|
331
|
7.8 |
HIGH
Local
|
-
|
-
|
In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no a…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-0089
|
2026-06-2 22:04 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
332
|
7.8 |
HIGH
Local
|
-
|
-
|
In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell user. This could lead to local escalation of privilege with no additional execut…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-0091
|
2026-06-2 22:04 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
333
|
7.8 |
HIGH
Local
|
-
|
-
|
In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n…
New
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-0093
|
2026-06-2 22:04 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
334
|
7.8 |
HIGH
Local
|
-
|
-
|
In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalat…
New
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-0094
|
2026-06-2 22:04 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
335
|
8.0 |
HIGH
Adjacent
|
-
|
-
|
In l2c_fcr_clone_buf of l2c_fcr.cc, there is a possible way to trigger controlled heap corruption within the privileged Bluetooth process due to an integer overflow. This could lead to local escalati…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-0095
|
2026-06-2 22:04 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
336
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get_build_status/get_build_log/trigger_bu…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-10276
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
337
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP G…
New
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-10277
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
338
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component read_file/write_file. Executing a manipulation of the argum…
New
|
CWE-22
Path Traversal
|
CVE-2026-10278
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
339
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/wezterm_executor.ts of the component switch_pane/write_to_specific_pan…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-10279
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
340
|
7.3 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of the component MCP API Call Endpoint. T…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-10280
|
2026-06-2 22:03 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
