Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22874
Total
1630
Critical
7150
High
7293
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-21053 | UNKNOWN | — | Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox. | Jul 10, 2026 |
| CVE-2026-21052 | UNKNOWN | — | Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege. | Jul 10, 2026 |
| CVE-2026-21051 | UNKNOWN | — | Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings. | Jul 10, 2026 |
| CVE-2026-21050 | UNKNOWN | — | Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information. | Jul 10, 2026 |
| CVE-2026-21049 | UNKNOWN | — | Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code. | Jul 10, 2026 |
| CVE-2026-21048 | UNKNOWN | — | Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory. | Jul 10, 2026 |
| CVE-2026-21046 | UNKNOWN | — | Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code. | Jul 10, 2026 |
| CVE-2026-21045 | UNKNOWN | — | Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory. | Jul 10, 2026 |
| CVE-2026-21044 | UNKNOWN | — | Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application. | Jul 10, 2026 |
| CVE-2026-21043 | UNKNOWN | — | Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege. | Jul 10, 2026 |
| CVE-2026-21042 | UNKNOWN | — | Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code. | Jul 10, 2026 |
| CVE-2026-21041 | UNKNOWN | — | Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information. | Jul 10, 2026 |
| CVE-2026-21040 | UNKNOWN | — | Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs. | Jul 10, 2026 |
| CVE-2026-21039 | UNKNOWN | — | Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings. | Jul 10, 2026 |
| CVE-2026-15332 | MEDIUM | 6.3 | A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the … | Jul 10, 2026 |
| CVE-2026-15331 | MEDIUM | 5.4 | A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the function _add_url/_add_package of the file agent/skills/service.py of the component Skill … | Jul 10, 2026 |
| CVE-2026-15330 | HIGH | 7.3 | A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function _build_image_content/_download_to_data_url of the file agent/tools/vision/vision.py of the component Vision Tool. Executing … | Jul 10, 2026 |
| CVE-2026-15302 | MEDIUM | 5.3 | The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.0.27 via the 'X-FILENAME' HTTP header. This makes … | Jul 10, 2026 |
| CVE-2026-15301 | MEDIUM | 6.4 | The BuddyHolis TableSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.1.0 due … | Jul 10, 2026 |
| CVE-2026-15300 | CRITICAL | 9.1 | The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', 'lat', and 'lng' parameters in versions up to, and including, … | Jul 10, 2026 |
| CVE-2026-15299 | MEDIUM | 6.4 | The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'weather_style' and 'move_direction' parameters of the Weather widget in … | Jul 10, 2026 |
| CVE-2026-15298 | HIGH | 7.2 | The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input … | Jul 10, 2026 |
| CVE-2026-15297 | MEDIUM | 6.1 | The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter … | Jul 10, 2026 |
| CVE-2026-15296 | MEDIUM | 6.4 | The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'atkp_product' shortcode in all versions … | Jul 10, 2026 |
| CVE-2026-15293 | HIGH | 8.0 | The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.2.0. This is due to … | Jul 10, 2026 |