PT-2026-45443

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...

PT-2026-45460

Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensitive Data. This issue affects Activity Logs, User Activity Tracking, Multisite Activity Log from...

PUB-A-481287452

In RtcpByePacket::decodeByePacket, there is a possible due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

ASB-A-493235107

In TBD of TBD, there is a possible TBD due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

PUB-A-449725960

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

PUB-A-494629585

In Write of msgtohostbuffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45593

In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Google Android security vulnerabilities

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from the getCallingPackageName function in Shared.java code. This function contains obfuscation, potentially allowing bypass of activity laun...

SourceCodester Water Billing Management System SQL Injection Vulnerability

The SourceCodester Water Billing Management System is an open-source water billing management system developed by SourceCodester. Version 1.0 of the SourceCodester Water Billing Management System contains a SQL injection vulnerability. This vulnerability stems from incorrect parameter handling in...

PT-2026-45538

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended th...

SOPlanning code-related vulnerabilities

SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier had code vulnerabilities. These vulnerabilities stemmed from an unvalidated validation of file extensions during upload. This allowed authenticated attackers to uploa...

Google Android security vulnerabilities

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android. These vulnerabilities stem from the misleading or insufficient UI provided by the getApplicationLabel function in KeyChainActivity.java, which may lead...

PT-2026-45578

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A heap buffer overflow exists in multiple functions within sdp discovery.cc. This flaw allows for remote code execution in proximal or adjacent network environments without requiring addition...

PT-2026-45256

In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6786...

Google Android security vulnerabilities

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from integer overflows in multiple functions within ubsanthrowingruntime.cpp. This vulnerability could lead to remote denial of service...

PT-2026-45254

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295...

WordPress plugin: Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity – Security Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. WordPress plugins are additional applications that can b...

PT-2026-45617

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information includi...

PT-2026-45347

A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage user of the component User Management Module. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the...

PT-2026-45576

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...