365705 matches found
CVE-2026-0143
The CVE-2026-0143 issue is in LWIS (lwIS) device handling: in lwis_device_external_event_emit of lwis_event.c, a memory corruption via use-after-free is reported, enabling local escalation of privilege with System execution privileges, and no user interaction is required. Public documents from NV...
CVE-2026-0142
CVE-2026-0142 affects the AVB component (iavb_parse_key_data in avb_rsa.c). The root cause is an out-of-bounds read due to improper input validation, leading to local information disclosure without extra privileges or user interaction. Connected documents confirm the same description across multi...
CVE-2026-0141
CVE-2026-0141 describes a likely out-of-bounds read in decodeAppPacket of RtcpAppPacket.cpp caused by a missing bounds check. The vulnerability enables a remote information disclosure without requiring additional execution privileges and without user interaction. Public references in the provided...
CVE-2026-0140
CVE-2026-0140 describes a potential out-of-bounds read in RtpPacket::decodePacket caused by an integer overflow that could lead to remote information disclosure. Exploitation requires user interaction; no remote code execution is stated. Connected sources (NVD, ENISA EUVD, OSV, PT-OSSecurity, And...
CVE-2026-0139
CVE-2026-0139 affects the Modem with an out-of-bounds write caused by a missing bounds check, enabling remote code execution without privileges or user interaction. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) yields a base score of 8.8 (HIGH). The Android Pixel bulletin and related ...
CVE-2026-0138
The CVE-2026-0138 issue affects the function lwis_io_buffer_write in lwis_io_buffer.c, described across multiple sources (NVD, ENISA EUVD, CVE listings, OSV) as a possible out-of-bounds write caused by memory corruption. Impact is local elevation of privilege requiring system execution privileges...
CVE-2026-0137
CVE-2026-0137 affects the EdgeTPU kernel driver. The root cause is a use-after-free in the function edgetpu_sync_fence_group_shutdown() within edgetpu-dmabuf.c, which can enable a local elevation of privilege. The impact is local escalation to System execution privileges, with no user interaction...
CVE-2026-0136
CVE-2026-0136 affects the Modem component, where a missing bounds check allows an out-of-bounds read. This can lead to remote denial of service without user interaction and with no additional execution privileges required. Public references consistently describe it as a DoS condition impacting Mo...
CVE-2026-0135
CVE-2026-0135 affects the Modem component, where a missing bounds check can enable an out-of-bounds read. This can lead to remote code execution with no additional privileges required and no user interaction. Several connected sources (NVD, EUVD-ENISA, CVE listings, OSV and PT-Security entries) c...
CVE-2026-0134
CVE-2026-0134 describes a data persistence issue in PostWipeData within recovery_ui.cpp, exposing local information after a factory reset due to a logic error. Impact is information disclosure with no additional privileges required and no user interaction needed. The available documents do not sp...
CVE-2026-0133
Affected component: arm-smmu-v3.c (smmu_attach_dev). The issue is a missing permission check that can allow signing malicious Android Runtime bootclass artifacts, enabling local escalation of privilege without extra execution privileges. Exploitation requires local access; user interaction is not...
CVE-2026-0132
CVE-2026-0132 concerns the Modem component. The connected documents describe a vulnerability where an out-of-bounds write occurs due to a heap buffer overflow, enabling remote code execution with no additional privileges and no user interaction required. The CVSS metrics indicate network attack v...
CVE-2026-0131
The CVE-2026-0131 entry affects the code path In RtpPacket::decodePacket, where an integer overflow can cause an out-of-bounds access. This vulnerability could enable local escalation of privilege with no additional execution privileges required, and exploitation requires user interaction. Connec...
CVE-2026-0130
CVE-2026-0130 affects the RtcpChunk::decodeRtcpChunk path, where a heap buffer overflow can cause an out-of-bounds read. This may lead to remote information disclosure without extra execution privileges. Exploitation requires user interaction. The provided documents do not specify affected produc...
CVE-2026-0128
CVE-2026-0128 affects code in RtcpFbPacket::decodeRtcpFbPacket, where an integer overflow can trigger an out-of-bounds read. This could lead to remote information disclosure without extra privileges. Exploitation requires user interaction. The connected documents consistently describe the same is...
CVE-2026-0129
The CVE-2026-0129 entry concerns RtcpByePacket::decodeByePacket with a missing bounds check that can lead to remote information disclosure. The available sources (NVD, OSV, PT security, Android Pixel bulletin) indicate this is related to libpixelimsmedia and triggers information disclosure withou...
CVE-2026-0127
The CVE-2026-0127 entry describes an out-of-bounds read caused by memory corruption in NrmmMsgCodec::DecodeUPUTransparentContext (cn_NrmmDecoder.cpp). This vulnerability allows a remote denial of service (communication processor crash) with no user interaction and requires network access (per CVS...
CVE-2026-0126
In WC-Radio, there is a confirmed vulnerability causing an out-of-bounds write due to a missing bounds check. This can lead to remote code execution with no privileges and no user interaction required. The issue is detailed across multiple feeds (NVD entry CVE-2026-0126, EUVD-2026-, and related O...
CVE-2026-0125
CVE-2026-0125 is a local elevation-of-privilege issue caused by a use-after-free in vpu_ioctl.c across multiple functions, triggered by a race condition. The vulnerability allows a local attacker to escalate privileges without additional execution privileges or user interaction, as described in s...
CVE-2026-48777
CVE-2026-48777 — FileBrowser Quantum has a path-traversal in the public share PATCH endpoint. Versions prior to 1.3.2-stable, 1.4.0-beta, and 1.4.1-beta allow an attacker with a public share link that has AllowModify=true to move, copy, or rename files outside the share root by abusing publicPatc...
CVE-2026-22313
The CVE-2026-22313 entry concerns Radiflow iSAP Smart Collector. A webserver exposes a REST API on the management network protected only by a token. An OS command injection vulnerability allows an authenticated attacker to execute arbitrary commands as the underlying OS user with administrative p...
CVE-2026-12425
CVE-2026-12425 is a reflected/DOM-based XSS in PowerSchool Employee Access Center 23.10. The issue allows injection of JavaScript after the login URL that can be eval()’d in the user’s browser context, enabling an attacker to run code with the user’s privileges. The CVSS metrics indicate network ...
CVE-2026-47747
The CVE affects stable-diffusion.cpp, a pure C/C++ library for running diffusion model inference. The vulnerability lies in the pickle .ckpt parser in src/model.cpp within versions prior to master-584-0a7ae07, where a heap-based overflow could occur in the BINUNICODE opcode handler due to sign co...
CVE-2026-12105
CVE-2026-12105 affects Devolutions Server in versions 2026.2.5 and 2026.1.21. The root cause is improper access control that allows an authenticated user to access attachments via folder duplication with inherited permissions. The documented impact is confidential data exposure (high) with a CVSS...
CVE-2026-12117
CVE-2026-12117 affects Devolutions Server 2026.2.5: improper access control in the social login connection endpoint allows an authenticated vault member to enumerate social login entry metadata they are not authorized to access via a crafted API request. CVSSv3.1 base score is 4.3 (Medium). The p...
CVE-2026-10303
CVE-2026-10303 affects ServerCo getssl up to version 2.49. The ACME challenge token returned to clients was not strictly validated against RFC 8555 before being used in challenge-file handling, allowing a maliciously crafted token to influence local path/filename usage during validation. An attac...
CVE-2026-11890
The CVE-2026-11890 entry concerns Devolutions Server versions 2026.1.21 and 2026.2.5, where improper access control in PAM account discovery allows an authenticated user to retrieve account discovery scan results. The connected documents confirm affected software and the root cause (in PAM accoun...
CVE-2026-22312
CVE-2026-22312 affects Radiflow iSAP Smart Collector. The device exposes a webserver REST API authenticated with a constant token, enabling an unauthenticated client to access system settings, modify configuration, and execute commands (e.g., system reboot). CVSS 3.1 indicates NETWORK attack vect...
CVE-2026-47750
The CVE-2026-47750 issue affects stable-diffusion.cpp in its pickle (.ckpt) parser (src/model.cpp). A heap buffer overflow occurs in the GLOBAL opcode handler due to missing validation while locating newline-delimited fields; a crafted .ckpt from an untrusted source can cause the parser to copy w...
CVE-2026-53866
OpenClaw vulnerable before version 2026.5.12 due to an allowlist bypass in shell inline-command parsing. Affected: authenticated operators could cause unapproved commands to execute because a parser case omits the expected allowlist decision. The issue is tied to the shell inline-command handling...
CVE-2026-53865
CVE-2026-53865 : OpenClaw prior to 2026.5.2 has a path traversal bug in maintenance task execution that lets workspace-derived service paths influence the trash command. An attacker can run unintended local executables from operator-unintended paths by manipulating environment paths during mainte...
CVE-2026-53864
OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer. This allows Node.js control variables to bypass validation when provided via workspace .env files, tool environment overrides, or skill environment blocks, potentially influencing chil...
CVE-2026-53863
OpenClaw before 2026.4.25 exposes an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. When a group ID is supplied to the policy resolver, it can lead to incorrect group-policy decisions for tool invocations, potentially bypassing intended access contr...
CVE-2026-53862
OpenClaw prior to 2026.5.12 is affected by a bootstrap token replay vulnerability that allows callers with pending token access to reuse tokens for broader scopes, potentially escalating pairing authority before approval. The issue is described in the CVE as allowing bootstrap tokens to be replay...
CVE-2026-53861
OpenClaw before 2026.5.6 has an allowlist bypass in the macOS Swift exec feature due to missing handling for combined POSIX inline flags. The vulnerability enables attackers to run shell content outside the intended allowlist check by using combined flag forms, with impact depending on operator c...
CVE-2026-53860
OpenClaw
CVE-2026-53859
Technical details (affected components, root cause, specific versions, exploitation) are not publicly available in the provided documents. Monitor for updates.
CVE-2026-53858
OpenClaw (pre-2026.5.2) is affected by CVE-2026-53858: an environment variable injection flaw where the workspace .env STATE_DIRECTORY can influence bundled runtime dependency roots. An attacker can manipulate STATE_DIRECTORY to load runtime dependencies from unintended local paths, potentially e...
CVE-2026-53857
OpenClaw before 2026.5.3 is vulnerable: the policy enforcement flaw allows Zalo display-name changes to influence allowFrom policy matching, causing attackers with mutable display names to receive responses intended for other Zalo identities when the feature is enabled. Affected product: OpenClaw...
CVE-2026-53856
OpenClaw before 2026.4.24 contains an insecure file permissions vulnerability in the config recovery flow that restores OpenClaw.json with overly broad permissions. Local attackers on shared hosts can read sensitive configuration data by exploiting the recovery path to access the restored config ...
CVE-2026-53854
OpenClaw is affected by a privilege escalation in versions before 2026.4.25. The issue arises from wildcard inheritance of ownerAllowFrom state across channel boundaries in internal and webchat command authentication, allowing a sender to execute owner-like commands outside the intended channel s...
CVE-2026-53855
OpenClaw prior to 2026.4.2 is vulnerable to an inline-eval bypass through shell positional parameters, allowing authenticated operators to weaken strict allowlist checks. Attackers can combine allowlisted tools with shell positional arguments to inject inline-eval content into shell carriers that...
CVE-2026-53853
OpenClaw
CVE-2026-53852
OpenClaw is affected by a scope containment bypass vulnerability (CVE-2026-53852) present prior to version 2026.4.25. The issue allows authenticated operators to bypass containment by submitting empty-scope device re-pairing requests, enabling them to restore broader scopes and retain unauthorize...
CVE-2026-53851
CVE-2026-53851 affects OpenClaw prior to version 2026.5.12. A notification bypass allows Slack reaction events to be processed by the agent pipeline even when reaction notifications are disabled. An attacker can trigger unintended agent processing by sending reaction events while the feature is e...
CVE-2026-53850
OpenClaw is affected by CVE-2026-53850, a control scope enforcement bypass in the focus command present in versions prior to 2026.4.25. The vulnerability allows authenticated callers to bypass authorization checks and change focus state outside their intended authority, potentially enabling unaut...
CVE-2026-53849
CVE-2026-53849 — OpenClaw prior to 2026.5.7 : A privilege-escalation in which the allowFrom feature validates Discord identity via mutable display names instead of immutable user IDs. An attacker with a Discord account can alter their display name to align with a policy entry and gain unauthorize...
CVE-2026-53848
OpenClaw CVE-2026-53848 affects OpenClaw prior to 2026.5.26. It describes an exec allowlist bypass where authenticated operators can craft command requests that bypass allowlist validation by using transparent command wrappers to cause wrapper-level side effects outside the intended commands. The...
CVE-2026-53847
OpenClaw CVE-2026-53847 affects versions prior to 2026.5.6. It describes a privilege-escalation in the Active Memory write scope where Gateway operators with operator.write access can modify global configuration without operator.admin privileges due to insufficient scope validation. The vulnerabi...
CVE-2026-53846
OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npm_execpath configuration used for bundled runtime dependency installation. Attackers with workspace access can execute unintended local package-manager execut...