CVE-2026-20988 - Google Settings Intent Injection Vulnerability
CVE ID :CVE-2026-20988
Published : March 16, 2026, 4:31 a.m. | 2 hours, 1 minute ago
Description :Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-20988
Published : March 16, 2026, 4:31 a.m. | 2 hours, 1 minute ago
Description :Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-20989 - Google Chrome Font Settings Signature Verification Bypass
CVE ID :CVE-2026-20989
Published : March 16, 2026, 4:31 a.m. | 2 hours, 1 minute ago
Description :Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-20989
Published : March 16, 2026, 4:31 a.m. | 2 hours, 1 minute ago
Description :Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-20990 - Samsung Secure Folder Android Activity Launching Vulnerability
CVE ID :CVE-2026-20990
Published : March 16, 2026, 4:31 a.m. | 2 hours, 1 minute ago
Description :Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-20990
Published : March 16, 2026, 4:31 a.m. | 2 hours, 1 minute ago
Description :Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-20991 - QNAP QTS Privilege Escalation Vulnerability
CVE ID :CVE-2026-20991
Published : March 16, 2026, 4:31 a.m. | 2 hours, 1 minute ago
Description :Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-20991
Published : March 16, 2026, 4:31 a.m. | 2 hours, 1 minute ago
Description :Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-20992 - Samsung Settings Background Data Usage Authorization Bypass Vulnerability
CVE ID :CVE-2026-20992
Published : March 16, 2026, 4:31 a.m. | 2 hours, 1 minute ago
Description :Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-20992
Published : March 16, 2026, 4:31 a.m. | 2 hours, 1 minute ago
Description :Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-20993 - Samsung Assistant Component Export Vulnerability
CVE ID :CVE-2026-20993
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-20993
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-20994 - Samsung Account Unauthenticated Token Disclosure
CVE ID :CVE-2026-20994
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :URL redirection in Samsung Account prior to version 15.5.01.1 allows remote attackers to potentially get access token.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-20994
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :URL redirection in Samsung Account prior to version 15.5.01.1 allows remote attackers to potentially get access token.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-20995 - Smart Switch Unauthenticated Configuration Setting Vulnerability
CVE ID :CVE-2026-20995
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-20995
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-20996 - "Smart Switch Cryptographic Algorithm Vulnerability"
CVE ID :CVE-2026-20996
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-20996
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-20997 - Smart Switch Cryptographic Signature Verification Bypass Vulnerability
CVE ID :CVE-2026-20997
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-20997
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-20998 - Belkin Smart Switch Authentication Bypass
CVE ID :CVE-2026-20998
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-20998
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-20999 - Smart Switch Authentication Bypass by Replay Vulnerability
CVE ID :CVE-2026-20999
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-20999
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21000 - Galaxy Store Privilege Escalation Vulnerability
CVE ID :CVE-2026-21000
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21000
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21001 - Galaxy Store Path Traversal File Creation Vulnerability
CVE ID :CVE-2026-21001
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21001
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4214 - D-Link DNS-1550-04 app_mgr.cgi UPnP_AV_Server_Path_Setting stack-based overflow
CVE ID :CVE-2026-4214
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function UPnP_AV_Server_Path_Setting of the file /cgi-bin/app_mgr.cgi. Executing a manipulation can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4214
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function UPnP_AV_Server_Path_Setting of the file /cgi-bin/app_mgr.cgi. Executing a manipulation can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21002 - Galaxy Store Cryptographic Signature Verification Vulnerability
CVE ID :CVE-2026-21002
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21002
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4215 - FlowCI flow-core-x SMTP Host ConfigServiceImpl.java save server-side request forgery
CVE ID :CVE-2026-4215
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4215
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21004 - Cisco Smart Switch Authentication Bypass Denial of Service Vulnerability
CVE ID :CVE-2026-21004
Published : March 16, 2026, 4:35 a.m. | 1 hour, 57 minutes ago
Description :Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21004
Published : March 16, 2026, 4:35 a.m. | 1 hour, 57 minutes ago
Description :Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21005 - Cisco Smart Switch Path Traversal Vulnerability
CVE ID :CVE-2026-21005
Published : March 16, 2026, 4:35 a.m. | 1 hour, 57 minutes ago
Description :Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21005
Published : March 16, 2026, 4:35 a.m. | 1 hour, 57 minutes ago
Description :Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4216 - i-SENS SmartLog App air.SmartLog.android hard-coded credentials
CVE ID :CVE-2026-4216
Published : March 16, 2026, 5:02 a.m. | 1 hour, 31 minutes ago
Description :A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The vendor explains: "The function referenced in the report currently exists in our deployed system. It is related to a developer mode used during the configuration process for Bluetooth pairing between the blood glucose meter and the SmartLog application. This function is intended for configuration purposes related to device integration and testing. (...) [I]n a future application update, we plan to review measures to either remove the developer mode function or restrict access to it."
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4216
Published : March 16, 2026, 5:02 a.m. | 1 hour, 31 minutes ago
Description :A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The vendor explains: "The function referenced in the report currently exists in our deployed system. It is related to a developer mode used during the configuration process for Bluetooth pairing between the blood glucose meter and the SmartLog application. This function is intended for configuration purposes related to device integration and testing. (...) [I]n a future application update, we plan to review measures to either remove the developer mode function or restrict access to it."
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4217 - XREAL Nebula App ai.nreal.nebula.universal CloudStoragePlugin.java key management
CVE ID :CVE-2026-4217
Published : March 16, 2026, 5:02 a.m. | 1 hour, 31 minutes ago
Description :A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument accessKey/secretAccessKey/securityToken leads to key management error. The attack can only be performed from a local environment. The attack requires a high level of complexity. The exploitability is said to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4217
Published : March 16, 2026, 5:02 a.m. | 1 hour, 31 minutes ago
Description :A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument accessKey/secretAccessKey/securityToken leads to key management error. The attack can only be performed from a local environment. The attack requires a high level of complexity. The exploitability is said to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...