CVE Catalog

A denial-of-service vulnerability has been identified in the Android Runtime's Undefined Behavior Sanitizer (UBSan) component. This issue arises from multiple functions in 'ubsan_throwing_runtime.cpp', where improper handling of resources can lead to exhaustion, causing a persistent denial-of-service condition. The vulnerability can be exploited locally without requiring additional execution privileges or user interaction.

A vulnerability has been identified in multiple functions of 'ubsan_throwing_runtime.cpp', where an integer overflow can cause a Undefined Behavior Sanitizer (UBSan) failure. This vulnerability could be exploited to create a remote denial-of-service condition, requiring no additional execution privileges or user interaction.

A denial-of-service vulnerability has been identified in the Android framework, specifically within the UBSan throwing runtime component. This issue arises from an integer overflow in multiple functions, which can be exploited to cause a crash. The vulnerability does not require any additional execution privileges or user interaction for exploitation.

A denial-of-service vulnerability has been identified in multiple functions of 'ubsan_throwing_runtime.cpp' within the Android framework. This issue arises from an integer overflow, which can be exploited to cause a persistent denial-of-service condition. The vulnerability does not require any additional execution privileges or user interaction for exploitation, potentially leading to remote denial-of-service.

A tapjacking vulnerability has been identified in the Android Framework component, specifically within the StageCoordinator class. This issue allows for a local escalation of privilege, with no additional execution privileges required. The vulnerability can be exploited without user interaction.

A denial-of-service vulnerability has been identified in the Accessibility Manager Service of Android. This issue arises from improper input validation in multiple functions of AccessibilityManagerService.java, leading to a possible persistent denial-of-service condition. The vulnerability can be exploited locally without requiring additional execution privileges or user interaction.

A permissions bypass vulnerability has been identified in the Credential Manager Service, specifically in the 'updateProvidersWhenServiceRemoved' function. This vulnerability allows for the potential override of settings across different user accounts, leading to unauthorized access to local information. The issue does not require any additional execution privileges or user interaction for exploitation.

A tapjacking vulnerability has been identified in the Android MediaProvider and Documents UI components. This issue arises from a logic error in the code, which creates a potential for local privilege escalation. Notably, the vulnerability can be exploited without requiring additional execution privileges or user interaction. Affected devices can be updated to the June 2026 security patch level to address this vulnerability.

A logic error in the InstallRepository component of the Android Framework and System could allow a bypass of Mobile Device Management (MDM) policy. This vulnerability enables local elevation of privilege, with no additional execution privileges required. Exploitation does not involve user interaction.

A vulnerability allowing for elevation of privilege has been identified in the Android Framework and System components. This issue arises from a permissions bypass that could reset user-selected permission choices, potentially leading to unauthorized access or actions. The vulnerability affects multiple versions of Android and can be exploited without any user interaction or additional execution privileges.

A denial-of-service vulnerability has been identified in the Notification Manager Service of Android. The issue arises in the 'isSameApp' function, where resource exhaustion can lead to a persistent denial-of-service condition. This vulnerability can be exploited locally without requiring additional execution privileges or user interaction.

A vulnerability has been identified in the KeyguardViewMediator component of Android, specifically within multiple functions of KeyguardViewMediator.java. This vulnerability arises from a logic error that creates a potential bypass of lockdown mode when screen pinning is enabled. Exploiting this issue could lead to unauthorized access to local information, without requiring any additional privileges or user interaction.

A vulnerability exists in the Android Framework and System components, allowing for local privilege escalation due to an integer overflow. This issue can be exploited without any additional execution privileges or user interaction. The vulnerability affects multiple versions of Android, including 14, 15, and 16, with specific patches available in the June 2026 security updates.

A vulnerability has been identified in the Android Framework component, specifically within the PipTaskOrganizer.java file. This issue allows for the unauthorized launching of activities from the background, creating a 'confused deputy' scenario. As a result, it could lead to local elevation of privilege without requiring additional execution rights or user interaction. This vulnerability affects Android versions 14, 15, and 16, with the exception of 16-qpr2.

A vulnerability exists in multiple components of the Android operating system, specifically in the Framework and System areas, where a background activity can be launched without the necessary permission check. This flaw could lead to a local escalation of privilege, allowing a user to gain elevated rights or access within the system. Notably, this vulnerability does not require any additional execution privileges or user interaction for exploitation.

A vulnerability allowing local elevation of privilege has been identified in the Android Framework and System components. This issue arises from a missing permission check in the CarDevicePolicyService, which could enable a bypass of the user dialog when adding an account to a managed device. Exploitation of this vulnerability does not require any additional execution privileges or user interaction.

A logic error in the Android Framework's ComputerEngine.java file creates a vulnerability that allows unauthorized access to URIs across different users. This issue could lead to local privilege escalation without requiring additional execution privileges or user interaction. The vulnerability affects Android versions 14, 15, 16, and 16-qpr2.

A vulnerability allowing local elevation of privilege has been identified in the Android Framework and System components. This issue arises from improper input validation, which creates a potential for unauthorized image access across user profiles. Exploitation of this vulnerability does not require additional execution privileges, but does necessitate user interaction.

A denial-of-service vulnerability has been identified in Dräger Infinity Delta, Delta XL, and Kappa patient monitors. This vulnerability allows remote attackers to disrupt patient monitoring by sending malformed network packets, causing the monitor to reboot. The repeated transmission of these packets can interfere with patient monitoring until the device resets to its default configuration and loses network connectivity.

A cross-site request forgery (CSRF) vulnerability has been identified in ZeusCart version 4.0. This vulnerability allows attackers to perform unauthorized actions on behalf of users by sending crafted requests. Specifically, attackers can deactivate customer accounts through the admin interface by persuading users to visit maliciously controlled pages that trigger requests to the regstatus endpoint with action=deny parameters.

A SQL injection vulnerability has been identified in the WP AutoSuggest WordPress plugin, specifically in version 0.24. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'wpas_keys' parameter. Exploitation involves sending GET requests to 'autosuggest.php' with crafted 'wpas_keys' values, which can be used to extract sensitive database information from WordPress posts and other tables.

A SQL injection vulnerability has been identified in Joomla Component JE Photo Gallery version 1.1. This vulnerability allows unauthenticated attackers to manipulate SQL queries by injecting malicious code through the 'categoryid' parameter. Exploitation of this vulnerability enables attackers to execute arbitrary SQL queries, potentially leading to the extraction of sensitive database information such as usernames and password hashes.

A SQL injection vulnerability has been identified in No-Cms version 1.0. The issue resides in the order_by parameter of the manage_privilege export endpoint. This vulnerability allows authenticated attackers to manipulate database queries and extract sensitive information. Exploitation involves sending POST requests to the export endpoint with malicious SQL code embedded in the order_by[0] parameter.

A SQL injection vulnerability has been identified in Paroiciel version 11.20. This vulnerability allows authenticated attackers to execute arbitrary SQL queries by injecting malicious payloads through the eGeqIdEquipe parameter. Exploitation involves sending crafted GET requests to the egeq.php endpoint, which can lead to the extraction of sensitive database information, including version details and other data.

A SQL injection vulnerability has been identified in Paroiciel version 11.20. This vulnerability allows authenticated attackers to execute arbitrary SQL queries by injecting malicious payloads through the zProIdPro parameter. Exploitation of this vulnerability could lead to the extraction of sensitive database information, including usernames, database names, and version details. The issue arises when crafted SQL queries are sent via GET requests to the zpro.php script, taking advantage of improper input sanitization.

A SQL injection vulnerability has been identified in Paroiciel version 11.20. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious payloads through the tRecIdListe parameter. Exploitation involves sending GET requests to the trec.php endpoint with crafted SQL injections that can manipulate the database and extract information such as table and column names.

A timing side-channel vulnerability has been identified in GnuTLS, specifically in the PKCS#7 padding check during decryption. This flaw is not constant-time, which could enable a remote attacker to infer sensitive information about the padding bytes by exploiting observable timing differences. The vulnerability affects GnuTLS versions prior to the update included in Red Hat Enterprise Linux 10.

A cross-site request forgery (CSRF) vulnerability has been identified in the DeepAI endpoint 'https://api.deepai.org/change_user_email'. This endpoint accepts POST requests without any CSRF protection. As a result, an attacker could potentially trick a logged-in user into clicking a malicious link, allowing the attacker to change the user's email address and take over their account.

A denial-of-service vulnerability has been identified in Nanobot versions prior to 0.2.1. The issue resides in the Matrix channel media download handler, where authenticated room members can exploit missing or invalid size metadata in media events. This exploitation leads to excessive consumption of process memory and bandwidth. Attackers can send multiple concurrent media events with omitted or incorrect size declarations, causing simultaneous large media downloads. These downloads fully complete before being rejected, allowing the exploitation of process resources and resulting in service degradation.

A server-side request forgery (SSRF) vulnerability has been identified in Nanobot versions prior to 0.2.1. This vulnerability resides in the Microsoft Teams channel handler, where remote attackers can exfiltrate Bot Framework bearer tokens. Exploitation involves sending a forged activity with an attacker-controlled serviceUrl, which poisons the stored conversation reference. As a result, subsequent bot replies include token-bearing Authorization header requests sent to an attacker-controlled host.

A server-side request forgery (SSRF) vulnerability has been identified in Nanobot versions prior to 0.2.1. This vulnerability resides in the web_fetch tool, where remote attackers can access internal or private network hosts. Exploitation involves supplying a URL that redirects to a loopback or private address via a 3xx Location header. The vulnerability takes advantage of the httpx library's automatic HTTP redirect following behavior, allowing attackers to bypass initial URL validation. As a result, outbound requests are sent to internal hosts before the final resolved URL is validated.

A path traversal vulnerability has been identified in Banana Slides version 0.4.0, within the AI service backend's generate_image() function. This vulnerability allows unauthenticated attackers to read arbitrary image files from outside the designated uploads directory. The issue arises from an inadequate path prefix check that fails to account for trailing separators, enabling exploitation by crafting markdown image references in user-controlled page descriptions. Attackers can manipulate the references to access sibling directories that share the uploads folder prefix, bypassing directory confinement and causing the application to read files from unintended locations using PIL's Image.open() function.

A vulnerability exists in CodexBar versions prior to 0.32.0, related to insecure handling of temporary files during the release notarization process. This flaw allows local attackers to access sensitive credentials or manipulate build artifacts by taking advantage of predictable file paths. Attackers on the same host can read the App Store Connect API key, which is written to a fixed location, pre-create files or symbolic links to redirect writes to locations they control, or tamper with notarization archives before they are submitted.

A privilege escalation vulnerability has been identified in CodexBar versions prior to 0.32.0. This vulnerability resides in the Command Line Interface (CLI) installer, where local attackers can execute arbitrary commands as root. The issue arises from a race condition in the handling of temporary files. The installer uses 'mktemp' to create a temporary file, into which it writes a privileged shell payload. This payload is then executed with administrator privileges via bash. The vulnerability allows a same-user local process to modify the installer script before the administrator approval is granted, leading to the execution of attacker-controlled commands with root privileges.

A resource leak vulnerability has been identified in FlexRIC version 2.0.0. This issue arises because a single SCTP connection can bind multiple xapp_ids by sending multiple E42_SETUP_REQUEST messages. When the connection is disconnected, only the resources for the first registered xapp_id are cleaned up, leaving the subsequent xapp_ids and their associated subscriptions as stale entries. This vulnerability can be exploited by a remote attacker to leak subscription state in the iApp, potentially leading to resource exhaustion or state corruption over time.

A reflected cross-site scripting vulnerability has been identified in Kiteworks Secure Data Forms versions prior to 9.3.0. This vulnerability allows external attackers to deceive users into executing arbitrary JavaScript code. The affected feature has been removed in versions 9.3.0 and later.

A stored cross-site scripting vulnerability has been identified in the Hotel and Tourism Reservation System version 1.0. The issue resides in the tour booking functionality, specifically within the file '/ht/tour.php'. An attacker can inject malicious scripts into several contact fields, including name, email, people, and number. These scripts are then executed when an administrator accesses the reservations management page at '/ht/admin/tour_reserves.php'. This vulnerability allows for session hijacking, credential theft, or a complete takeover of the admin account.

An authentication bypass vulnerability has been identified in Code-Projects Hotel and Tourism Reservation System version 1.0. The issue arises in the admin login component, specifically within the password verification function of the login.php file. Due to an inverted conditional check in the authentication logic, the application incorrectly grants access when an incorrect password is provided, while denying access for correct passwords. This vulnerability allows remote attackers to gain unauthorized administrative access.

A server-side request forgery (SSRF) vulnerability has been identified in SourceCodester SEO Meta Tag Extractor version 1.0. The issue arises in the 'fetchMetaTags' function within 'index.php', where user-supplied URLs are processed by 'get_headers' and 'file_get_contents' without proper validation. This oversight allows remote attackers to access internal services via loopback or private IP addresses. The vulnerability is exacerbated by 'file_get_contents' following HTTP redirects, potentially leading to the exposure of sensitive internal data. The flaw has been publicly disclosed and is available for exploitation.

A SQL injection vulnerability has been identified in CodeAstro Payroll System version 1.0, specifically in the file '/PayrollSy-PHP/home_employee.php'. This vulnerability allows remote attackers to manipulate the 'emp_id' parameter, injecting malicious SQL queries that could be executed by the database. The lack of proper input validation and sanitization enables this exploitation, potentially leading to unauthorized database access, data manipulation, and exposure of sensitive information.

An improper authorization vulnerability has been identified in the DevaslanPHP project management application, specifically in versions up to 2.0.0-beta1. The issue resides in the KanbanScrumHelper::recordUpdated function within the Ticket Handler component. This vulnerability allows for cross-project ticket status manipulation by bypassing ownership and project membership checks. The flaw can be exploited remotely via the Livewire wire protocol, enabling unauthorized users to alter the status of any ticket.

An authorization bypass vulnerability has been identified in the DevaslanPHP project management application, specifically in versions up to 2.0.0-beta1. The issue resides within the Livewire component, in the 'editComment' and 'doDeleteComment' methods of the 'ViewTicket' resource page. This vulnerability allows remote attackers to manipulate comment IDs and bypass authorization checks, as the methods can be called directly without proper server-side validation. While the UI restricts access to certain users, this safeguard can be easily circumvented.

A NULL pointer dereference vulnerability has been identified in lwext4 version 1.0.0, specifically in the 'ext4_dir_en_get_name_len' function within 'include/ext4_dir.h'. This vulnerability allows attackers to cause a denial-of-service condition by providing a specially crafted EXT4 filesystem image with malformed directory entries. The issue arises during directory iteration, where the code fails to properly validate the directory entry pointer before accessing the 'name_len' field, leading to a segmentation fault.

A vulnerability in the AMD Secure Processor (ASP) has been identified, stemming from insufficient granularity of access control. This flaw may enable an attacker with an untrusted user space application to map sensitive System Management Network (SMN) apertures, potentially leading to unauthorized privilege escalation. The issue affects several AMD Ryzen and Ryzen Embedded series processors.

A vulnerability allowing improper access control has been identified in Ivanti Neurons for ITSM, both in cloud and on-premises versions. This vulnerability enables a remote authenticated attacker to gain administrative access. It arises from inadequate access control measures, allowing unauthorized elevation of privileges.

A remote code execution vulnerability has been identified in IBM WebSphere Application Server versions 9.0 and 8.5. This issue arises from improper validation of user-supplied data during deserialization in the SAML Web Single Sign-On component. Exploitation of this vulnerability requires a crafted HTTP request that, when combined with a suitable gadget chain, could lead to unauthorized code execution on the server.

A remote code execution vulnerability exists in IBM WebSphere Application Server versions 9.0 and 8.5. This issue arises from the deserialization of untrusted data in JAX-WS endpoints that use WS-Security, potentially allowing an attacker to execute arbitrary code on the server.

A remote code execution vulnerability has been identified in IBM WebSphere Application Server versions 9.0 and 8.5. This vulnerability arises from a bypass of security controls, allowing unauthorized execution of code on the server.

An identity spoofing vulnerability has been identified in IBM WebSphere Application Server versions 9.0 and 8.5. This vulnerability allows for authentication bypass by spoofing, potentially leading to unauthorized actions or access.

A remote code execution vulnerability exists in the IBM i Access Client Solutions (ACS) within the IBM i Access Family, specifically in versions 1.1.5.0 through 1.1.9.12. The vulnerability arises when ACS is configured to accept requests from IBM i Navigator.