Vuldb Updates

A vulnerability labeled as critical has been found in Google Android 14/15/16/16-qpr2. The affected element is the function bta_jv_rfcomm_connect of the file bta_jv_act.cc. Executing a manipulation can lead to Local Privilege Escalation. This vulnerability is handled as CVE-2026-0045. It is possible to launch the attack on the local host. There is not any exploit available.

A vulnerability marked as critical has been reported in Google Android 14/15/16/16-qpr2. The impacted element is an unknown function of the file WindowState.java. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2026-0048. Local access is required to approach this attack. No exploit exists.

A vulnerability classified as critical has been found in Google Android 14/15/16/16-qpr2. This vulnerability affects unknown code of the file ubsan_throwing_runtime.cpp. Performing a manipulation results in integer overflow. This vulnerability is identified as CVE-2026-0044. The attack can be initiated remotely. There is not any exploit available.

A vulnerability marked as critical has been reported in Google Android 14/15/16/16-qpr2. This issue affects some unknown processing of the file ubsan_throwing_runtime.cpp. Performing a manipulation results in denial of service. This vulnerability was named CVE-2026-0042. The attack needs to be approached locally. There is no available exploit.

A vulnerability identified as critical has been detected in Google Android 14/15/16/16-qpr2. Impacted is an unknown function of the file ubsan_throwing_runtime.cpp. Performing a manipulation results in integer overflow. This vulnerability is known as CVE-2026-0043. Attacking locally is a requirement. No exploit is available.

A vulnerability described as critical has been identified in Google Android 14/15/16/16-qpr2. This affects an unknown part of the file ubsan_throwing_runtime.cpp. Such manipulation leads to integer overflow. This vulnerability is referenced as CVE-2026-0041. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as critical has been found in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. The manipulation leads to improper authorization. This vulnerability is documented as CVE-2026-10693. The attack can be initiated remotely. Additionally, an exploit exists. Multiple endpoints are affected.

A vulnerability classified as critical was found in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. This vulnerability is reported as CVE-2026-10694. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability identified as critical has been detected in Google Android 14/15/16/16-qpr2. Affected is an unknown function of the file ubsan_throwing_runtime.cpp. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2026-0039. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability marked as critical has been reported in Google Android 14/15/16/16-qpr2. Affected by this issue is some unknown functionality of the file ubsan_throwing_runtime.cpp. This manipulation causes integer overflow. The identification of this vulnerability is CVE-2026-0040. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Google Android 15/16/16-qpr2. It has been rated as critical. This vulnerability affects unknown code of the file AccessibilityManagerService.java. This manipulation causes denial of service. This vulnerability appears as CVE-2026-0018. The attack requires local access. There is no available exploit.

A vulnerability categorized as critical has been discovered in Google Android 14/15/16/16-qpr2. This issue affects the function startAnimation of the file StageCoordinator.java. Such manipulation leads to Local Privilege Escalation. This vulnerability is traded as CVE-2026-0036. An attack has to be approached locally. There is no exploit available.

A vulnerability labeled as critical has been found in Google Android 16/16-qpr2. This vulnerability affects the function updateProvidersWhenServiceRemoved of the file CredentialManagerService.java. Such manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2026-0016. Local access is required to approach this attack. No exploit exists.

A vulnerability categorized as critical has been discovered in Seagate openSeaChest up to 25.05.3/26.03.0. This affects an unknown part of the component SCSI Handler. The manipulation results in out-of-bounds write. This vulnerability is known as CVE-2026-10717. Attacking locally is a requirement. No exploit is available.

A vulnerability identified as critical has been detected in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function execute_blender_code of the file /src/blender_mcp/server.py. This manipulation of the argument code causes code injection. This vulnerability is tracked as CVE-2026-10688. The attack is possible to be carried out remotely. Moreover, an exploit is present. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability categorized as problematic has been discovered in QloApps up to 1.7.0. Affected is the function Tools::encrypt of the file classes/Tools.php. Executing a manipulation can lead to password hash with insufficient computational effort. This vulnerability is handled as CVE-2026-25861. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability has been found in Seagate openSeaChest up to 26.03.0 and classified as critical. This affects an unknown function. This manipulation causes out-of-bounds write. This vulnerability is registered as CVE-2026-10718. The attack needs to be launched locally. No exploit is available.

A vulnerability marked as critical has been reported in Seagate SeaChest up to 25.05.3. Impacted is the function showSupportedFormats of the component NVMe Handler. Performing a manipulation results in out-of-bounds write. This vulnerability was named CVE-2026-10719. The attack needs to be approached locally. There is no available exploit.

A vulnerability labeled as critical has been found in Siemens SIMATIC HMI Comfort Outdoor Panels, SIMATIC HMI Comfort Panels, SIMATIC HMI KTP Mobile Panels and SIMATIC Wincc Runtime Advanced up to 16 Update 3. Impacted is an unknown function of the component Device Layout Handler. Executing a manipulation can lead to memory corruption. This vulnerability is tracked as CVE-2021-27386. The attack is only possible within the local network. No exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability marked as critical has been reported in Siemens SIMATIC Drive Controller, SIMATIC ET 200SP Open Controller CPU 1515SP PC, SIMATIC ET 200SP Open Controller CPU 1515SP PC2, SIMATIC S7-1200 CPU, SIMATIC S7-1500 CPU, SIMATIC S7-1500 Software Controller and SIMATIC S7-PLCSIM Advanced. The affected element is an unknown function of the component Service Port 102. Performing a manipulation results in memory corruption. This vulnerability is identified as CVE-2020-15782. The attack can be initiated remotely. There is not any exploit available. It is suggested to use restrictive firewalling.