Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23657
Total
1684
Critical
7428
High
7547
Medium
CVE ID Severity Score Description Published
CVE-2026-47320 MEDIUM 6.1 Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This issue affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3. Jun 04, 2026
CVE-2026-47319 MEDIUM 6.1 Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation. This issue affects rlottie: before 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd. Jun 04, 2026
CVE-2026-47318 MEDIUM 6.1 Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035. Jun 04, 2026
CVE-2026-47306 MEDIUM 6.1 Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945. Jun 04, 2026
CVE-2026-10800 LOW 3.6 A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hash_features of the file fastdeploy/multimodal/hasher.py of the … Jun 04, 2026
CVE-2026-10305 MEDIUM 6.1 Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd. Jun 04, 2026
CVE-2026-50213 HIGH 7.5 The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings. Jun 04, 2026
CVE-2026-50212 MEDIUM 6.5 Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service. Jun 04, 2026
CVE-2026-50211 CRITICAL 9.8 Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers. Jun 04, 2026
CVE-2026-50210 HIGH 7.5 The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and known-plaintext decryption. Jun 04, 2026
CVE-2026-50209 HIGH 7.8 Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker. Jun 04, 2026
CVE-2026-50208 CRITICAL 9.4 High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic. Jun 04, 2026
CVE-2026-50207 HIGH 7.8 The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity. Jun 04, 2026
CVE-2026-3820 HIGH 7.2 There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into … Jun 04, 2026
CVE-2026-50206 MEDIUM 6.8 Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files. Jun 04, 2026
CVE-2026-50205 HIGH 8.2 System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data. Jun 04, 2026
CVE-2026-49204 MEDIUM 6.5 Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation. Jun 04, 2026
CVE-2026-49203 HIGH 8.3 Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted. Jun 04, 2026
CVE-2026-49202 HIGH 8.6 Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft. Jun 04, 2026
CVE-2026-49194 HIGH 8.8 The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface. Jun 04, 2026
CVE-2026-49193 HIGH 7.5 Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet. Jun 04, 2026
CVE-2026-49192 MEDIUM 5.4 The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping. Jun 04, 2026
CVE-2026-49191 CRITICAL 9.8 The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages. Jun 04, 2026
CVE-2026-49190 HIGH 8.8 The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions. Jun 04, 2026
CVE-2026-50219 MEDIUM 4.9 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy … Jun 04, 2026