The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model…

A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the –allow-fs-read flag is used with a non-*…

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A…

In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps’ external private directories due to a path traversal error. This…

In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when…

In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution…

In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead…

In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due…

In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local…

In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to…