CVE-2026-24089

CVE-2026-24089 describes memory corruption that occurs when processing fastboot commands with invalid input. The NVD entry lists a CVSS v3.1 base score of 7.2 (HIGH) with physical attack vector, low attack complexity, no user interaction, requiring high privileges, and a changed scope. The impact...

CVE-2026-24088

Technical details are not publicly available in the provided documents for CVE-2026-24088. Monitor for updates.

CVE-2026-24087

Technical details (affected products/versions, root cause, exploitability, fixes) are not publicly available in the provided documents; monitor for updates.

CVE-2026-24085

Technical details about CVE-2026-24085 are not publicly available in the provided documents; the memory corruption description is noted but no affected products, affected versions, root cause specifics, or fixes are disclosed. Monitor for updates.

CVE-2025-59614

Technical details for CVE-2025-59614 are not publicly available in the provided documents. Monitor for updates from NVD and Qualcomm security bulletins.

CVE-2025-59613

CVE-2025-59613 describes a memory corruption condition that occurs when an output buffer is smaller than the input buffer during a data copy. The CVSSv3.1 base score is 6.7 (Medium), with LOCAL attack vector, LOW attack complexity, and HIGH privileges required. It also indicates HIGH impact on co...

CVE-2025-59612

CVE-2025-59612 describes memory corruption in Windows drivers triggered by sending an incorrect trusted-application request. The issue is detailed in the initial description and corroborated by NVD entries, with CVSSv3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H indicating local exploitability with hig...

CVE-2025-59611

Technical details about CVE-2025-59611 are not publicly available in the provided documents. Monitor for updates on affected products, versions, impact, and remediation.

CVE-2025-59610

CVE-2025-59610 represents a memory corruption vulnerability that occurs when processing IOCTL requests with mismatched API versions, caused by concurrent modification of a user-space buffer. The CVSS 3.1 vector (L/H/C/I/A) indicates a Local, High complexity, High privileges required, no user inte...

CVE-2025-59609

The CVE-2025-59609 issue is a disclosure vulnerability affecting how advertisement frames are processed when MBSSID elements are malformed or too short. The root cause is in the processing path that handles MBSSID elements, which may allow information exposure. The CVSS 3.1 vector indicates netwo...

CVE-2025-59606

The CVE-2025-59606 entry describes a memory corruption flaw triggered by writing to invalid memory locations caused by heap exhaustion during secure data initialization. The CVSS 3.1 vector indicates a local, low-privilege, no-user-interaction exposure with high impact to confidentiality, integri...

CVE-2025-59605

Technical details are not publicly available in the provided documents. No information on affected products, root cause, impact, or fixes is included. Monitor for updates and request vendor clarification when new data becomes available.

CVE-2025-59604

CVE-2025-59604 is described as memory corruption during a memory copy operation caused by invalid writes from a null pointer. The connected documents do not specify affected product/vendor/component/version or concrete remediation details. The CVSS 3.1 metrics indicate high impact to confidential...

CVE-2025-59601

CVE-2025-59601 concerns devices with a Powerline interface where resetting to factory default exposes device configuration. The vulnerability enables Information Disclosure via the reset path, with an Adjacent attack vector, Low attack complexity, and no privileges required, resulting in High Con...

CVE-2026-24782

Kiteworks users are affected by multiple SQL injection flaws in Secure Data Forms prior to version 9.3.0. An authenticated attacker with the FormBuilder role can retrieve information on or modify other users’ form definitions and some global configuration parameters. The fix is to upgrade to Kite...

CVE-2026-10296

CVE-2026-10296 affects itsourcecode Fees Management System 1.0. The vulnerability concerns the /ajax.php file, where manipulation of the Username argument can lead to SQL injection. The attack can be performed remotely, and a publicly disclosed exploit exists. No remediation or patch details are ...

CVE-2026-24761

The CVE-2026-24761 entry concerns Kiteworks Secure Data Forms prior to version 9.3.0, where an Insecure Direct Object Reference (IDOR) allows an authenticated user to access metadata of resources belonging to other users due to insufficient ownership checks. Affected product is Kiteworks Secure D...

CVE-2026-24756

Kiteworks CVE-2026-24756 affects the Kiteworks Secure Data Forms component. Before version 9.3.0, an Insecure Direct Object Reference (IDOR) allows an authenticated user to modify resources owned by other users due to insufficient authorization checks on ownership. A patch is available in version...

CVE-2026-24755

Kiteworks Secure Data Forms (prior to v9.3.0) contains an Insecure Direct Object Reference (IDOR) vulnerability that allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource ownership. A patch is available in Kit...

CVE-2026-24754

CVE-2026-24754 affects Kiteworks, where a stored XSS vulnerability exists in Secure Data Forms prior to version 9.3.0. An authenticated attacker could execute arbitrary JavaScript in other users’ sessions. The issue is mitigated by upgrading to Kiteworks version 9.3.0 or later, which provides a p...

CVE-2026-24753

Kiteworks (PDN) prior to 9.3.0 is affected by an Insecure Direct Object Reference (IDOR) in Secure Data Forms. An authenticated user can modify resources belonging to other users due to insufficient authorization checks on resource ownership. A patch is available in version 9.3.0 and later; upgra...

CVE-2026-10295

SourceCodester Customer Review App 1.0 is affected. The vulnerability lies in review_app.py functions add_review, save_review, and get_all_reviews, where manipulating the name/comment argument leads to a local denial of service. The attack requires local access and a public exploit exists. Impact...

CVE-2026-24752

CVE-2026-24752 affects Kiteworks Secure Data Forms prior to version 9.3.0. A reflected XSS could cause a user to execute arbitrary JavaScript, with patch provided in 9.3.0+. CVSSv3.1 base score 8.2 (HIGH): attack vector NETWORK, privileges required NONE, user interaction REQUIRED, scope CHANGED, ...

CVE-2019-25718

Affected product: Dräger Infinity Explorer C700. Vulnerability: privilege escalation allowing kiosk-mode escape to reach the underlying OS via a specific dialog interaction. Impact: attacker can break out of kiosk mode, gain OS control, and cause the Delta Family patient monitor display to show i...

CVE-2026-10294

CVE-2026-10294 affects PackageKit up to 1.3.5. The vulnerable component is the API function g_file_test in src/pk-transaction.c. Manipulation of the argument frontend-socket leads to improper authorization. The issue can be exploited remotely, and the exploit has been disclosed publicly and may b...

CVE-2026-40965

Cloud Foundry UAA versions v76.12.0–v78.12.0 expose EC private keys via the public /token_keys endpoint, enabling private key disclosure for EC-based JWT signing. Affected components: uaa_release (v76.12.0–v78.12.0) and CF Deployment (v30.0.0–v56.0.0). Root cause: misexposure of EC private key ma...

CVE-2019-25716

The CVE affects Dräger Infinity Delta, Delta XL, and Kappa patient monitors. A denial-of-service flaw lets an attacker send malformed network packets to reboot the device, disrupting monitoring until it reverts to default configuration and loses network connectivity. Documented metrics show CVSSv...

CVE-2026-10293

CVE-2026-10293 affects UTT HiPER 1200GW (versions up to 2.5.3-170306). The flaw occurs in the strcpy usage of the /goform/formFireWall function, enabling a stack-based buffer overflow via a crafted Profile argument. This allows remote code execution with network access and low privileges; the CVS...

CVE-2026-28580

Technical details about CVE-2026-28580 (affected products, vulnerable components, root cause, and fixes) are not publicly available in the provided documents. Monitor for updates in the connected feeds (NVD, EUVD, OSV) for confirmation and patches.

CVE-2026-28586

CVE-2026-28586 : All connected documents describe the issue as a permission bypass in multiple functions of AppOpsService.java , causing a possible local information disclosure without requiring additional execution privileges. The description consistently notes no user interaction is needed for ...

CVE-2026-28581

Technical details for CVE-2026-28581 are not publicly available in the provided documents; monitor for updates.

CVE-2026-0095

The provided CVE-2026-0095 entries describe a vulnerability in the Bluetooth stack, specifically in the function l2c_fcr_clone_buf in l2c_fcr.cc. The issue is an integer overflow that can trigger controlled heap corruption within the privileged Bluetooth process, leading to local escalation of pr...

CVE-2026-0094

Technical details for CVE-2026-0094 are not publicly available in the provided documents; monitor for updates.

CVE-2026-0096

Technical details are not publicly available in the provided documents. Monitor for updates for potential affected products, impacted components, root cause, and remediation.

CVE-2026-0098

Technical details (affected products, versions, exploit specifics, or mitigations) are not publicly available in the provided documents. Monitor for updates and rely on official advisories when they are published.

CVE-2026-0099

Technical details about CVE-2026-0099 are not publicly available in the provided connected documents. Monitor for updates from official sources; no further specifics (affected products, root cause, impact, or fixes) are disclosed here.

CVE-2026-28578

CVE-2026-28578 describes a vulnerability in multiple functions of Android’s DevicePolicyManagerService.java where there is a desync from persistence caused by improper input validation. This can lead to a local denial of service without requiring additional privileges or user interaction. Documen...

CVE-2026-28577

CVE-2026-28577 corresponds to a tapjacking/overlay flaw in Android’s WindowManagerService.addWindow. The issue could permit local elevation of privilege with no extra execution privileges and without user action. CVSS 3.1 base metrics indicate Local, Low attack complexity and Low privileges requi...

CVE-2026-0100

CVE-2026-0100 : The description across NVD, OSV, and vuln enrichment indicates a vulnerability in the Load path of LoadedArsc.cpp causing an out-of-bounds write via a heap buffer overflow. This can enable local privilege escalation with no extra execution privileges required; exploitation is poss...

CVE-2026-0097

Technical details about CVE-2026-0097 are not publicly available in the provided documents. Monitor for updates from sources such as the Android bulletin and NVD.

CVE-2026-0093

Technical details for CVE-2026-0093 are not publicly available in the provided documents (no affected products, fixes, or exploit info). Monitor for updates from official sources.

CVE-2026-0080

Technical details are not publicly available in the provided documents; no affected products, versions, vectors, or mitigations are specified. Monitor for updates.

CVE-2026-0087

CVE-2026-0087 : The connected sources identify a logic error in Android’s DomainVerificationService.java (approvalLevelForDomainInternal) that could allow hijacking an arbitrary app link, enabling local privilege escalation without user interaction. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:...

CVE-2026-0089

The CVE-2026-0089 issue affects the PackageInstallerService.java component and enables installation of unverified apps due to a missing permission check, enabling local privilege escalation with no extra execution privileges required and no user interaction needed. The core impact is local escala...

CVE-2026-0086

CVE-2026-0086 affects the Android component DisableSupervisionActivity.kt, where in onCreate a missing null check can permit deletion of supervision data. This enables local escalation of privilege without extra execution privileges and without user interaction. CVSSv3.1 vector (L, L, N, U) yield...

CVE-2026-0079

Technical details about CVE-2026-0079 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-0088

The CVE-2026-0088 affects Android’s CertInstaller.getCallingAppLabel, where a misleading or insufficient UI could allow hiding a sensitive security dialogue. This enables local privilege escalation with no extra privileges and no user interaction required for exploitation, as described across NVD...

CVE-2026-0085

CVE-2026-0085 relates to a vulnerability in the DataRowHandler.java function applySimpleFieldMaxSize , where improper input validation could allow inserting an unusually large contact name. The result is a local Denial of Service with no extra privileges and no user interaction required. Document...

CVE-2026-0091

Technical details about CVE-2026-0091 are not publicly available in the provided documents. No affected products, versions, or remediation are specified here. Monitor the sources for updates.

CVE-2026-0077

CVE-2026-0077 is linked to Android’s ActivityRecord.java resumeConfigurationDispatch, where a logic error can trigger a background application launch (bal) and enable local privilege escalation without extra privileges or user interaction. Connected sources (NVD/Red Hat/NCSC EUVD, etc.) confirm t...