Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
10.0 CRITICAL
CVE-2026-0082 — Android NFC Dispatcher: Privilege Escalation via Insecure Permission Assignment

In tryStartActivity of NfcDispatcher.java, there is a possible automatic special app access permission assignment due to an insecure default value. This could lead to local escalation of privilege wi…

android | Remote | Authorization
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
10.0 CRITICAL
CVE-2026-0081 — NFC Spoofing Leading to Local Privilege Escalation

In NFC, there is a possible way to spoof an NFC event due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interact…

android | Remote | Authorization
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
10.0 CRITICAL
CVE-2026-0071 — SettingsLib Local Privilege Escalation

In SettingsLib, there is a possible missing permission check due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User in…

android | Remote | Authorization
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
10.0 CRITICAL
CVE-2026-0068 — PackageInstallerService DPC Uninstallation Privilege Escalation

In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to lo…

android | Remote | Authorization
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
10.0 CRITICAL

In multiple places, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User intera…

android | Remote | Denial of Service
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
10.0 CRITICAL
CVE-2026-0063 — Google Android PhoneInterfaceManager Improper Checkstone Privilege Escalation

In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no…

android | Remote | Authorization
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
3.3 LOW
CVE-2026-0057 — Contacts Provider Local Information Disclosure

In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with…

android | Information Disclosure
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
7.8 HIGH
CVE-2026-0019 — SettingsLib Local Privilege Escalation

In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed.…

android | Authorization
Jun 17, 2026 Jun 18, 2026
Jun 17, 2026
Jun 18, 2026
9.8 CRITICAL
CVE-2025-69179 — WordPress Support Ticket Management System plugin <= 1.9 - Privilege Escalation vulnerabi…

Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions.

Remote | Authorization
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69178 — WordPress Truemag theme <= 4.3.14.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Truemag <= 4.3.14.2 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69177 — WordPress Roneous theme <= 2.1.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Roneous <= 2.1.5 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69176 — WordPress ITactics theme <= 1.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in ITactics <= 1.0 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69173 — WordPress Tipsy theme <= 1.1 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Tipsy <= 1.1 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69172 — WordPress Resurs theme <= 1.3 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Resurs <= 1.3 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69171 — WordPress Orpheus theme <= 1.3 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69168 — WordPress Spike theme <= 1.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Spike <= 1.2 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69167 — WordPress Eros theme <= 1.3 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Eros <= 1.3 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69165 — WordPress Choreo theme <= 1.6 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Choreo <= 1.6 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69163 — WordPress WineShop theme <= 3.17 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in WineShop <= 3.17 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
8.1 HIGH
CVE-2025-69162 — WordPress Grecko theme <= 5.17 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Grecko <= 5.17 versions.

Remote | Path Traversal
Jun 17, 2026 Jun 17, 2026
Jun 17, 2026
Jun 17, 2026
Showing 20 of 7989 Results