CVE-2026-49190
- EPSS 0.43%
- Veröffentlicht 04.06.2026 05:28:48
- Zuletzt bearbeitet 04.06.2026 19:39:49
The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions.
CVE-2026-49189
- EPSS 0.1%
- Veröffentlicht 04.06.2026 05:23:10
- Zuletzt bearbeitet 04.06.2026 19:39:58
Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations.
CVE-2026-49188
- EPSS 0.32%
- Veröffentlicht 04.06.2026 04:08:08
- Zuletzt bearbeitet 04.06.2026 19:40:45
The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands.
CVE-2026-49187
- EPSS 0.25%
- Veröffentlicht 04.06.2026 03:50:11
- Zuletzt bearbeitet 04.06.2026 19:40:53
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse.
CVE-2026-49186
- EPSS 0.32%
- Veröffentlicht 04.06.2026 03:36:59
- Zuletzt bearbeitet 04.06.2026 19:42:02
The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands.
CVE-2026-49185
- EPSS 0.39%
- Veröffentlicht 04.06.2026 02:55:48
- Zuletzt bearbeitet 04.06.2026 19:41:32
The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection.