Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22832
Total
1629
Critical
7118
High
7284
Medium
CVE ID Severity Score Description Published
CVE-2026-13347 HIGH 7.5 The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the he_wrapper_js and … Jul 10, 2026
CVE-2026-12685 HIGH 7.5 The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key … Jul 10, 2026
CVE-2026-12276 MEDIUM 5.3 The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account … Jul 10, 2026
CVE-2026-12123 MEDIUM 6.4 The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. … Jul 10, 2026
CVE-2026-21057 UNKNOWN Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory. Jul 10, 2026
CVE-2026-21056 UNKNOWN Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information. Jul 10, 2026
CVE-2026-21055 UNKNOWN Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege. Jul 10, 2026
CVE-2026-21054 UNKNOWN Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data. Jul 10, 2026
CVE-2026-21053 UNKNOWN Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox. Jul 10, 2026
CVE-2026-21052 UNKNOWN Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege. Jul 10, 2026
CVE-2026-21051 UNKNOWN Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings. Jul 10, 2026
CVE-2026-21050 UNKNOWN Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information. Jul 10, 2026
CVE-2026-21049 UNKNOWN Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code. Jul 10, 2026
CVE-2026-21048 UNKNOWN Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory. Jul 10, 2026
CVE-2026-21046 UNKNOWN Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code. Jul 10, 2026
CVE-2026-21045 UNKNOWN Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory. Jul 10, 2026
CVE-2026-21044 UNKNOWN Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application. Jul 10, 2026
CVE-2026-21043 UNKNOWN Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege. Jul 10, 2026
CVE-2026-21042 UNKNOWN Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code. Jul 10, 2026
CVE-2026-21041 UNKNOWN Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information. Jul 10, 2026
CVE-2026-21040 UNKNOWN Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs. Jul 10, 2026
CVE-2026-21039 UNKNOWN Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings. Jul 10, 2026
CVE-2026-15332 MEDIUM 6.3 A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the … Jul 10, 2026
CVE-2026-15331 MEDIUM 5.4 A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the function _add_url/_add_package of the file agent/skills/service.py of the component Skill … Jul 10, 2026
CVE-2026-15330 HIGH 7.3 A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function _build_image_content/_download_to_data_url of the file agent/tools/vision/vision.py of the component Vision Tool. Executing … Jul 10, 2026