All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are…

The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model…

A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the –allow-fs-read flag is used with a non-*…

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A…

In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps’ external private directories due to a path traversal error. This…

In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when…

In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution…

In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead…

In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due…

In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local…