Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23379
Total
1666
Critical
7346
High
7432
Medium
CVE ID Severity Score Description Published
CVE-2026-11345 UNKNOWN An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access … Jun 05, 2026
CVE-2026-8914 UNKNOWN In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval … Jun 05, 2026
CVE-2026-50265 HIGH 7.0 A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can … Jun 05, 2026
CVE-2026-21038 UNKNOWN Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory. Jun 05, 2026
CVE-2026-21037 UNKNOWN Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege. Jun 05, 2026
CVE-2026-21036 UNKNOWN Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information. Jun 05, 2026
CVE-2026-21035 UNKNOWN Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information. Jun 05, 2026
CVE-2026-21034 UNKNOWN Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to … Jun 05, 2026
CVE-2026-21033 UNKNOWN Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script. Jun 05, 2026
CVE-2026-21032 UNKNOWN Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script. Jun 05, 2026
CVE-2026-21031 HIGH 7.8 Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability. Jun 05, 2026
CVE-2026-21030 HIGH 7.8 Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions. Jun 05, 2026
CVE-2026-21029 HIGH 7.8 Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations. Jun 05, 2026
CVE-2026-21028 MEDIUM 5.5 Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information. Jun 05, 2026
CVE-2026-21027 LOW 3.3 Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function. Jun 05, 2026
CVE-2026-21026 MEDIUM 5.5 Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information. Jun 05, 2026
CVE-2026-21025 MEDIUM 5.5 Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information. Jun 05, 2026
CVE-2026-21017 MEDIUM 5.5 Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files. Jun 05, 2026
CVE-2026-11347 UNKNOWN The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) … Jun 05, 2026
CVE-2026-6274 CRITICAL 9.8 Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly … Jun 05, 2026
CVE-2026-49777 CRITICAL 10.0 Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider … Jun 05, 2026
CVE-2026-11332 HIGH 7.8 A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument … Jun 05, 2026
CVE-2026-9088 LOW 2.7 A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the … Jun 05, 2026
CVE-2026-48907 UNKNOWN A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload … Jun 05, 2026
CVE-2026-21837 UNKNOWN HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, … Jun 05, 2026