Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22874
Total
1630
Critical
7150
High
7293
Medium
CVE ID Severity Score Description Published
CVE-2026-21053 UNKNOWN Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox. Jul 10, 2026
CVE-2026-21052 UNKNOWN Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege. Jul 10, 2026
CVE-2026-21051 UNKNOWN Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings. Jul 10, 2026
CVE-2026-21050 UNKNOWN Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information. Jul 10, 2026
CVE-2026-21049 UNKNOWN Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code. Jul 10, 2026
CVE-2026-21048 UNKNOWN Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory. Jul 10, 2026
CVE-2026-21046 UNKNOWN Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code. Jul 10, 2026
CVE-2026-21045 UNKNOWN Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory. Jul 10, 2026
CVE-2026-21044 UNKNOWN Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application. Jul 10, 2026
CVE-2026-21043 UNKNOWN Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege. Jul 10, 2026
CVE-2026-21042 UNKNOWN Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code. Jul 10, 2026
CVE-2026-21041 UNKNOWN Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information. Jul 10, 2026
CVE-2026-21040 UNKNOWN Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs. Jul 10, 2026
CVE-2026-21039 UNKNOWN Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings. Jul 10, 2026
CVE-2026-15332 MEDIUM 6.3 A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the … Jul 10, 2026
CVE-2026-15331 MEDIUM 5.4 A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the function _add_url/_add_package of the file agent/skills/service.py of the component Skill … Jul 10, 2026
CVE-2026-15330 HIGH 7.3 A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function _build_image_content/_download_to_data_url of the file agent/tools/vision/vision.py of the component Vision Tool. Executing … Jul 10, 2026
CVE-2026-15302 MEDIUM 5.3 The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes … Jul 10, 2026
CVE-2026-15301 MEDIUM 6.4 The BuddyHolis TableSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.1.0 due … Jul 10, 2026
CVE-2026-15300 CRITICAL 9.1 The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, … Jul 10, 2026
CVE-2026-15299 MEDIUM 6.4 The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weather_style' and 'move_direction' parameters of the Weather widget in … Jul 10, 2026
CVE-2026-15298 HIGH 7.2 The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input … Jul 10, 2026
CVE-2026-15297 MEDIUM 6.1 The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter … Jul 10, 2026
CVE-2026-15296 MEDIUM 6.4 The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'atkp_product' shortcode in all versions … Jul 10, 2026
CVE-2026-15293 HIGH 8.0 The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.2.0. This is due to … Jul 10, 2026