Export limit exceeded: 355047 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355047 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0075 | 1 Google | 1 Android | 2026-06-02 | 5.9 Medium |
| In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0096 | 1 Google | 1 Android | 2026-06-02 | 7.8 High |
| In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible trick the user into forgetting a device due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-45681 | 1 Opentelemetry | 1 Opentelemetry-ebpf-instrumentation | 2026-06-02 | 5.9 Medium |
| OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can read beyond the fallback buffer and leak adjacent memory into telemetry. This issue has been patched in version 0.9.0. | ||||
| CVE-2026-0097 | 1 Google | 1 Android | 2026-06-02 | 8 High |
| In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0098 | 1 Google | 1 Android | 2026-06-02 | 7.8 High |
| In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0100 | 1 Google | 1 Android | 2026-06-02 | 7.8 High |
| In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-45554 | 1 Zauberzeug | 1 Nicegui | 2026-06-02 | 5.3 Medium |
| NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside Starlette's FileResponse, which Uvicorn writes to the server log as a full traceback. Because the routes are reachable without authentication, a remote attacker can amplify log volume and consume disk and log-pipeline capacity on any publicly reachable NiceGUI server. This issue has been patched in version 3.12.0. | ||||
| CVE-2026-28578 | 1 Google | 1 Android | 2026-06-02 | 5.5 Medium |
| In multiple functions of DevicePolicyManagerService.java, there is a possible desync from persistence due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-28580 | 1 Google | 1 Android | 2026-06-02 | 7.8 High |
| In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-28586 | 1 Google | 1 Android | 2026-06-02 | 3.3 Low |
| In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-59601 | 1 Qualcomm | 17 Fastconnect 7800, Fastconnect 7800 Firmware, Qca7005 and 14 more | 2026-06-02 | 6.5 Medium |
| Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration. | ||||
| CVE-2025-59604 | 1 Qualcomm | 531 Ar8035, Ar8035 Firmware, Cologne and 528 more | 2026-06-02 | 7.8 High |
| Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer. | ||||
| CVE-2025-59605 | 1 Qualcomm | 281 Ar8035, Ar8035 Firmware, Csra6620 and 278 more | 2026-06-02 | 7.8 High |
| Memory Corruption when processing device identifier strings that exceed the expected maximum length. | ||||
| CVE-2025-59606 | 1 Qualcomm | 282 Cologne, Cologne Firmware, Cq7790 and 279 more | 2026-06-02 | 7.8 High |
| Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization. | ||||
| CVE-2026-39831 | 1 Golang | 2 Crypto, Ssh | 2026-06-02 | 9.1 Critical |
| The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a "no-touch-required" extension in Permissions.Extensions from PublicKeyCallback. | ||||
| CVE-2026-0009 | 1 Google | 1 Android | 2026-06-02 | 6.2 Medium |
| In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0036 | 1 Google | 1 Android | 2026-06-02 | 7.8 High |
| In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0045 | 1 Google | 1 Android | 2026-06-02 | 7.8 High |
| In bta_jv_rfcomm_connect of bta_jv_act.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0076 | 1 Google | 1 Android | 2026-06-02 | 7.8 High |
| In validateNode of ResourceTypes.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-59609 | 1 Qualcomm | 375 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Ar8035 and 372 more | 2026-06-02 | 5.5 Medium |
| Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length. | ||||