In numberOfReportBlocks of RtpSession
Description
In numberOfReportBlocks of RtpSession
AI Analyst Comment
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Search and filter 17426 vulnerabilities with AI analyst insights
In numberOfReportBlocks of RtpSession
In numberOfReportBlocks of RtpSession
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode
In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode
---METADATA---
VENDOR: TextRtpPayloadDecoderNode (Software/Library)
PRODUCT: TextRtpPayloadDecoderNode
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
The DecodeT140 function in the TextRtpPayloadDecoderNode is vulnerable to memory corruption due to improper processing.
Executive Summary:
A high-severity memory corruption vulnerability in the TextRtpPayloadDecoderNode's DecodeT140 function poses a risk of unauthorized code execution.
Vulnerability Details
CVE-ID: CVE-2026-0160
Affected Software: TextRtpPayloadDecoderNode
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists in the DecodeT140 function of the TextRtpPayloadDecoderNode component. It is triggered during the processing of T.140 text-over-RTP packets, where improper handling leads to memory corruption.
Business Impact
Successful exploitation could allow an attacker to compromise the host system running the decoder, leading to unauthorized data access or service disruption. A CVSS score of 8.8 reflects the high risk, highlighting the need for immediate remediation to protect sensitive communication systems.
Remediation Plan
Immediate Action: Update the affected software containing the TextRtpPayloadDecoderNode to the latest patch level.
Proactive Monitoring: Monitor logs for crashes or memory-related exceptions within the text decoding service.
Compensating Controls: Use network security controls to inspect and sanitize RTP traffic, specifically looking for anomalous T.140 payload structures.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability is critical for environments utilizing T.140 over RTP. Organizations should prioritize updating the software components associated with the TextRtpPayloadDecoderNode to eliminate this memory corruption risk and prevent potential exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption
In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption
---METADATA---
VENDOR: Modem (Hardware/Firmware)
PRODUCT: Modem Firmware
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A memory corruption flaw in the Modem firmware allows for a device crash when processing a malicious SIP REFER request.
Executive Summary:
An attacker can trigger a denial-of-service condition on the modem by sending a specially crafted SIP REFER request that causes memory corruption.
Vulnerability Details
CVE-ID: CVE-2026-0154
Affected Software: Modem Firmware
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the Modem firmware's handling of SIP REFER requests. An attacker can trigger a crash through memory corruption, potentially leading to a denial-of-service or, in certain contexts, arbitrary code execution.
Business Impact
The ability to remotely crash modem hardware can lead to significant service outages and loss of communication capabilities. Given the CVSS score of 8.8, this vulnerability poses a high risk to business operations, particularly in environments where modem availability is critical for connectivity.
Remediation Plan
Immediate Action: Update modem firmware to the latest secure version provided by the manufacturer.
Proactive Monitoring: Monitor network traffic for malformed SIP requests and observe modem uptime logs for unexpected reboots or crashes.
Compensating Controls: Implement strict SIP traffic filtering at the network edge to block malformed or unauthorized REFER requests before they reach the modem.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
To prevent service disruption, it is essential to address this vulnerability by applying firmware updates as soon as they become available. Network administrators should also ensure that SIP traffic is properly filtered to reduce the exposure of the modem to potentially malicious requests.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In IntfGraphCreate of intfgraph
In IntfGraphCreate of intfgraph
---METADATA---
VENDOR: IntfGraph (Software/Library)
PRODUCT: intfgraph
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability in the IntfGraphCreate function within the intfgraph component may lead to critical memory corruption.
Executive Summary:
A high-severity memory corruption flaw in the IntfGraphCreate function could result in system instability or arbitrary code execution.
Vulnerability Details
CVE-ID: CVE-2026-0151
Affected Software: intfgraph
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability resides in the IntfGraphCreate function of the intfgraph component. Improper handling of input during graph creation allows for memory corruption, potentially allowing an attacker to overwrite critical memory structures.
Business Impact
The potential for memory corruption in a core functional component like intfgraph creates a high risk of complete system compromise. With a CVSS score of 8.8, this vulnerability represents a significant threat to the integrity and availability of the affected software, potentially leading to unauthorized system access.
Remediation Plan
Immediate Action: Apply security updates provided by the software vendor to address the memory handling errors in the IntfGraphCreate function.
Proactive Monitoring: Audit application logs for abnormal behavior during graph initialization and monitor for service crashes.
Compensating Controls: Utilize memory protection mechanisms, such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP), to increase the difficulty of exploitation.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability represents a critical risk to system integrity. Organizations should verify if their software stack utilizes the vulnerable intfgraph component and apply the necessary patches as soon as they are released by the vendor to mitigate this threat.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow
In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow
---METADATA---
VENDOR: Google
PRODUCT: WebRTC / RTP Implementation
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A heap-based buffer overflow in RtpSession::rtpSendRtcpPacket allows for an out-of-bounds write, potentially enabling remote code execution.
Executive Summary:
A critical out-of-bounds write vulnerability in the RTP session handling code presents a high risk of remote exploitation and system compromise.
Vulnerability Details
CVE-ID: CVE-2026-0149
Affected Software: Google WebRTC / RTP Implementation
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists in the rtpSendRtcpPacket function within the RTP session management component. Improper bounds checking during the preparation of RTCP packets results in a heap buffer overflow, which can be exploited to overwrite adjacent memory.
Business Impact
The CVSS score of 8.8 highlights the severity of this flaw, which could be exploited by an attacker to execute arbitrary code within the context of the application handling RTP/RTCP traffic. This could lead to a breach of sensitive data or complete control over the affected communication service.
Remediation Plan
Immediate Action: Update all applications and libraries utilizing the affected WebRTC/RTP implementation to the latest patched version.
Proactive Monitoring: Review network and application logs for malformed RTCP packets or unusual packet sizes that could signal an attempt to trigger the overflow.
Compensating Controls: Use network-based inspection tools to drop malformed RTCP packets and implement strict input validation at the application layer.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Communication platforms and software relying on this RTP implementation must be updated immediately. The technical nature of the exploit allows for remote triggers, making rapid patch deployment essential to prevent unauthorized access.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In multiple functions of VideoRtpPayloadDecoderNode
In multiple functions of VideoRtpPayloadDecoderNode
---METADATA---
VENDOR: VideoRtpPayloadDecoderNode (Vendor/Software)
PRODUCT: VideoRtpPayloadDecoderNode
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
Multiple functions within the VideoRtpPayloadDecoderNode component are susceptible to memory-related vulnerabilities.
Executive Summary:
Vulnerabilities in the VideoRtpPayloadDecoderNode component present a high risk of memory corruption and potential system compromise.
Vulnerability Details
CVE-ID: CVE-2026-0148
Affected Software: VideoRtpPayloadDecoderNode
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists within multiple functions of the VideoRtpPayloadDecoderNode, leading to memory corruption issues. This typically requires an attacker to send specially crafted RTP payloads to trigger the flaw during the decoding process.
Business Impact
Exploitation of this flaw could allow an attacker to disrupt video services or achieve arbitrary code execution on the host system. The CVSS score of 8.8 underscores the severity of this issue, necessitating urgent attention to prevent unauthorized access or service disruption in communication infrastructure.
Remediation Plan
Immediate Action: Update the affected video processing software to the latest version provided by the vendor to remediate the vulnerable decoder functions.
Proactive Monitoring: Review system logs for crashes or errors related to video stream processing which may indicate exploitation attempts.
Compensating Controls: Deploy deep packet inspection (DPI) or specialized firewalls capable of sanitizing RTP traffic before it reaches the decoder node.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Because this vulnerability targets critical media decoding components, it poses a significant threat to the stability and security of the host environment. It is highly recommended that affected software be patched immediately to address the underlying memory corruption issues in the decoding functions.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In __mfc_core_nal_q_get_dec_metadata_sei_nal of mfc_core_nal_q
In __mfc_core_nal_q_get_dec_metadata_sei_nal of mfc_core_nal_q
---METADATA---
VENDOR: Samsung
PRODUCT: MFC Core
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A memory-related vulnerability exists within the __mfc_core_nal_q_get_dec_metadata_sei_nal function of the MFC (Multi-Function Codec) core, potentially allowing for memory corruption.
Executive Summary:
A critical memory-handling vulnerability within the Samsung MFC core component poses a significant risk of arbitrary code execution or system instability.
Vulnerability Details
CVE-ID: CVE-2026-0147
Affected Software: Samsung MFC Core
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability resides in the __mfc_core_nal_q_get_dec_metadata_sei_nal function, which handles NAL (Network Abstraction Layer) unit metadata. The flaw likely involves improper memory management, which could be triggered by a malicious input stream.
Business Impact
Exploitation of this vulnerability could lead to a denial-of-service or arbitrary code execution with the privileges of the affected process. Given the CVSS score of 8.8, this represents a severe security risk that could compromise the integrity and availability of the underlying device or system.
Remediation Plan
Immediate Action: Apply the latest firmware or security patches provided by the device manufacturer as soon as they become available.
Proactive Monitoring: Monitor system logs for unexpected crashes or service restarts that may indicate attempted exploitation of the MFC core.
Compensating Controls: Restrict access to untrusted media files and utilize sandboxing technologies to isolate the media processing components where possible.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability impacts core media processing functionality. Organizations should prioritize firmware updates for all affected mobile or embedded hardware to prevent potential exploitation of this memory corruption flaw.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In mfc_core_get_dec_metadata_sei_nal of mfc_core_reg_api
In mfc_core_get_dec_metadata_sei_nal of mfc_core_reg_api
---METADATA---
VENDOR: Samsung
PRODUCT: MFC Core (Multi-Format Codec)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A memory-related vulnerability exists within the mfc_core_get_dec_metadata_sei_nal function of the Samsung MFC core, potentially allowing for system-level impact.
Executive Summary:
An unauthenticated attacker may exploit a memory-handling vulnerability in the Samsung MFC core to trigger a crash or potentially execute arbitrary code.
Vulnerability Details
CVE-ID: CVE-2026-0146
Affected Software: Samsung MFC Core (Multi-Format Codec)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This is a memory-related vulnerability located in the mfc_core_get_dec_metadata_sei_nal function of the mfc_core_reg_api. It involves improper handling of SEI (Supplemental Enhancement Information) NAL units during video decoding processes.
Business Impact
With a CVSS score of 8.8, this vulnerability poses a severe risk to mobile and embedded devices utilizing the Samsung MFC codec. Exploitation could lead to unauthorized code execution, system crashes, or data compromise, particularly in environments where video processing is a primary attack vector.
Remediation Plan
Immediate Action: Update all affected firmware and software components to the latest version released by the device manufacturer or vendor.
Proactive Monitoring: Monitor system logs for frequent crashes or unusual reboots of the media processing subsystem.
Compensating Controls: Avoid processing untrusted or malformed media files from unknown sources, and ensure that the device's security patches are fully up to date.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability represents a significant risk to device security. Users and administrators must verify that their devices receive the latest manufacturer updates to mitigate the risk of malicious media-based exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In Modem, there is a possible out of bounds write due to a missing bounds check
In Modem, there is a possible out of bounds write due to a missing bounds check
---METADATA---
VENDOR: Modem (Hardware/Firmware)
PRODUCT: Modem Firmware
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A missing bounds check in the Modem firmware leads to a potential out-of-bounds write vulnerability.
Executive Summary:
An out-of-bounds write vulnerability in the Modem firmware poses a significant risk of memory corruption and potential arbitrary code execution.
Vulnerability Details
CVE-ID: CVE-2026-0139
Affected Software: Modem Firmware
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is an out-of-bounds write occurring due to a failure to validate input bounds within the Modem firmware. The attack vector typically requires interaction with the affected hardware interface, though specific authentication requirements depend on the vendor's implementation.
Business Impact
Successful exploitation of this vulnerability could lead to system instability, unauthorized code execution, or complete device compromise. With a CVSS score of 8.8, this flaw is categorized as High severity, indicating a high potential for impacting the confidentiality, integrity, and availability of the affected system.
Remediation Plan
Immediate Action: Identify all affected hardware devices and apply the manufacturer-provided firmware update as soon as it becomes available.
Proactive Monitoring: Monitor device logs for unusual hardware resets, performance degradation, or unexpected modem state changes.
Compensating Controls: Ensure device access is restricted through network-level segmentation to limit the attack surface available to unauthorized actors.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the High severity of this memory corruption vulnerability, it is imperative that organizations prioritize the identification of impacted modem hardware. Administrators should remain vigilant for vendor-issued patches and apply them immediately upon release to mitigate the risk of remote code execution.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In Modem, there is a possible out of bounds write due to a heap buffer overflow
In Modem, there is a possible out of bounds write due to a heap buffer overflow
---METADATA---
VENDOR: Qualcomm
PRODUCT: Modem Firmware
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A heap-based buffer overflow vulnerability in the modem firmware allows for a possible out-of-bounds write, potentially leading to code execution.
Executive Summary:
A critical heap buffer overflow vulnerability in Qualcomm modem firmware creates a high risk of remote code execution or device compromise.
Vulnerability Details
CVE-ID: CVE-2026-0132
Affected Software: Qualcomm Modem Firmware
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is located within the modem's memory management logic, specifically involving an out-of-bounds write during heap operations. This flaw can be triggered by processing malformed data, leading to memory corruption.
Business Impact
A CVSS score of 8.8 indicates high potential for severe impact, including the ability for an attacker to gain control over the modem processor. Compromise of the modem firmware can allow for persistent access, interception of communications, and total device takeover, bypassing many standard OS-level security protections.
Remediation Plan
Immediate Action: Update modem firmware to the latest version provided by the device manufacturer or service provider.
Proactive Monitoring: Monitor for unusual device behavior, such as unexplained radio resets or communication failures.
Compensating Controls: Minimize exposure by disabling unnecessary cellular features and ensuring that security patches are applied to all layers of the device stack.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Modem vulnerabilities are exceptionally dangerous due to their low-level access. Organizations must ensure that all devices receive the necessary firmware updates from their vendors to remediate this heap overflow risk immediately.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In EfwApTransport::ProcessRxRing of efw_ap_transport
In EfwApTransport::ProcessRxRing of efw_ap_transport
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In multiple places, there is a possible out of bounds write due to memory corruption
In multiple places, there is a possible out of bounds write due to memory corruption
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In oobconfig, there is a possible bypass of carrier restrictions due to a logic error
In oobconfig, there is a possible bypass of carrier restrictions due to a logic error
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In mfc_dec_dqbuf of mfc_dec_v4l2
In mfc_dec_dqbuf of mfc_dec_v4l2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr
In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A missing bounds check in the vpu_mmap function of the VPU driver allows for arbitrary address mapping. This facilitates local escalation of privilege...
A missing bounds check in the vpu_mmap function of the VPU driver allows for arbitrary address mapping. This facilitates local escalation of privilege without requiring user interaction.
---METADATA---
VENDOR: Linux/Android
PRODUCT: VPU Driver
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
A missing bounds check in the vpu_mmap function of the VPU driver allows for arbitrary address mapping. This facilitates local escalation of privilege without requiring user interaction.
Executive Summary:
A critical flaw in the VPU driver's memory mapping function allows local attackers to achieve arbitrary memory access and escalate privileges to the kernel level.
Vulnerability Details
CVE-ID: CVE-2026-0106
Affected Software: Linux/Android VPU Driver
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists in the vpu_mmap function within vpu_ioctl due to a missing bounds check on memory offsets. This allows a local, authenticated user to perform an arbitrary address mmap, leading to local escalation of privilege without needing additional execution rights or user interaction.
Business Impact
This vulnerability presents a significant risk to device integrity, especially in mobile and embedded environments. An attacker with local access—potentially gained through a malicious application—could bypass system security to gain root or kernel-level control. The CVSS score of 9.3 highlights the high severity of losing control over the underlying operating system.
Remediation Plan
Immediate Action: Apply the latest kernel security updates or firmware patches provided by the device manufacturer or OS maintainer immediately.
Proactive Monitoring: Monitor system logs for unusual IOCTL calls or unexpected memory mapping requests originating from non-privileged applications.
Compensating Controls: Utilize SELinux or AppArmor profiles to restrict access to device drivers and IOCTL interfaces for untrusted applications.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Feb 5, 2026, there is no public information indicating active exploitation of this vulnerability. However, memory corruption flaws in drivers are frequent targets for high-end exploit chains.
Analyst Recommendation
Given the ability to escalate to kernel privileges without user interaction, this vulnerability is a high-priority target for remediation. Organizations should prioritize patching mobile fleets and embedded systems that utilize these VPU drivers. Immediate deployment of the vendor's updated kernel or firmware is the only reliable mitigation.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
In adbd_tls_verify_cert of auth
In adbd_tls_verify_cert of auth
---METADATA---
VENDOR: Android Open Source Project (AOSP)
PRODUCT: adbd (Android Debug Bridge Daemon)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability in the adbd_tls_verify_cert function of the Android Debug Bridge Daemon (adbd) affects certificate verification.
Executive Summary:
A high-severity flaw in the Android Debug Bridge Daemon (adbd) certificate verification process could allow for man-in-the-middle attacks.
Vulnerability Details
CVE-ID: CVE-2026-0073
Affected Software: Android Debug Bridge Daemon (adbd)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The issue exists within the adbd_tls_verify_cert function, which is responsible for validating TLS certificates during authentication. Improper validation could allow an attacker to bypass security checks during an ADB connection.
Business Impact
With a CVSS score of 8.8, this vulnerability poses a High risk. Successful exploitation could allow an attacker to intercept or manipulate communications between the host and the Android device, leading to unauthorized command execution or data exfiltration.
Remediation Plan
Immediate Action: Update the affected device firmware or platform components to the version containing the security patch for the adbd service.
Proactive Monitoring: Monitor for unexpected ADB connections or unauthorized authentication attempts within the development or production environment.
Compensating Controls: Disable ADB over network (TCP/IP) when not explicitly required for development or debugging purposes.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 6, 2026, there is no public information indicating active exploitation of this vulnerability. However, flaws in authentication and encryption protocols are high-priority targets.
Analyst Recommendation
Given the sensitivity of the ADB interface, organizations should enforce strict access controls. Applying the vendor-provided security update is essential to ensure the integrity of the TLS verification process and protect device communications.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In dumpBitmapsProto of ActivityManagerService
In dumpBitmapsProto of ActivityManagerService
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In multiple functions of mem_protect
In multiple functions of mem_protect
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In multiple functions of ffa
In multiple functions of ffa
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In createRequest of MediaProvider
In createRequest of MediaProvider
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In setPackageOrComponentEnabled of ManagedServices
In setPackageOrComponentEnabled of ManagedServices
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In multiple functions of mem_protect
In multiple functions of mem_protect
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In multiple functions of mem_protect
In multiple functions of mem_protect
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In __host_check_page_state_range of mem_protect
In __host_check_page_state_range of mem_protect
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In __pkvm_init_vm of pkvm
In __pkvm_init_vm of pkvm
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In __pkvm_host_share_guest of mem_protect
In __pkvm_host_share_guest of mem_protect
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In removePermission of PermissionManagerServiceImpl
In removePermission of PermissionManagerServiceImpl
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In hasImage of Notification
In hasImage of Notification
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In createSessionInternal of PackageInstallerService
In createSessionInternal of PackageInstallerService
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In hasInteractAcrossUsersFullPermission of AppInfoBase
In hasInteractAcrossUsersFullPermission of AppInfoBase
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In parsePermissionGroup of ParsedPermissionUtils
In parsePermissionGroup of ParsedPermissionUtils
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In onChange of BiometricService
In onChange of BiometricService
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In setupLayout of PickActivity
In setupLayout of PickActivity
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In enableSystemPackageLPw of Settings
In enableSystemPackageLPw of Settings
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In onTransact of IDrmManagerService
In onTransact of IDrmManagerService
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In multiple locations, there is a possible privilege escalation due to a confused deputy
In multiple locations, there is a possible privilege escalation due to a confused deputy
Update to patched version immediately. Review user permissions and access controls.
In writeToParcel of WindowInfo
In writeToParcel of WindowInfo
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A heap buffer overflow in multiple system locations allows for unauthenticated remote code execution without user interaction, representing a severe r...
A heap buffer overflow in multiple system locations allows for unauthenticated remote code execution without user interaction, representing a severe risk to affected devices.
---METADATA---
VENDOR: Unknown
PRODUCT: Undisclosed System Component
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
A heap buffer overflow in multiple system locations allows for unauthenticated remote code execution without user interaction, representing a severe risk to affected devices.
Executive Summary:
A critical heap buffer overflow in an undisclosed system component allows for unauthenticated remote code execution without any user interaction required.
Vulnerability Details
CVE-ID: CVE-2026-0006
Affected Software: The affected software (Vendor Unknown)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability involves an out-of-bounds read and write condition caused by a heap buffer overflow. It can be triggered remotely by an unauthenticated attacker and does not require any execution privileges or user interaction (zero-click).
Business Impact
Successful exploitation allows an attacker to gain full control over the affected device or system remotely. Given the CVSS score of 9.8 and the "zero-click" nature of the flaw, the risk to organizational infrastructure is extreme, potentially leading to widespread system compromise and data theft.
Remediation Plan
Immediate Action: Apply the latest security patches provided by the vendor immediately, as this vulnerability targets core system memory management.
Proactive Monitoring: Utilize Endpoint Detection and Response (EDR) tools to monitor for unusual memory allocation patterns or crashes in system-level processes.
Compensating Controls: Implement strict network segmentation and utilize intrusion prevention systems (IPS) to detect and block malformed traffic targeting system services.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Mar 2, 2026, there is no public information indicating active exploitation of this vulnerability. The lack of required user interaction makes this an exceptionally dangerous flaw for automated exploitation.
Analyst Recommendation
Due to the critical nature of heap overflows and the potential for zero-click remote code execution, this vulnerability must be remediated with the highest urgency. Organizations should identify all affected assets and apply vendor-supplied patches without delay.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
The Amp’ed RF BT-AP 111 Bluetooth access point's HTTP admin interface does not have an authentication feature, allowing unauthorized access to anyone...
The Amp’ed RF BT-AP 111 Bluetooth access point's HTTP admin interface does not have an authentication feature, allowing unauthorized access to anyone with network access.
---METADATA---
VENDOR: Amp’ed RF
PRODUCT: BT-AP 111
AFFECTED_VERSIONS: See vendor advisory
CONFIDENCE: medium
MISSING: versions, patch, exploit_status, technical_details
---END_METADATA---
Description Summary:
The Amp’ed RF BT-AP 111 Bluetooth access point features an HTTP admin interface that lacks authentication, permitting unauthorized access to any user on the network.
Executive Summary:
The Amp’ed RF BT-AP 111 Bluetooth access point is vulnerable to unauthorized administrative access due to a complete lack of authentication on its HTTP management interface.
Vulnerability Details
CVE-ID: CVE-2025-9994
Affected Software: Amp’ed RF BT-AP 111
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This is an authentication bypass vulnerability. The HTTP admin interface fails to verify user credentials, allowing any attacker with network connectivity to the device to access administrative functions.
Business Impact
The lack of authentication on an administrative interface provides an attacker with full control over the access point's configuration. With a CVSS score of 9.8, this flaw could allow an attacker to intercept traffic, modify network settings, or pivot into internal networks, leading to severe data compromise and unauthorized access.
Remediation Plan
Immediate Action: Update the device firmware to the latest available version provided by Amp’ed RF.
Proactive Monitoring: Review network traffic logs for unauthorized access attempts to the device’s administrative web interface.
Compensating Controls: Isolate the management interface of the BT-AP 111 on a dedicated, restricted VLAN and ensure it is not accessible from the public internet or untrusted internal network segments.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Sep 9, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability is highly critical due to its simplicity and the high level of access granted to an attacker. Administrators must ensure that management interfaces are not exposed and that the device is updated immediately upon the release of a security patch.
Update The Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
The Bei Fen – WordPress Backup Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1
The Bei Fen – WordPress Backup Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1
Executive Summary:
A high-severity Local File Inclusion (LFI) vulnerability has been discovered in the "Bei Fen – WordPress Backup Plugin" for WordPress. This flaw allows an unauthenticated attacker to read sensitive files from the server hosting the website, such as configuration files containing database credentials. Successful exploitation could lead to a complete compromise of the affected website and its underlying server.
Vulnerability Details
CVE-ID: CVE-2025-9993
Affected Software: WordPress "Bei Fen – WordPress Backup Plugin"
Affected Versions: All versions up to, and including, version 1.
Vulnerability: The vulnerability is a Local File Inclusion (LFI) flaw. It exists because the plugin fails to properly sanitize user-supplied input that is used to construct a file path. An unauthenticated attacker can manipulate this input, often a URL parameter, with directory traversal sequences (e.g., ../) to navigate the server's file system and force the application to include and display the contents of arbitrary files. This can expose sensitive information, such as the wp-config.php file, which contains database credentials, or system files like /etc/passwd.
Business Impact
This is a high-severity vulnerability with a CVSS score of 8.1, posing a significant risk to the organization. Exploitation can lead to a severe data breach, exposing confidential information including database credentials, API keys, and internal server configurations. An attacker could leverage this information to gain further unauthorized access, escalate privileges, and achieve a full system compromise. The potential consequences include theft of sensitive data, website defacement, operational disruption, and significant reputational damage.
Remediation Plan
Immediate Action:
Proactive Monitoring:
../, ..%2F, or attempts to access sensitive files like wp-config.php, .env, or /etc/passwd.Compensating Controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes:
As of September 30, 2025, there are no known public proof-of-concept exploits specifically for this CVE. However, Local File Inclusion is a well-understood vulnerability class, and attackers can easily craft custom exploits. Due to the simplicity of exploitation, organizations should assume this vulnerability will be actively targeted by threat actors in the near future.
Analyst Recommendation
Given the high severity (CVSS 8.1) and the potential for complete system compromise, this vulnerability requires immediate attention. We strongly recommend organizations identify all instances of the "Bei Fen – WordPress Backup Plugin" within their environment and apply the vendor-supplied patches without delay. Although this CVE is not currently on the CISA KEV list, its critical nature makes it a high-priority target for remediation. If patching is not immediately feasible, implement the suggested compensating controls, such as a WAF, to mitigate the immediate risk.
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
The Tiny Bootstrap Elements Light plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4
The Tiny Bootstrap Elements Light plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4
Executive Summary:
A high-severity vulnerability has been identified in the Tiny Bootstrap Elements Light plugin for WordPress, which could allow an unauthenticated attacker to access sensitive files on the web server. Successful exploitation could lead to the disclosure of confidential information, such as database credentials, potentially resulting in a full compromise of the website and its underlying server. Organizations using this plugin are urged to apply the recommended remediation actions immediately to mitigate the risk.
Vulnerability Details
CVE-ID: CVE-2025-9991
Affected Software: WordPress Tiny Bootstrap Elements Light plugin
Affected Versions: All versions up to, and including, 4
Vulnerability: The vulnerability is a Local File Inclusion (LFI). This flaw exists because the plugin does not properly sanitize user-supplied input when including files. An unauthenticated remote attacker can exploit this by crafting a special request that tricks the application into including and displaying the contents of arbitrary files from the local server, such as wp-config.php (containing database credentials) or system files like /etc/passwd.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 8.1. Exploitation could lead to significant business consequences, including the theft of sensitive data, customer information, or intellectual property stored on the server. The exposure of configuration files could provide an attacker with credentials needed to gain deeper access to the organization's infrastructure, leading to a complete system compromise, reputational damage, and potential regulatory fines for data breaches.
Remediation Plan
Immediate Action: Immediately update the "Tiny Bootstrap Elements Light" plugin to the latest version available (greater than version 4). If the plugin is not essential for business operations, the recommended course of action is to deactivate and remove it entirely to eliminate the attack surface.
Proactive Monitoring: Monitor web server access logs for suspicious requests containing directory traversal patterns (e.g., ../, ..%2f) or attempts to access sensitive files like wp-config.php, .env, /etc/passwd, or /proc/self/environ. Implement file integrity monitoring to detect unauthorized changes to WordPress core files and plugins.
Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to detect and block LFI attack patterns. Additionally, enforce strict file system permissions to ensure the web server user account cannot read sensitive files outside of its designated directories.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 30, 2025, there are no known public proof-of-concept exploits or active exploitation campaigns targeting this vulnerability. However, LFI vulnerabilities in popular WordPress plugins are common targets for automated scanning and opportunistic attacks shortly after disclosure.
Analyst Recommendation
Given the high severity (CVSS 8.1) and the potential for complete server compromise, it is strongly recommended that organizations identify all WordPress sites using the "Tiny Bootstrap Elements Light" plugin and apply the vendor-supplied patch immediately. Although this vulnerability is not currently on the CISA KEV list and no public exploits are available, the simplicity of exploiting LFI flaws means that threat actors are likely to develop exploits quickly. Prioritize patching this vulnerability to prevent data exposure and system compromise.
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
The WordPress Helpdesk Integration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5
The WordPress Helpdesk Integration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5
Executive Summary:
A high-severity vulnerability has been identified in the WordPress Helpdesk Integration plugin, affecting all versions up to and including 5. This flaw, known as Local File Inclusion (LFI), could allow an unauthenticated attacker to access and read sensitive files on the web server, potentially exposing confidential data such as database credentials and system configurations. Successful exploitation could lead to further system compromise.
Vulnerability Details
CVE-ID: CVE-2025-9990
Affected Software: WordPress Helpdesk Integration plugin
Affected Versions: All versions up to, and including, 5
Vulnerability: The WordPress Helpdesk Integration plugin fails to properly validate and sanitize user-supplied input when referencing file paths. An attacker can exploit this by manipulating a parameter in a request to include directory traversal sequences (e.g., ../). This allows the attacker to force the application to read and display the contents of arbitrary files on the local server, such as wp-config.php (containing database credentials), /etc/passwd, or other sensitive system and application files that are readable by the web server user.
Business Impact
This vulnerability presents a significant risk to the organization, reflected by its High severity rating with a CVSS score of 8.1. Exploitation can lead to the direct exposure of highly sensitive information, including database credentials, API keys, and internal server configurations. This data breach could result in financial loss, reputational damage, and regulatory penalties. Furthermore, the information gained from this vulnerability could be used as a stepping stone for more complex attacks, potentially leading to a full server compromise and Remote Code Execution (RCE).
Remediation Plan
Immediate Action: Administrators should immediately update the WordPress Helpdesk Integration plugin to the latest version available (a version greater than 5). If the plugin is no longer required for business operations, it should be deactivated and completely removed from the WordPress installation to eliminate the attack surface.
Proactive Monitoring: Monitor web server access logs for suspicious requests targeting the Helpdesk Integration plugin. Specifically, search for URL patterns containing directory traversal sequences like ../, ..%2f, or ..\. Implement file integrity monitoring on critical files like wp-config.php to detect any unauthorized read attempts.
Compensating Controls: If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with rules designed to detect and block LFI and directory traversal attempts. Additionally, enforce strict file system permissions to ensure the web server process has minimal read access to files outside of the web root directory, limiting the impact of a potential breach.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 5, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, LFI vulnerabilities in WordPress plugins are a common target for threat actors, and it is highly probable that proof-of-concept exploits will be developed and released publicly in the near future.
Analyst Recommendation
Given the high CVSS score of 8.1 and the potential for sensitive data exposure, it is strongly recommended that organizations prioritize patching this vulnerability immediately. While this CVE is not currently listed on the CISA KEV list, its severity and the ease of exploitation make it an attractive target for attackers. All instances of the WordPress Helpdesk Integration plugin version 5 and below should be considered compromised until patched and thoroughly investigated.
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPER...
An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could allow an attacker to execute ar...
Executive Summary:
A critical OS Command Injection vulnerability has been identified in the Station Launcher App of the 3DEXPERIENCE platform. This flaw allows an attacker to execute arbitrary commands on the underlying operating system, potentially leading to a complete system compromise, data theft, or operational disruption.
Vulnerability Details
CVE-ID: CVE-2025-9976
Affected Software: Station Launcher App in 3DEXPERIENCE platform
Affected Versions: Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
Vulnerability: The Station Launcher App fails to properly sanitize user-supplied input before passing it to a system shell for execution. An attacker can exploit this by crafting a malicious input string containing operating system commands. When the application processes this input, the embedded commands are executed with the privileges of the application, allowing the attacker to take control of the affected system.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9. Successful exploitation could lead to a complete compromise of the server hosting the 3DEXPERIENCE platform. The potential consequences include the theft of sensitive intellectual property and proprietary design data, installation of ransomware, disruption of critical business operations, and using the compromised system as a foothold to launch further attacks within the corporate network.
Remediation Plan
Immediate Action: Update the affected 3DEXPERIENCE platform components, specifically the Station Launcher App, to the latest version as recommended by the vendor. After patching, monitor for any signs of exploitation attempts by reviewing application and system access logs for anomalous activity.
Proactive Monitoring: Implement enhanced logging and monitoring on affected systems. Look for suspicious child processes spawned by the Station Launcher App, unexpected command-line arguments in system logs (containing characters like ;, |, &&), and unusual outbound network connections from the host server.
Compensating Controls: If immediate patching is not feasible, consider implementing a Web Application Firewall (WAF) with rules designed to block common command injection patterns. Additionally, enforce network segmentation to limit the compromised system's ability to communicate with other critical assets and ensure the application is running with the lowest possible user privileges.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Oct 13, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. However, due to the high severity and the nature of the flaw, proof-of-concept exploits are likely to be developed by security researchers or threat actors.
Analyst Recommendation
Given the critical CVSS score of 9 and the potential for complete system compromise, organizations are strongly advised to prioritize the immediate patching of this vulnerability. The risk of intellectual property theft and significant business disruption is high. While there is no current evidence of active exploitation, the severity of this flaw makes it an attractive target, and organizations should act proactively to mitigate this threat before it is exploited in the wild.
Update An OS Command Injection vulnerability affecting Station Launcher App in Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-le...
The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution
---METADATA---
VENDOR: ONT/Beacon
PRODUCT: Unified WEBUI
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
An input handling flaw in the ONT/Beacon Unified WEBUI allows authenticated users to execute unintended system-level commands.
Executive Summary:
The Unified WEBUI application on ONT/Beacon devices is vulnerable to authenticated command execution, posing a significant risk to network infrastructure integrity.
Vulnerability Details
CVE-ID: CVE-2025-9974
Affected Software: ONT/Beacon Unified WEBUI
Affected Versions: See vendor advisory for affected versions
Vulnerability: The vulnerability exists due to improper validation of user-supplied input within the WEBUI management interface. An authenticated attacker can leverage this flaw to trigger system-level command execution on the underlying operating system of the device.
Business Impact
The impact of this vulnerability is severe, as reflected by its CVSS score of 8.8. An attacker with valid credentials could gain full control over the ONT/Beacon device, leading to unauthorized network configuration changes, data interception, or a complete denial of service for connected clients. For service providers, this could result in significant operational disruption and a loss of customer trust.
Remediation Plan
Immediate Action: Update the device firmware to the latest version provided by the manufacturer to patch the input handling logic.
Proactive Monitoring: Audit management logs for the WEBUI to identify any unusual command execution patterns or unauthorized administrative logins.
Compensating Controls: Limit access to the WEBUI management interface to a dedicated management VLAN and enforce strong multi-factor authentication for all administrative accounts.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 3, 2026, there is no public information indicating active exploitation of this vulnerability. However, command injection flaws in network equipment are frequently targeted once discovered.
Analyst Recommendation
This vulnerability represents a critical risk to the management plane of networking hardware. Security teams must ensure that all ONT/Beacon devices are updated immediately. Furthermore, the principle of least privilege should be applied to all WEBUI accounts to minimize the potential attack surface.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The N-Reporter, N-Cloud, and N-Probe developed by N-Partner has an OS Command Injection vulnerability, allowing authenticated remote attackers to inje...
The N-Reporter, N-Cloud, and N-Probe developed by N-Partner has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the s...
Executive Summary:
A critical OS Command Injection vulnerability has been discovered in N-Partner's N-Reporter, N-Cloud, and N-Probe products. This flaw allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system, which can lead to a complete system compromise, data theft, and further network intrusion.
Vulnerability Details
CVE-ID: CVE-2025-9972
Affected Software: N-Partner N-Reporter, N-Cloud, and N-Probe
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is an OS Command Injection flaw. It exists because the application fails to properly sanitize or validate user-supplied input before passing it to a system shell for execution. An authenticated attacker can exploit this by crafting a request containing malicious OS commands, which are then executed with the privileges of the application's service account, potentially leading to a full system takeover.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could result in the complete compromise of the affected N-Partner appliances, granting an attacker full control over the system. Potential consequences include unauthorized access to sensitive network monitoring data, data exfiltration, lateral movement into the broader corporate network, deployment of ransomware, and a complete loss of network visibility and reporting capabilities, severely impacting security and operational oversight.
Remediation Plan
Immediate Action: Organizations must immediately update all affected N-Partner N-Reporter, N-Cloud, and N-Probe instances to the latest patched version as recommended by the vendor. After patching, review system and application access logs for any signs of compromise that may have occurred prior to remediation.
Proactive Monitoring: Security teams should actively monitor for signs of exploitation. This includes looking for unusual process execution chains originating from the N-Partner application's user account in system logs, unexpected outbound network connections from the affected servers, and web access logs showing requests with special characters or command syntax (e.g., ;, |, &&, $(...)).
Compensating Controls: If immediate patching is not feasible, apply temporary mitigating controls. Restrict network access to the management interfaces of the affected products to a minimal set of trusted IP addresses using a firewall. If possible, deploy a Web Application Firewall (WAF) with rules designed to detect and block common OS command injection attack patterns.
Exploitation Status
Public Exploit Available: False (as of Sep 17, 2025)
Analyst Notes: As of September 17, 2025, there is no known public exploit code available for this vulnerability. However, OS Command Injection vulnerabilities are often straightforward to exploit once the injection point is identified. Threat actors are likely to develop exploits rapidly for high-impact vulnerabilities such as this one.
Analyst Recommendation
Given the critical CVSS score of 9.8, this vulnerability poses an immediate and severe risk to the organization. We strongly recommend that all affected N-Partner products be patched immediately, prioritizing internet-facing systems. Although this CVE is not currently on the CISA KEV list, its high severity warrants urgent attention. Organizations should assume it will be actively exploited and take proactive steps to remediate and monitor for any related malicious activity.
Update The Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated rem...
Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to manipulate the device via a speci...
Executive Summary:
A critical vulnerability has been identified in certain models of Planet Technology's Industrial Cellular Gateways. This flaw, resulting from missing authentication, allows a remote, unauthenticated attacker to gain complete control over an affected device, potentially leading to significant operational disruption, data interception, and unauthorized access to protected industrial networks.
Vulnerability Details
CVE-ID: CVE-2025-9971
Affected Software: Certain models of Industrial Cellular Gateway developed by Planet Technology
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists because a critical function or interface on the device does not require any form of authentication. An unauthenticated attacker on the network can send a specially crafted request to this unprotected interface to execute commands, modify the device's configuration, or otherwise manipulate its behavior. This complete lack of an authentication check allows for trivial exploitation and can lead to a full compromise of the gateway.
Business Impact
This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could have a severe impact on business operations. An attacker gaining control of an industrial gateway could disrupt critical infrastructure, intercept sensitive operational or corporate data passing through the device, pivot into the broader operational technology (OT) or corporate network, or manipulate connected industrial control systems. This poses a significant risk to operational continuity, data confidentiality, system integrity, and potentially the safety of industrial processes.
Remediation Plan
Immediate Action: Immediately apply the security updates provided by Planet Technology to all affected Industrial Cellular Gateway models to remediate this vulnerability. After patching, review device access logs and network traffic for any signs of compromise or unauthorized manipulation that may have occurred prior to the update.
Proactive Monitoring: Implement enhanced monitoring for all affected gateways. Specifically, monitor for unusual inbound connection attempts to the device's management interfaces from untrusted IP addresses, unexpected configuration changes, unexplained reboots, or anomalous outbound traffic originating from the gateway itself.
Compensating Controls: If immediate patching is not feasible, implement the following compensating controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of September 17, 2025, there is no known public proof-of-concept exploit code, and the vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. However, vulnerabilities involving missing authentication are typically easy to exploit. Given the critical 9.8 CVSS score, it is highly probable that threat actors will rapidly develop and deploy exploits targeting these devices.
Analyst Recommendation
Due to the critical severity of this vulnerability and its potential for severe operational impact, it is strongly recommended that organizations prioritize the immediate patching of all affected Planet Technology Industrial Cellular Gateways. Although this CVE is not yet on the CISA KEV list, the simplicity of exploitation warrants treating it with the highest urgency. If patching cannot be performed immediately, the compensating controls outlined above must be implemented without delay to reduce the attack surface and mitigate risk.
Update Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig
Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vizly Web Design Real Estate Packages all...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vizly Web Design Real Estate Packages allows Content Spoofing, CAPEC - 593 - Session Hijacking, CAPEC - 591 - Reflected XSS
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Android (or related Telephony Framework)
PRODUCT: RtpSession
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A memory safety vulnerability exists in the RtpSession component of the Android telephony stack, specifically within the numberOfReportBlocks function.
Executive Summary:
An out-of-bounds memory access vulnerability in the RtpSession component poses a significant risk of arbitrary code execution or system instability.
Vulnerability Details
CVE-ID: CVE-2026-0161
Affected Software: Android Telephony Framework
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists within the
numberOfReportBlocksfunction of theRtpSessionmodule. It involves improper handling of session data, which could allow an attacker to trigger memory corruption. The authentication requirement is currently indeterminate, but such flaws typically require local or network-based access to the telephony stack.Business Impact
With a CVSS score of 8.8, this vulnerability is classified as High severity. Successful exploitation could lead to full system compromise or a denial-of-service state. This presents a severe risk to data confidentiality and device availability, particularly for mobile enterprise deployments.
Remediation Plan
Immediate Action: Monitor for and apply official Android Security Bulletin patches as soon as they are released by the device manufacturer.
Proactive Monitoring: Review system logs for unexpected crashes or errors related to telephony services or RTP streaming processes.
Compensating Controls: Ensure device hardening policies are active and disable unnecessary network features that utilize RTP sessions if possible.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the High severity of this memory corruption vulnerability, administrators should prioritize the deployment of vendor security updates. Rapid patching is essential to prevent potential exploitation that could bypass security boundaries on affected mobile devices.