Look at the security patch preview section of https://t.co/ySklSke3uy. These are from the upcoming patch levels: Critical: CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044 High: CVE-2025-22424, CVE-2025-22426, CVE-2025-32348, CVE-2025-48561, CVE-2025-48615,...
PT-2025-43503
Name of the Vulnerable Software and Affected Versions SkiaRenderEngine affected versions not specified Description A flaw exists in the drawLayersInternal function within SkiaRenderEngine.cpp that may allow access to the GPU cache, potentially revealing side channel information. This could lead t...
CVE-2025-10254
Affected software: Ascensio System SIA OnlyOffice up to 12.7.0. Vulnerable component: SVG Image Handler processing of /Products/Projects/Messages.aspx. Root cause: unknown processing leads to cross-site scripting. Impact: cross-site scripting with remote initiation potential; exploit publicly ava...