Search

Search Results (364872 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-21046 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-12 N/A
Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code.
CVE-2026-21048 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-12 N/A
Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory.
CVE-2026-21049 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-12 N/A
Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code.
CVE-2026-21050 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-12 N/A
Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information.
CVE-2026-21051 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-12 N/A
Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings.
CVE-2026-21052 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-12 N/A
Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege.
CVE-2026-21053 1 Samsung Mobile 1 Samsung Email 2026-07-12 N/A
Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox.
CVE-2026-21054 1 Samsung Mobile 1 Inputsharing 2026-07-12 N/A
Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data.
CVE-2026-21056 1 Samsung Mobile 1 Samsung Health 2026-07-12 N/A
Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information.
CVE-2026-21057 1 Samsung Mobile 1 Samsung Pass 2026-07-12 N/A
Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory.
CVE-2026-12276 2026-07-12 5.3 Medium
The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has been disabled site-wide.
CVE-2026-12685 2026-07-12 7.5 High
The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator email address, and license key to a third-party server.
CVE-2026-15478 1 Icehrm 1 Icehrm 2026-07-12 6.3 Medium
A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2026-15087 2026-07-12 N/A
vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*.
CVE-2026-15477 1 Bahmni 1 Bahmnicore 2026-07-12 6.3 Medium
A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. Upgrading to version 0.93.1, 1.0.1, 1.1.1, 1.2.1, 1.3.1 and 2.0.1 mitigates this issue. Upgrading the affected component is recommended.
CVE-2026-30689 1 Anjoy8 1 Blog.admin 2026-07-12 4.3 Medium
In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. NOTE: Blog.Admin is related front-end code that does not offer an API service.
CVE-2026-48611 1 Phpbb 1 Phpbb 2026-07-12 N/A
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.
CVE-2026-0128 1 Google 1 Android 2026-07-12 3.5 Low
In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2026-0156 1 Google 1 Android 2026-07-12 6.5 Medium
In checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-10601 1 Grafana 1 Grafana 2026-07-12 5.4 Medium
A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the configured backend.