Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23503
Total
1676
Critical
7379
High
7473
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-8914 | UNKNOWN | — | In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval … | Jun 05, 2026 |
| CVE-2026-50265 | HIGH | 7.0 | A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can … | Jun 05, 2026 |
| CVE-2026-21038 | UNKNOWN | — | Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory. | Jun 05, 2026 |
| CVE-2026-21037 | UNKNOWN | — | Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege. | Jun 05, 2026 |
| CVE-2026-21036 | UNKNOWN | — | Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information. | Jun 05, 2026 |
| CVE-2026-21035 | UNKNOWN | — | Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information. | Jun 05, 2026 |
| CVE-2026-21034 | UNKNOWN | — | Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to … | Jun 05, 2026 |
| CVE-2026-21033 | UNKNOWN | — | Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script. | Jun 05, 2026 |
| CVE-2026-21032 | UNKNOWN | — | Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script. | Jun 05, 2026 |
| CVE-2026-21031 | HIGH | 7.8 | Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability. | Jun 05, 2026 |
| CVE-2026-21030 | HIGH | 7.8 | Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions. | Jun 05, 2026 |
| CVE-2026-21029 | HIGH | 7.8 | Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations. | Jun 05, 2026 |
| CVE-2026-21028 | MEDIUM | 5.5 | Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information. | Jun 05, 2026 |
| CVE-2026-21027 | LOW | 3.3 | Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function. | Jun 05, 2026 |
| CVE-2026-21026 | MEDIUM | 5.5 | Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information. | Jun 05, 2026 |
| CVE-2026-21025 | MEDIUM | 5.5 | Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information. | Jun 05, 2026 |
| CVE-2026-21017 | MEDIUM | 5.5 | Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files. | Jun 05, 2026 |
| CVE-2026-11347 | UNKNOWN | — | The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) … | Jun 05, 2026 |
| CVE-2026-6274 | CRITICAL | 9.8 | Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly … | Jun 05, 2026 |
| CVE-2026-49777 | CRITICAL | 10.0 | Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider … | Jun 05, 2026 |
| CVE-2026-11332 | HIGH | 7.8 | A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument … | Jun 05, 2026 |
| CVE-2026-9088 | LOW | 2.7 | A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the … | Jun 05, 2026 |
| CVE-2026-48907 | UNKNOWN | — | A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload … | Jun 05, 2026 |
| CVE-2026-21837 | UNKNOWN | — | HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, … | Jun 05, 2026 |
| CVE-2026-21826 | MEDIUM | 6.1 | HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the … | Jun 05, 2026 |