|
3011
|
7.8 |
HIGH
Local
|
google
|
android
|
In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no a…
|
CWE-269
Improper Privilege Management
|
CVE-2026-0089
|
2026-06-4 01:59 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3012
|
7.8 |
HIGH
Local
|
google
|
android
|
In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with …
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-0088
|
2026-06-4 01:59 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3013
|
7.8 |
HIGH
Local
|
google
|
android
|
In approvalLevelForDomainInternal of DomainVerificationService.java, there is a possible way to hijack an arbitrary app link due to a logic error in the code. This could lead to local escalation of p…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-0087
|
2026-06-4 01:59 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3014
|
6.8 |
MEDIUM
Local
|
google
|
android
|
In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execu…
|
CWE-269
Improper Privilege Management
|
CVE-2026-0086
|
2026-06-4 01:58 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3015
|
6.5 |
MEDIUM
Network
|
google
|
android
|
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution priv…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-0080
|
2026-06-4 01:58 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3016
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to local denial of service with no additional executi…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-0079
|
2026-06-4 01:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3017
|
7.8 |
HIGH
Local
|
google
|
android
|
In setGlobalProxy of DevicePolicyManagerService.java, there is a possible desync in persistence due to improper input validation. This could lead to local escalation of privilege with no additional e…
|
CWE-20
Improper Input Validation
|
CVE-2026-0078
|
2026-06-4 01:57 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3018
|
9.8 |
CRITICAL
Network
|
gitlawb
|
openclaude
|
OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exposed as part of the BashToo…
|
CWE-284
CWE-306
Improper Access Control
Missing Authentication for Critical Function
|
CVE-2026-42074
|
2026-06-4 01:54 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3019
|
6.5 |
MEDIUM
Network
|
gitlawb
|
openclaude
|
OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP serv…
|
CWE-352
CWE-400
Origin Validation Error
Uncontrolled Resource Consumption
|
CVE-2026-42073
|
2026-06-4 01:54 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3020
|
5.4 |
MEDIUM
Network
|
shopify
|
react-router
|
React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP `Location` header value can permit Cros…
|
CWE-79
Cross-site Scripting
|
CVE-2026-33244
|
2026-06-4 01:54 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
