|
2241
|
- |
|
-
|
-
|
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and a…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-8484
|
2026-06-17 00:41 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2242
|
8.8 |
HIGH
Network
|
-
|
-
|
Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel.
The product incorrectly indexes internal state w…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-34195
|
2026-06-17 00:40 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2243
|
5.5 |
MEDIUM
Local
|
-
|
-
|
An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disr…
|
CWE-653
Improper Isolation or Compartmentalization
|
CVE-2026-41155
|
2026-06-17 00:40 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2244
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space driver, leading to memory corruption and possible b…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-41157
|
2026-06-17 00:40 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2245
|
7.8 |
HIGH
Local
|
-
|
-
|
Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages.
Physical memory allocated and freed, without the deferred free mechanis…
|
CWE-416
Use After Free
|
CVE-2026-41158
|
2026-06-17 00:40 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2246
|
7.8 |
HIGH
Local
|
-
|
-
|
Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker who can log in to…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-50100
|
2026-06-17 00:40 |
2026-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2247
|
6.7 |
MEDIUM
Local
|
-
|
-
|
Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed with SYSTEM privileges.
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-50255
|
2026-06-17 00:40 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2248
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate …
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-28742
|
2026-06-17 00:37 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2249
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endp…
|
CWE-340
Generation of Predictable Numbers or Identifiers
|
CVE-2026-42932
|
2026-06-17 00:37 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2250
|
8.8 |
HIGH
Network
|
-
|
-
|
A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints vali…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42947
|
2026-06-17 00:37 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
