Export limit exceeded: 363815 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363815 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-15481 | 1 Trendnet | 1 Tew-635brm | 2026-07-12 | 8.8 High |
| A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoa_test of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing a manipulation of the argument ipoa_ipaddr results in command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor explains: "We are unable to confirm if the vulnerability exists. This item has been EOL since 2011. We will make an official announcement of possible vulnerabilities, and recommend users to switch devices." This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-21039 | 1 Samsung | 1 Mobile Devices | 2026-07-12 | N/A |
| Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings. | ||||
| CVE-2026-21040 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-12 | N/A |
| Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs. | ||||
| CVE-2026-21041 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-12 | N/A |
| Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information. | ||||
| CVE-2026-21042 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-12 | N/A |
| Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code. | ||||
| CVE-2026-21043 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-12 | N/A |
| Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege. | ||||
| CVE-2026-21044 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-12 | N/A |
| Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application. | ||||
| CVE-2026-21046 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-12 | N/A |
| Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code. | ||||
| CVE-2026-21048 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-12 | N/A |
| Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory. | ||||
| CVE-2026-21049 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-12 | N/A |
| Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code. | ||||
| CVE-2026-21050 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-12 | N/A |
| Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information. | ||||
| CVE-2026-21051 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-12 | N/A |
| Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings. | ||||
| CVE-2026-21052 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-07-12 | N/A |
| Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege. | ||||
| CVE-2026-21053 | 1 Samsung Mobile | 1 Samsung Email | 2026-07-12 | N/A |
| Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox. | ||||
| CVE-2026-21054 | 1 Samsung Mobile | 1 Inputsharing | 2026-07-12 | N/A |
| Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data. | ||||
| CVE-2026-21056 | 1 Samsung Mobile | 1 Samsung Health | 2026-07-12 | N/A |
| Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information. | ||||
| CVE-2026-21057 | 1 Samsung Mobile | 1 Samsung Pass | 2026-07-12 | N/A |
| Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2026-12276 | 2026-07-12 | 5.3 Medium | ||
| The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has been disabled site-wide. | ||||
| CVE-2026-12685 | 2026-07-12 | 7.5 High | ||
| The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator email address, and license key to a third-party server. | ||||
| CVE-2026-15480 | 1 Trendnet | 1 Tew-635brm | 2026-07-12 | 8.8 High |
| A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function start_httpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument device_name leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor explains: "We are unable to confirm if the vulnerability exists. This item has been EOL since 2011. We will make an official announcement of possible vulnerabilities, and recommend users to switch devices." This vulnerability only affects products that are no longer supported by the maintainer. | ||||