Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-40005 — Apache IoTDB: Path Traversal in Pipe File Transfer Receiver

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions wi…

iotdb | Path Traversal
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-28564 — Apache IoTDB: REST Basic Authentication Accepts Stale Cached Credentials

Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: f…

iotdb | Authentication
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
7.5 HIGH
CVE-2026-13347 — Hide My WP Lite <= 1.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'he_wr…

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the he_wrapper_js and he_wrapper_css query parameters processed by the elementor_…

Remote | Path Traversal
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-12685 — EscortWP <= 3.6.2 - Content Deletion via Vendor-Authored Backdoor

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanen…

| Supply Chain
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
0.0 NA
CVE-2026-12276 — LA-Studio Element Kit for Elementor < 1.6.1 - Unauthenticated Open Registration

The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJA…

| Authentication
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
6.4 MEDIUM
CVE-2026-12123 — All-in-One Video Gallery <= 4.8.5 - Authenticated (Subscriber+) Server-Side Request Forge…

The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenti…

all-in-one_video_gallery | Remote | Server-Side Request Forgery
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
6.8 MEDIUM
CVE-2026-21057 — Samsung Pass Out-of-Bounds Memory Write Vulnerability

Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory.

| Memory Corruption
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
4.8 MEDIUM
CVE-2026-21056 — Samsung Health Improper Authorization Vulnerability

Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information.

| Authorization
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
8.5 HIGH
CVE-2026-21055 — Samsung Bixby Improper Component Export Vulnerability

Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege.

| Authentication
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
6.9 MEDIUM
CVE-2026-21054 — InputSharing Improper Component Export Vulnerability

Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data.

| Information Disclosure
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
5.1 MEDIUM
CVE-2026-21053 — Samsung Email Improper Input Validation Arbitrary File Creation

Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox.

| Path Traversal
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
6.8 MEDIUM
CVE-2026-21052 — SemClipboardService Path Traversal Vulnerability

Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege.

| Path Traversal
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
5.1 MEDIUM
CVE-2026-21051 — Tencent WLAN Security Incorrect Default Permissions Vulnerability

Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings.

| Misconfiguration
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
5.1 MEDIUM
CVE-2026-21050 — SmartThingsKit Improper Access Control Vulnerability

Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information.

| Authorization
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
8.4 HIGH
CVE-2026-21049 — libpadm Out-of-bounds Write Vulnerability

Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code.

| Memory Corruption
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
8.4 HIGH
CVE-2026-21048 — libimagecodec Out-of-Bounds Write

Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory.

Remote | Memory Corruption
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
8.4 HIGH
CVE-2026-21046 — FabricKeymaster Trustlet Time-of-Check Time-of-Use Race Condition

Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code.

| Race Condition
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
8.4 HIGH
CVE-2026-21045 — Quram libimagecodec Out-of-Bounds Write

Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory.

Remote | Memory Corruption
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
5.8 MEDIUM
CVE-2026-21044 — Samsung KnoxGuardManager Improper Authorization Vulnerability

Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application.

| Authorization
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
6.7 MEDIUM
CVE-2026-21043 — Samsung Wallpaper Service Path Traversal

Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege.

| Path Traversal
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
Showing 20 of 7372 Results