CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-0154
High

In the modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed.

CVE-2026-0153
High

In msg_to_host_buffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.

CVE-2026-0152
High

In OSMMapPMRGeneric of pmr_os.c, there is a logic error that may allow maliciously expanding the VMA out of bounds via a system call. This could lead to local privilege escalation without the need for additional execution privileges.

CVE-2026-0151
High

In the IntfGraphCreate function of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed.

CVE-2026-0150
High

In the ExecuteGraph command handler of EdgeTPU firmware, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with root privileges needed.

CVE-2026-0149
High

In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed.

CVE-2026-0148
High

In multiple functions of VideoRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed.

CVE-2026-0147
High

In the function __mfc_core_nal_q_get_dec_metadata_sei_nal in the file mfc_core_nal_q.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.

CVE-2026-0146
High

In the function mfc_core_get_dec_metadata_sei_nal in the file mfc_core_reg_api.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.

CVE-2026-0143
High

In the lwis_device_external_event_emit function in lwis_event.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed.

CVE-2026-0139
High

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.

CVE-2026-0138
High

In the lwis_io_buffer_write function of lwis_io_buffer.c, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed.

CVE-2026-0137
High

In the function edgetpu_sync_fence_group_shutdown() in the file edgetpu-dmabuf.c, there is a possible elevation of privilege due to a use after free. This could lead to local escalation of privilege requiring system execution privileges.

CVE-2026-0135
High

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.

CVE-2026-0133
High

In the smmu_attach_dev function in arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.

CVE-2026-0132
High

In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed.

CVE-2026-0131
High

In RtpPacket::decodePacket, there is a possible out of bounds access due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed.

CVE-2026-0125
High

In the vpu_ioctl.c files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed.

CVE-2026-53866
High

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators to execute unapproved commands.

CVE-2026-53865
High

OpenClaw before 2026.5.2 contains a path traversal vulnerability in maintenance task execution that allows workspace-derived service paths to influence trash command selection. Attackers can execute unintended local executables from operator-unintended paths during maintenance operations.

PreviousPage 126 of 3359Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS