bypassing java-side pairip checks in a modded android app by removing manifest-registered components, rebuilding, and signing again
cve-2026-54258 let low-privileged zoneminder users fetch private event media from monitors they were not allowed to access
cve-2026-53521 let a stored future ddns profile id turn into another user ddns profile context later in nezha