Vuldb Updates

A vulnerability labeled as problematic has been found in GPAC up to 26.1.x. This affects the function gf_isom_apple_set_tag_ex of the file /isomedia/isom_write.c of the component MP4Box. The manipulation results in denial of service. This vulnerability is known as CVE-2025-60485. Attacking locally is a requirement. No exploit is available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Assimp up to 6.0.4. Affected is the function HL1MDLLoader::extract_anim_value of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Performing a manipulation of the argument num.total results in heap-based buffer overflow. This vulnerability is cataloged as CVE-2026-10231. The attack must be initiated from a local position. Furthermore, there is an exploit available. The project tagged the reported issue as bug.

A vulnerability classified as critical has been found in Google Android 15/16/16-qpr2. The affected element is an unknown function of the file AdapterService.java. The manipulation leads to permission issues. This vulnerability is referenced as CVE-2026-0050. The attack can only be performed from a local environment. No exploit is available.

A vulnerability described as critical has been identified in Google Android 14/15/16. Impacted is the function InputInterceptor of the file Letterbox.java. Executing a manipulation can lead to permission issues. The identification of this vulnerability is CVE-2026-0046. The attack can only be executed locally. There is no exploit available.

A vulnerability labeled as critical has been found in Google Android 14/15/16/16-qpr2. The affected element is the function bta_jv_rfcomm_connect of the file bta_jv_act.cc. Executing a manipulation can lead to Local Privilege Escalation. This vulnerability is handled as CVE-2026-0045. It is possible to launch the attack on the local host. There is not any exploit available.

A vulnerability marked as critical has been reported in Google Android 14/15/16/16-qpr2. The impacted element is an unknown function of the file WindowState.java. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2026-0048. Local access is required to approach this attack. No exploit exists.

A vulnerability classified as critical has been found in Google Android 14/15/16/16-qpr2. This vulnerability affects unknown code of the file ubsan_throwing_runtime.cpp. Performing a manipulation results in integer overflow. This vulnerability is identified as CVE-2026-0044. The attack can be initiated remotely. There is not any exploit available.

A vulnerability marked as critical has been reported in Google Android 14/15/16/16-qpr2. This issue affects some unknown processing of the file ubsan_throwing_runtime.cpp. Performing a manipulation results in denial of service. This vulnerability was named CVE-2026-0042. The attack needs to be approached locally. There is no available exploit.

A vulnerability identified as critical has been detected in Google Android 14/15/16/16-qpr2. Impacted is an unknown function of the file ubsan_throwing_runtime.cpp. Performing a manipulation results in integer overflow. This vulnerability is known as CVE-2026-0043. Attacking locally is a requirement. No exploit is available.

A vulnerability described as critical has been identified in Google Android 14/15/16/16-qpr2. This affects an unknown part of the file ubsan_throwing_runtime.cpp. Such manipulation leads to integer overflow. This vulnerability is referenced as CVE-2026-0041. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as critical has been found in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. The manipulation leads to improper authorization. This vulnerability is documented as CVE-2026-10693. The attack can be initiated remotely. Additionally, an exploit exists. Multiple endpoints are affected.

A vulnerability classified as critical was found in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. This vulnerability is reported as CVE-2026-10694. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability identified as critical has been detected in Google Android 14/15/16/16-qpr2. Affected is an unknown function of the file ubsan_throwing_runtime.cpp. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2026-0039. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability marked as critical has been reported in Google Android 14/15/16/16-qpr2. Affected by this issue is some unknown functionality of the file ubsan_throwing_runtime.cpp. This manipulation causes integer overflow. The identification of this vulnerability is CVE-2026-0040. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Google Android 15/16/16-qpr2. It has been rated as critical. This vulnerability affects unknown code of the file AccessibilityManagerService.java. This manipulation causes denial of service. This vulnerability appears as CVE-2026-0018. The attack requires local access. There is no available exploit.

A vulnerability categorized as critical has been discovered in Google Android 14/15/16/16-qpr2. This issue affects the function startAnimation of the file StageCoordinator.java. Such manipulation leads to Local Privilege Escalation. This vulnerability is traded as CVE-2026-0036. An attack has to be approached locally. There is no exploit available.

A vulnerability labeled as critical has been found in Google Android 16/16-qpr2. This vulnerability affects the function updateProvidersWhenServiceRemoved of the file CredentialManagerService.java. Such manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2026-0016. Local access is required to approach this attack. No exploit exists.

A vulnerability categorized as critical has been discovered in Seagate openSeaChest up to 25.05.3/26.03.0. This affects an unknown part of the component SCSI Handler. The manipulation results in out-of-bounds write. This vulnerability is known as CVE-2026-10717. Attacking locally is a requirement. No exploit is available.

A vulnerability identified as critical has been detected in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function execute_blender_code of the file /src/blender_mcp/server.py. This manipulation of the argument code causes code injection. This vulnerability is tracked as CVE-2026-10688. The attack is possible to be carried out remotely. Moreover, an exploit is present. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability categorized as problematic has been discovered in QloApps up to 1.7.0. Affected is the function Tools::encrypt of the file classes/Tools.php. Executing a manipulation can lead to password hash with insufficient computational effort. This vulnerability is handled as CVE-2026-25861. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.