Export limit exceeded: 365299 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365299 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-58305 | 1 Samsung Open Source | 1 Escargot | 2026-07-13 | 6.1 Medium |
| Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a. | ||||
| CVE-2026-58306 | 1 Samsung Open Source | 1 Escargot | 2026-07-13 | 6.1 Medium |
| Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before ef525f337fafddecde77a3c426212a84bb20cb98. | ||||
| CVE-2026-13461 | 1 Payrange | 1 Payrange | 2026-07-13 | 9.6 Critical |
| When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device. | ||||
| CVE-2026-13462 | 1 Payrange | 1 Payrange | 2026-07-13 | 7.5 High |
| PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends. | ||||
| CVE-2026-43752 | 1 Claris | 1 Filemaker Server | 2026-07-13 | 4.9 Medium |
| An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1. | ||||
| CVE-2026-15595 | 1 Sourcecodester | 1 Class And Exam Timetabling System | 2026-07-13 | 4.3 Medium |
| A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. The affected element is an unknown function of the file /forsubject.php. This manipulation of the argument subject causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-21039 | 1 Samsung | 1 Mobile Devices | 2026-07-13 | N/A |
| Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings. | ||||
| CVE-2026-21043 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-13 | N/A |
| Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege. | ||||
| CVE-2026-21046 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-13 | N/A |
| Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code. | ||||
| CVE-2026-21048 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-13 | N/A |
| Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory. | ||||
| CVE-2026-21051 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-13 | N/A |
| Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings. | ||||
| CVE-2026-21052 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-13 | N/A |
| Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege. | ||||
| CVE-2026-21053 | 1 Samsung Mobile | 1 Samsung Email | 2026-07-13 | N/A |
| Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox. | ||||
| CVE-2026-14906 | 1 Mozilla | 1 Firefox For Ios | 2026-07-13 | 5.3 Medium |
| Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox. This vulnerability was fixed in Firefox for iOS 152.4. | ||||
| CVE-2026-58410 | 2026-07-13 | 7.1 High | ||
| ChurchCRM is an open-source church management system. Prior to version 7.4.0, there was an authorization flaw in the family-scoped endpoints which allowed low-privileged users to read and modify other families’ records. An authenticated non-admin user with EditSelf access can supply another family’s `familyId` and access records outside their own family scope. The backend trusts the attacker-controlled `familyId` and loads the corresponding family entity by ID without verifying that the requested family belongs to the current user. If the same user also has Notes permission, they can create notes on another family’s record. This breaks the intended EditSelf scope and allows access to unrelated congregation records. This issue has been fixed in version 7.4.0. | ||||
| CVE-2026-21054 | 1 Samsung Mobile | 1 Inputsharing | 2026-07-13 | N/A |
| Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data. | ||||
| CVE-2026-21055 | 1 Samsung Mobile | 1 Bixby | 2026-07-13 | N/A |
| Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege. | ||||
| CVE-2026-21056 | 1 Samsung Mobile | 1 Samsung Health | 2026-07-13 | N/A |
| Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information. | ||||
| CVE-2026-12276 | 2026-07-13 | 5.3 Medium | ||
| The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has been disabled site-wide. | ||||
| CVE-2026-15594 | 1 Waooai | 1 Waoowaoo | 2026-07-13 | 3.7 Low |
| A vulnerability was found in waooAI waoowaoo up to 0.4.1. Impacted is the function stablePublicIdFromStorageKey in the library src/lib/media/hash.ts of the component Media Handler. The manipulation of the argument storageKey results in improper authorization. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||