Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.8 HIGH
CVE-2026-0138 — Linux Kernel Out-of-Bounds Write leading to Local Privilege Escalation

In lwis_io_buffer_write of lwis_io_buffer.c, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed…

android | Memory Corruption
Jun 16, 2026 Jun 17, 2026
Jun 16, 2026
Jun 17, 2026
7.8 HIGH
CVE-2026-0137 — EdgeTPU Use-After-Free Local Privilege Escalation

In edgetpu_sync_fence_group_shutdown() of edgetpu-dmabuf.c, there is a possible elevation of privilege due to a use after free. This could lead to local escalation of privilege with System execution …

android | Memory Corruption
Jun 16, 2026 Jun 17, 2026
Jun 16, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-0136 — Modem Out-of-Bounds Read Denial-of-Service

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not nee…

android | Remote | Denial of Service
Jun 16, 2026 Jun 17, 2026
Jun 16, 2026
Jun 17, 2026
7.8 HIGH
CVE-2026-0135 — Modem Out-of-Bounds Read Leading to Remote Code Execution

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed…

android | Memory Corruption
Jun 16, 2026 Jun 17, 2026
Jun 16, 2026
Jun 17, 2026
3.3 LOW
CVE-2026-0134 — PostWipeData Local Data Persistence Vulnerability

In PostWipeData of recovery_ui.cpp, there is a possible data persistence issue after a factory reset due to a logic error in the code. This could lead to local information disclosure with no addition…

android | Information Disclosure
Jun 16, 2026 Jun 17, 2026
Jun 16, 2026
Jun 17, 2026
7.8 HIGH
CVE-2026-0133 — Android Runtime Privilege Escalation via smmu_attach_dev

In smmu_attach_dev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege …

android | Authorization
Jun 16, 2026 Jun 17, 2026
Jun 16, 2026
Jun 17, 2026
8.8 HIGH
CVE-2026-0132 — Modem Heap Out-of-Bounds Write Remote Code Execution

In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not neede…

android | Remote | Memory Corruption
Jun 16, 2026 Jun 17, 2026
Jun 16, 2026
Jun 17, 2026
7.3 HIGH
CVE-2026-0131 — RtpPacket Integer Overflow Leading to Local Privilege Escalation

In RtpPacket::decodePacket, there is a possible out of bounds access due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User …

android | Memory Corruption
Jun 16, 2026 Jun 17, 2026
Jun 16, 2026
Jun 17, 2026
3.5 LOW
CVE-2026-0130 — RtcpChunk Out-of-Bounds Read Information Disclosure

In RtcpChunk::decodeRtcpChunk, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. U…

android | Remote | Memory Corruption
Jun 16, 2026 Jun 17, 2026
Jun 16, 2026
Jun 17, 2026
3.5 LOW
CVE-2026-0129 — RtcpByePacket Remote Information Disclosure

In RtcpByePacket::decodeByePacket, there is a possible due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interactio…

android | Remote | Information Disclosure
Jun 16, 2026 Jun 17, 2026
Jun 16, 2026
Jun 17, 2026
6.5 MEDIUM
CVE-2026-0128 — RtcpFbPacket Remote Information Disclosure

In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed…

android | Remote | Information Disclosure
Jun 16, 2026 Jun 22, 2026
Jun 16, 2026
Jun 22, 2026
6.5 MEDIUM
CVE-2026-0127 — Nokia RNSM Out-of-Bounds Read Remote Denial-of-Service

In NrmmMsgCodec::DecodeUPUTransparentContext of cn_NrmmDecoder.cpp, there is a possible out-of-bounds read due to memory corruption. This could lead to remote denial of service causing a communicatio…

android | Remote | Memory Corruption
Jun 16, 2026 Jun 17, 2026
Jun 16, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-0126 — WC-Radio Out-of-Bounds Write Remote Code Execution

In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not ne…

android | Remote | Memory Corruption
Jun 16, 2026 Jun 24, 2026
Jun 16, 2026
Jun 24, 2026
7.0 HIGH
CVE-2026-0125 — Intel GPU Driver Use-After-Free Privilege Escalation

In multiple functions of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User…

android | Race Condition
Jun 16, 2026 Jun 17, 2026
Jun 16, 2026
Jun 17, 2026
8.1 HIGH
CVE-2026-53866 — OpenClaw < 2026.5.12 - Allowlist Bypass in Shell Inline-Command Parsing

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands. A command request using shell …

openclaw | Remote | Authentication
Jun 16, 2026 Jun 18, 2026
Jun 16, 2026
Jun 18, 2026
7.2 HIGH
CVE-2026-53865 — OpenClaw < 2026.5.2 - Arbitrary Command Execution via Workspace-Derived Service PATH

OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute …

openclaw | Path Traversal
Jun 16, 2026 Jun 18, 2026
Jun 16, 2026
Jun 18, 2026
8.1 HIGH
CVE-2026-53864 — OpenClaw < 2026.5.26 - Insufficient Environment Variable Sanitization in Node.js Control …

OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that allows Node.js control variables to bypass validation. Attackers with access to wo…

openclaw | Remote | Misconfiguration
Jun 16, 2026 Jun 18, 2026
Jun 16, 2026
Jun 18, 2026
7.1 HIGH
CVE-2026-53863 — OpenClaw < 2026.4.25 - Unvalidated Group ID Acceptance in Tool Group Policy

OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID to the policy resolver could t…

openclaw | Remote | Authorization
Jun 16, 2026 Jun 17, 2026
Jun 16, 2026
Jun 17, 2026
5.4 MEDIUM
CVE-2026-53862 — OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope Widening

OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap toke…

openclaw | Remote | Authentication
Jun 16, 2026 Jun 17, 2026
Jun 16, 2026
Jun 17, 2026
9.8 CRITICAL
CVE-2026-53861 — OpenClaw < 2026.5.6 - Allowlist Bypass via Combined POSIX Inline Flags on macOS

OpenClaw before 2026.5.6 contains an allowlist bypass vulnerability in the macOS Swift exec feature that misses combined POSIX inline-command flags. Attackers can execute shell content outside the in…

openclaw | Remote | Injection
Jun 16, 2026 Jun 18, 2026
Jun 16, 2026
Jun 18, 2026
Showing 20 of 7970 Results