Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22832
Total
1629
Critical
7118
High
7284
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-13347 | HIGH | 7.5 | The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the he_wrapper_js and … | Jul 10, 2026 |
| CVE-2026-12685 | HIGH | 7.5 | The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key … | Jul 10, 2026 |
| CVE-2026-12276 | MEDIUM | 5.3 | The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account … | Jul 10, 2026 |
| CVE-2026-12123 | MEDIUM | 6.4 | The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. … | Jul 10, 2026 |
| CVE-2026-21057 | UNKNOWN | — | Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory. | Jul 10, 2026 |
| CVE-2026-21056 | UNKNOWN | — | Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information. | Jul 10, 2026 |
| CVE-2026-21055 | UNKNOWN | — | Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege. | Jul 10, 2026 |
| CVE-2026-21054 | UNKNOWN | — | Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data. | Jul 10, 2026 |
| CVE-2026-21053 | UNKNOWN | — | Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox. | Jul 10, 2026 |
| CVE-2026-21052 | UNKNOWN | — | Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege. | Jul 10, 2026 |
| CVE-2026-21051 | UNKNOWN | — | Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings. | Jul 10, 2026 |
| CVE-2026-21050 | UNKNOWN | — | Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information. | Jul 10, 2026 |
| CVE-2026-21049 | UNKNOWN | — | Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code. | Jul 10, 2026 |
| CVE-2026-21048 | UNKNOWN | — | Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory. | Jul 10, 2026 |
| CVE-2026-21046 | UNKNOWN | — | Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code. | Jul 10, 2026 |
| CVE-2026-21045 | UNKNOWN | — | Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory. | Jul 10, 2026 |
| CVE-2026-21044 | UNKNOWN | — | Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application. | Jul 10, 2026 |
| CVE-2026-21043 | UNKNOWN | — | Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege. | Jul 10, 2026 |
| CVE-2026-21042 | UNKNOWN | — | Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code. | Jul 10, 2026 |
| CVE-2026-21041 | UNKNOWN | — | Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information. | Jul 10, 2026 |
| CVE-2026-21040 | UNKNOWN | — | Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs. | Jul 10, 2026 |
| CVE-2026-21039 | UNKNOWN | — | Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings. | Jul 10, 2026 |
| CVE-2026-15332 | MEDIUM | 6.3 | A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the … | Jul 10, 2026 |
| CVE-2026-15331 | MEDIUM | 5.4 | A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the function _add_url/_add_package of the file agent/skills/service.py of the component Skill … | Jul 10, 2026 |
| CVE-2026-15330 | HIGH | 7.3 | A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function _build_image_content/_download_to_data_url of the file agent/tools/vision/vision.py of the component Vision Tool. Executing … | Jul 10, 2026 |