CVE-2026-20452

The CVE-2026-20452 entry concerns memory corruption in the wlan AP driver caused by a heap buffer overflow. Impact is remote (proximal/adjacent) code execution with HIGH confidentiality, integrity, and availability impact, exploitable with adjacent network access, low privileges, and no user inte...

CVE-2026-20452

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295...

EUVD-2026-33541

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295...

PackageKit: race condition vulnerability leads to arbitrary package installation as root

A flaw was found in PackageKit. A time-of-check time-of-use TOCTOU race condition on transaction flags allows unprivileged users to install packages as root, resulting in a local privilege escalation...

CVE-2026-10215

Dolibarr ERP CRM up to version 23.0.1 is affected by CVE-2026-10215 in the Leave Request REST API component, specifically the file htdocs/holiday/class/api_holidays.class.php, function checkUserAccessToObject. The issue allows improper authorization, potentially enabling remote exploitation. Publ...

EUVD-2026-33526

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...

CVE-2026-10208 code-projects Online Hospital Management System login_1.php login_user sql injection

A flaw has been found in code-projects Online Hospital Management System 1.php. This impacts the function loginuser of the file login1.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...

CVE-2026-10208

The CVE-2026-10208 entry concerns code-projects Online Hospital Management System 1.php, specifically the login_user function in login_1.php. A flaw allows manipulation of the Username argument to trigger a remote SQL injection, enabling an attacker to compromise authentication. The exploit has b...

CVE-2026-10204

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...

Google Android security vulnerabilities

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from a logical error in the code of the btajvrfcommconnect method in btajvact.cc. This vulnerability may allow for bypassing security checks,...

PT-2026-45591

In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45603

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A logic error in the onNullBinding function of HostEmulationManager.java allows an activity to be launched from the background. This issue could result in a loca...

PT-2026-45596

Name of the Vulnerable Software and Affected Versions Android Framework affected versions not specified Description An issue exists in the Android Framework component due to improper access control and an over-privileged shell user. This allows for the execution of code within the launcher proces...

PT-2026-45569

In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45585

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-463980379

In pnginitreadtransformations of pngrtran.c, there is a possible way to cause a persistent denial of service due to a heap buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

PUB-A-420435325

In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

SkillGuard: A Permission Framework for Agent Skills

Agent skills extend LLM agents with reusable instructions, scripts, tool bindings, and contextual dependencies. However, current skill ecosystems largely rely on trust-based loading and static inspection, leaving a gap between what a skill can inject into an agent's context and what it can cause...

ASB-A-405392600

In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PUB-A-491016892

In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...