A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memory allocation, enabling local privilege escalation to kernel level. KEV-listed and patched, this vulnerability affects Qualcomm-based mobile devices and embedded systems, potentially impacting billions of Android devices globally.
Remote code execution in Tenda AC15 firmware versions up to 15.13.07.13 via a stack-based buffer overflow in the /goform/TextEditingConversion endpoint allows unauthenticated attackers to achieve complete system compromise. Public exploit code exists for this vulnerability, and no patch is currently available, creating immediate risk for deployed devices. An attacker can exploit this remotely with minimal complexity by manipulating the wpapsk_crypto2_4g parameter.
Chamilo is a learning management system. [CVSS 8.8 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. [CVSS 8.8 HIGH]
ZimaOS 1.5.2-beta3 lacks proper path validation in its API, allowing authenticated users to bypass frontend restrictions and write files to protected system directories such as /etc and /usr. Public exploit code exists for this vulnerability, enabling attackers with valid credentials to modify critical OS files and potentially achieve code execution. No patch is currently available.
Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. [CVSS 8.3 HIGH]
Out-of-bounds read in Exiv2's CRW image parser allows remote attackers to cause denial of service and potentially disclose sensitive memory contents through crafted image files. Versions prior to 0.28.8 are affected, and public exploit code exists for this vulnerability. A patch is available that administrators should deploy immediately to prevent exploitation.
Textream prior to version 1.5.1 fails to validate the Origin header during WebSocket handshake, allowing malicious websites to establish unauthorized connections to the local DirectorServer and inject arbitrary commands. An attacker can exploit this from a browser to gain full remote control of teleprompter content without user interaction beyond visiting a compromised page. Public exploit code exists for this vulnerability; updating to version 1.5.1 or later resolves the issue.
An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. [CVSS 7.5 HIGH]
Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. [CVSS 7.2 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. [CVSS 7.2 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. [CVSS 7.2 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. [CVSS 7.2 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. [CVSS 7.2 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. [CVSS 7.2 HIGH]
Arbitrary code execution in Personnel Property Equipment System v1.0 allows authenticated attackers with high privileges to execute malicious code through the admin picture upload functionality. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can achieve complete compromise of confidentiality, integrity, and availability on affected systems.
Chamilo is a learning management system. [CVSS 7.2 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. [CVSS 7.2 HIGH]
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. [CVSS 7.1 HIGH]
Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add any user as a friend by directly calling the AJAX endpoint. [CVSS 7.1 HIGH]
Master Addons for Elementor Premium (WordPress plugin) versions up to 2.1.3 is affected by code injection (CVSS 8.8).
Remote code execution in AFFiNE workspace application (versions prior to 0.25.4) allows unauthenticated attackers to execute arbitrary code via malicious affine: URL handlers. Exploitation requires one user click on a crafted link or visiting a malicious website that auto-redirects to the malicious URL. The browser's custom protocol handler automatically launches AFFiNE and processes the payload without further user interaction, achieving RCE. EPSS score of 0.17% (38th percentile) suggests low observed exploitation activity. GitHub security advisory GHSA-67vm-2mcj-8965 confirms the vulnerability with upstream fix available in commit c9a4129a via PR #13864.
SQL injection in NocoDB versions prior to 0.301.3 allows authenticated users with Creator role to execute arbitrary SQL commands through the DATEADD formula's unit parameter. This high-severity vulnerability enables attackers to compromise data confidentiality, integrity, and system availability with network access and low complexity. No patch is currently available for affected installations.
In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.8 HIGH]
including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions up to 7.9.0. is affected by sql injection.
OpenWrt and its Software Development Kit contain an out-of-bounds write vulnerability in the WLAN access point firmware caused by improper bounds checking, enabling adjacent network attackers to achieve privilege escalation without user interaction or special privileges. The vulnerability carries high severity with complete impact across confidentiality, integrity, and availability, though no patch is currently available.
Certificate chain verification bypass in AWS-LC, Amazon's libcrypto/BoringSSL-derived cryptographic library, lets unauthenticated attackers forge trust in PKCS7 objects carrying multiple signers: PKCS7_verify() validates only the final signer and skips chain verification for all preceding signers (CWE-295). Affected applications can be tricked into accepting signed data whose earlier signers chain to untrusted or invalid certificates. There is no public exploit identified at time of analysis, EPSS is low (0.03%, 10th percentile), and AWS-managed services are unaffected per the vendor, but the flaw is fixed in AWS-LC 1.69.0.
Signature verification bypass in AWS-LC's PKCS7_verify() function lets unauthenticated attackers get forged PKCS#7 objects containing Authenticated Attributes accepted as validly signed, defeating the integrity guarantee the API exists to provide. It affects applications linking AWS-LC, including the Rust aws-lc-sys binding and aws_libcrypto, and is tagged as enabling JWT/authentication-bypass attacks. No public exploit identified at time of analysis and EPSS is very low (0.03%), but integrity impact is High (CVSS 4.0 8.7) and a fixed release (1.69.0) is already available.
Android versions up to 14.0 is affected by improper restriction of rendered ui layers or frames (CVSS 8.6).
Android versions up to - contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).
Local privilege escalation in Android's mem_protect.c results from integer overflow conditions that enable out-of-bounds memory writes, allowing unauthenticated local attackers to gain elevated system privileges without user interaction. The vulnerability affects multiple functions within the memory protection component and is exploitable by any process on the affected device. A patch is available to address this high-severity issue.
Local privilege escalation in Android's mem_protect.c allows unprivileged attackers to achieve full system access through an out-of-bounds write caused by insufficient bounds validation. The vulnerability requires no user interaction and can be exploited immediately upon device compromise by any local process.
Local privilege escalation in Android's __pkvm_host_share_guest function allows unprivileged attackers to achieve kernel-level code execution through integer overflow-induced out-of-bounds memory writes. The vulnerability requires no user interaction and can be exploited directly from any local context on affected devices. A patch is available to address this high-severity flaw.
Local privilege escalation in theshit command-line utility versions prior to 0.2.0 allows unprivileged users to execute arbitrary commands with elevated privileges through improper privilege dropping during command re-execution. An attacker with local access can exploit this vulnerability to gain root or elevated system access. No patch is currently available.
Local privilege escalation in Android's pKVM hypervisor initialization allows unprivileged attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability stems from a logic error in the __pkvm_init_vm function that fails to properly validate memory operations during VM setup. A patch is available to address this high-severity flaw affecting Android devices.
Improper input validation in Android's ManagedServices notification policy handler allows local attackers to escalate privileges without requiring additional permissions or user interaction. An attacker can exploit this flaw to desynchronize notification policies and gain elevated system privileges on the affected device. No patch is currently available for this vulnerability.
Local privilege escalation in Android's Settings.java enableSystemPackageLPw function allows unauthenticated local attackers to manipulate location access controls through a logic error, requiring no user interaction. An attacker with local access can exploit this vulnerability to gain elevated privileges and bypass location permission enforcement. No patch is currently available for this vulnerability.
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
Unauthorized information disclosure in Android's Notification.java hasImage method allows local attackers to bypass permission checks and access sensitive data across user accounts without requiring elevated privileges or user interaction. This permissions bypass can lead to local privilege escalation on affected Android devices. No patch is currently available.
Android versions up to 14.0 is affected by authorization bypass through user-controlled key (CVSS 8.4).
Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).
Local privilege escalation in Android's ffa.c component allows unauthenticated attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability stems from a logic error in multiple functions and requires only local access to exploit. A patch is available to address this high-severity flaw.
An Android MediaProvider logic error allows local applications to obtain unauthorized read and write access to arbitrary files, enabling privilege escalation without requiring additional permissions or user interaction. This vulnerability affects the createRequest function and permits apps to manipulate file access controls beyond their intended scope. No patch is currently available.
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).
Local privilege escalation in Android's DRM manager service allows unprivileged processes to achieve system-level access through an out-of-bounds memory write in the IDrmManagerService transaction handler. The vulnerability requires no user interaction and can be exploited immediately upon execution, making it a direct path to elevated privileges on affected Android devices. No patch is currently available.
Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).