Search

Search Results (366043 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-13461 1 Payrange 1 Payrange 2026-07-13 9.6 Critical
When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device.
CVE-2026-13462 1 Payrange 1 Payrange 2026-07-13 7.5 High
PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends.
CVE-2026-43752 1 Claris 1 Filemaker Server 2026-07-13 4.9 Medium
An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1.
CVE-2026-21039 1 Samsung 1 Mobile Devices 2026-07-13 N/A
Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings.
CVE-2026-21043 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-13 N/A
Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege.
CVE-2026-21048 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-13 N/A
Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory.
CVE-2026-21051 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-13 N/A
Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings.
CVE-2026-21052 1 Samsung Mobile 1 Samsung Mobile Devices 2026-07-13 N/A
Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege.
CVE-2026-21053 1 Samsung Mobile 1 Samsung Email 2026-07-13 N/A
Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox.
CVE-2026-14906 1 Mozilla 1 Firefox For Ios 2026-07-13 5.3 Medium
Pages with malicious titles could potentially allow saved PDF content to overwrite PDF files or bundled content within the Firefox for iOS application sandbox. This vulnerability was fixed in Firefox for iOS 152.4.
CVE-2026-21054 1 Samsung Mobile 1 Inputsharing 2026-07-13 N/A
Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data.
CVE-2026-21055 1 Samsung Mobile 1 Bixby 2026-07-13 N/A
Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege.
CVE-2026-21056 1 Samsung Mobile 1 Samsung Health 2026-07-13 N/A
Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information.
CVE-2026-12276 2026-07-13 5.3 Medium
The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has been disabled site-wide.
CVE-2026-15594 1 Waooai 1 Waoowaoo 2026-07-13 3.7 Low
A vulnerability was found in waooAI waoowaoo up to 0.4.1. Impacted is the function stablePublicIdFromStorageKey in the library src/lib/media/hash.ts of the component Media Handler. The manipulation of the argument storageKey results in improper authorization. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2026-56689 1 Dell 1 Powerflex Manager 2026-07-13 7.7 High
Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
CVE-2026-59791 1 Jetbrains 1 Youtrack 2026-07-13 3.5 Low
In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible
CVE-2026-59792 1 Jetbrains 1 Intellij Idea 2026-07-13 9.6 Critical
In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible
CVE-2026-58407 2026-07-13 N/A
Please submit CVE requests for each vulnerability.
CVE-2026-60103 1 Blender 1 Blender 2026-07-13 6.1 Medium
Blender 3.0.0 through 5.1.2 contains an out-of-bounds read vulnerability that allows attackers to trigger a crash or read adjacent heap memory by supplying a crafted .blend file with a malicious signed short member_index value in the SDNA block. The member_index field is used as an array index into the sdna->members[] array in sdna_expand_names() without bounds validation, allowing any value outside the allocated range to produce an invalid pointer subsequently passed to strlen(), resulting in a SIGSEGV crash or unintended heap memory disclosure.