|
3541
|
7.8 |
HIGH
Local
|
-
|
-
|
AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The on_supervision_call function in src/afb-supervision.c explicitl…
|
CWE-269
Improper Privilege Management
|
CVE-2026-37525
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3542
|
7.8 |
HIGH
Local
|
-
|
-
|
AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authenticatio…
|
CWE-284
Improper Access Control
|
CVE-2026-37526
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3543
|
9.8 |
CRITICAL
Network
|
-
|
-
|
AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename fu…
|
CWE-22
CWE-367
Path Traversal
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-37531
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3544
|
3.1 |
LOW
Network
|
google
|
chrome
|
Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted …
|
CWE-352
CWE-1021
Origin Validation Error
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2026-8022
|
2026-05-8 00:15 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3545
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Open CASCADE Technology (OCCT) V8_0_0_rc5 contains multiple vulnerabilities in its IGES and STEP file parsers that can be triggered by crafted IGES or STEP files. These issues include an out-of-bound…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42481
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3546
|
7.5 |
HIGH
Network
|
-
|
-
|
AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-37530
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3547
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Transport_Protocol_Data_Transfer,allows attackers to write to arb…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-37534
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3548
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers t…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-37541
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3549
|
8.8 |
HIGH
Network
|
-
|
-
|
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_pcap.cpp , the parser's phdr.len field is not properly validated, allowing remote attackers to cause a …
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-42468
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3550
|
8.6 |
HIGH
Network
|
-
|
-
|
Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_canswitch.cpp the parser does not properly validate a CANswitch DLC value, allowing remote attackers to…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-42469
|
2026-05-8 00:15 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
