|
211
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function _sync_anthropic_entry_from_credentials_file of the file agent/credential_pool.py of the com…
New
|
CWE-287
Improper Authentication
|
CVE-2026-10548
|
2026-06-3 23:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212
|
7.8 |
HIGH
Local
|
google
|
android
|
In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch (bal) due to a logic error in the code. This could lead to local escalation of privilege with …
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-0077
|
2026-06-3 23:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213
|
7.8 |
HIGH
Local
|
google
|
android
|
In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed.…
New
|
CWE-89
SQL Injection
|
CVE-2026-0075
|
2026-06-3 23:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214
|
- |
|
-
|
-
|
An out-of-bounds read in the ext4_ext_binsearch_idx function in src/ext4_extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 files…
New
|
-
|
CVE-2025-70101
|
2026-06-3 23:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215
|
- |
|
-
|
-
|
A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 fi…
New
|
-
|
CVE-2025-70100
|
2026-06-3 23:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216
|
- |
|
-
|
-
|
SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using …
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2025-41259
|
2026-06-3 23:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217
|
7.8 |
HIGH
Local
|
google
|
android
|
In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a missing permission check. This c…
New
|
CWE-862
Missing Authorization
|
CVE-2025-26418
|
2026-06-3 23:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218
|
7.8 |
HIGH
Local
|
google
|
android
|
In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional exe…
New
|
CWE-284
Improper Access Control
|
CVE-2025-22426
|
2026-06-3 23:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219
|
4.3 |
MEDIUM
Network
|
-
|
-
|
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated use…
New
|
CWE-22
Path Traversal
|
CVE-2024-47273
|
2026-06-3 23:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220
|
4.1 |
MEDIUM
Network
|
-
|
-
|
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenti…
New
|
CWE-22
Path Traversal
|
CVE-2024-47263
|
2026-06-3 23:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
