Export limit exceeded: 364661 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364661 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364661 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-21042 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-10 N/A
Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code.
CVE-2026-21043 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-10 N/A
Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege.
CVE-2026-21046 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-10 N/A
Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code.
CVE-2026-21049 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-10 N/A
Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code.
CVE-2026-21051 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-10 N/A
Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings.
CVE-2026-21052 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-10 N/A
Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege.
CVE-2026-21054 1 Samsung Mobile 1 Inputsharing 2026-07-10 N/A
Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data.
CVE-2026-21057 1 Samsung Mobile 1 Samsung Pass 2026-07-10 N/A
Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory.
CVE-2026-14475 2 Wordpress, Wplegalpages 2 Wordpress, Cookie Banner For Gdpr / Ccpa – Wplp Cookie Consent 2026-07-10 4.9 Medium
The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2026-0128 1 Google 1 Android 2026-07-10 3.5 Low
In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2026-15028 1 Redhat 3 Enterprise Linux, Hummingbird, Openshift 2026-07-10 3.9 Low
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system.
CVE-2026-52195 1 Utt 1 Nv518g 2026-07-10 7.5 High
Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_472f08 component
CVE-2026-52193 2026-07-10 7.5 High
Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_447CAC component
CVE-2026-56809 1 Ricoh 1 Multiple Laser Printers And Mfps Which Implement Web Image Monitor 2026-07-10 N/A
Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the web browser of the user who accesses a crafted URL.
CVE-2026-13807 1 Google 1 Chrome 2026-07-10 7.5 High
Use after free in Import in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a malicious file. (Chromium security severity: High)
CVE-2026-13822 1 Google 1 Chrome 2026-07-10 6.5 Medium
Inappropriate implementation in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: High)
CVE-2026-13825 1 Google 1 Chrome 2026-07-10 8.8 High
Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-13867 1 Google 1 Chrome 2026-07-10 4.3 Medium
Inappropriate implementation in Geolocation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13903 1 Google 1 Chrome 2026-07-10 8.8 High
Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13916 1 Google 1 Chrome 2026-07-10 4.3 Medium
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)