CVE-2026-21000 - Galaxy Store Privilege Escalation Vulnerability
CVE ID :CVE-2026-21000
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21000
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21001 - Galaxy Store Path Traversal File Creation Vulnerability
CVE ID :CVE-2026-21001
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21001
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4214 - D-Link DNS-1550-04 app_mgr.cgi UPnP_AV_Server_Path_Setting stack-based overflow
CVE ID :CVE-2026-4214
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function UPnP_AV_Server_Path_Setting of the file /cgi-bin/app_mgr.cgi. Executing a manipulation can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4214
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function UPnP_AV_Server_Path_Setting of the file /cgi-bin/app_mgr.cgi. Executing a manipulation can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21002 - Galaxy Store Cryptographic Signature Verification Vulnerability
CVE ID :CVE-2026-21002
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21002
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4215 - FlowCI flow-core-x SMTP Host ConfigServiceImpl.java save server-side request forgery
CVE ID :CVE-2026-4215
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4215
Published : March 16, 2026, 4:32 a.m. | 2 hours, 1 minute ago
Description :A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21004 - Cisco Smart Switch Authentication Bypass Denial of Service Vulnerability
CVE ID :CVE-2026-21004
Published : March 16, 2026, 4:35 a.m. | 1 hour, 57 minutes ago
Description :Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21004
Published : March 16, 2026, 4:35 a.m. | 1 hour, 57 minutes ago
Description :Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21005 - Cisco Smart Switch Path Traversal Vulnerability
CVE ID :CVE-2026-21005
Published : March 16, 2026, 4:35 a.m. | 1 hour, 57 minutes ago
Description :Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21005
Published : March 16, 2026, 4:35 a.m. | 1 hour, 57 minutes ago
Description :Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4216 - i-SENS SmartLog App air.SmartLog.android hard-coded credentials
CVE ID :CVE-2026-4216
Published : March 16, 2026, 5:02 a.m. | 1 hour, 31 minutes ago
Description :A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The vendor explains: "The function referenced in the report currently exists in our deployed system. It is related to a developer mode used during the configuration process for Bluetooth pairing between the blood glucose meter and the SmartLog application. This function is intended for configuration purposes related to device integration and testing. (...) [I]n a future application update, we plan to review measures to either remove the developer mode function or restrict access to it."
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4216
Published : March 16, 2026, 5:02 a.m. | 1 hour, 31 minutes ago
Description :A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. The vendor explains: "The function referenced in the report currently exists in our deployed system. It is related to a developer mode used during the configuration process for Bluetooth pairing between the blood glucose meter and the SmartLog application. This function is intended for configuration purposes related to device integration and testing. (...) [I]n a future application update, we plan to review measures to either remove the developer mode function or restrict access to it."
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4217 - XREAL Nebula App ai.nreal.nebula.universal CloudStoragePlugin.java key management
CVE ID :CVE-2026-4217
Published : March 16, 2026, 5:02 a.m. | 1 hour, 31 minutes ago
Description :A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument accessKey/secretAccessKey/securityToken leads to key management error. The attack can only be performed from a local environment. The attack requires a high level of complexity. The exploitability is said to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4217
Published : March 16, 2026, 5:02 a.m. | 1 hour, 31 minutes ago
Description :A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument accessKey/secretAccessKey/securityToken leads to key management error. The attack can only be performed from a local environment. The attack requires a high level of complexity. The exploitability is said to be difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-31386 - LiteSpeed Technologies OpenLiteSpeed and LSWS Enterprise OS Command Injection Vulnerability
CVE ID :CVE-2026-31386
Published : March 16, 2026, 5:21 a.m. | 1 hour, 12 minutes ago
Description :OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-31386
Published : March 16, 2026, 5:21 a.m. | 1 hour, 12 minutes ago
Description :OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies contain an OS command injection vulnerability. An arbitrary OS command may be executed by an attacker with the administrative privilege.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4218 - myAEDES App aedes.me.beta EngageBayUtils.java information disclosure
CVE ID :CVE-2026-4218
Published : March 16, 2026, 5:32 a.m. | 1 hour, 1 minute ago
Description :A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTH_KEY results in information disclosure. The attack is only possible with local access. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4218
Published : March 16, 2026, 5:32 a.m. | 1 hour, 1 minute ago
Description :A vulnerability was detected in myAEDES App up to 1.18.4 on Android. Affected is an unknown function of the file aedes/me/beta/utils/EngageBayUtils.java of the component aedes.me.beta. Performing a manipulation of the argument AUTH_KEY results in information disclosure. The attack is only possible with local access. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25083 - GROWI OpenAI Authorization Bypass
CVE ID :CVE-2026-25083
Published : March 16, 2026, 6:47 a.m. | 3 hours, 47 minutes ago
Description :GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-25083
Published : March 16, 2026, 6:47 a.m. | 3 hours, 47 minutes ago
Description :GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper the other user's threads/messages.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32776 - Expat XML Parser NULL Pointer Dereference Vulnerability
CVE ID :CVE-2026-32776
Published : March 16, 2026, 6:54 a.m. | 3 hours, 41 minutes ago
Description :libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-32776
Published : March 16, 2026, 6:54 a.m. | 3 hours, 41 minutes ago
Description :libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32777 - Apache libexpat DTD Infinite Loop Vulnerability
CVE ID :CVE-2026-32777
Published : March 16, 2026, 6:58 a.m. | 3 hours, 37 minutes ago
Description :libexpat before 2.7.5 allows an infinite loop while parsing DTD content.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-32777
Published : March 16, 2026, 6:58 a.m. | 3 hours, 37 minutes ago
Description :libexpat before 2.7.5 allows an infinite loop while parsing DTD content.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4223 - itsourcecode Payroll Management System manage_employee.php sql injection
CVE ID :CVE-2026-4223
Published : March 16, 2026, 7:02 a.m. | 3 hours, 33 minutes ago
Description :A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manage_employee.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4223
Published : March 16, 2026, 7:02 a.m. | 3 hours, 33 minutes ago
Description :A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manage_employee.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32778 - Libexpat NULL Pointer Dereference Vulnerability
CVE ID :CVE-2026-32778
Published : March 16, 2026, 7:02 a.m. | 3 hours, 32 minutes ago
Description :libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-32778
Published : March 16, 2026, 7:02 a.m. | 3 hours, 32 minutes ago
Description :libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0639 - liteos_a has a missing release of memory vulnerability
CVE ID :CVE-2026-0639
Published : March 16, 2026, 7:08 a.m. | 3 hours, 26 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-0639
Published : March 16, 2026, 7:08 a.m. | 3 hours, 26 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12736 - multimedia_audio_standard has an insecure storage of sensitive information vulnerability
CVE ID :CVE-2025-12736
Published : March 16, 2026, 7:09 a.m. | 3 hours, 26 minutes ago
Description :in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitialized resource.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-12736
Published : March 16, 2026, 7:09 a.m. | 3 hours, 26 minutes ago
Description :in OpenHarmony v5.0.3 and prior versions allow a local attacker case sensitive information leak through use of uninitialized resource.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25277 - arkcompiler_ets_runtime has a type confusion vulnerability
CVE ID :CVE-2025-25277
Published : March 16, 2026, 7:09 a.m. | 3 hours, 26 minutes ago
Description :in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-25277
Published : March 16, 2026, 7:09 a.m. | 3 hours, 26 minutes ago
Description :in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41432 - arkcompiler_ets_runtime has an out-of-bounds write vulnerability
CVE ID :CVE-2025-41432
Published : March 16, 2026, 7:09 a.m. | 3 hours, 25 minutes ago
Description :in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-41432
Published : March 16, 2026, 7:09 a.m. | 3 hours, 25 minutes ago
Description :in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52458 - arkcompiler_ets_runtime has an out-of-bounds write vulnerability
CVE ID :CVE-2025-52458
Published : March 16, 2026, 7:10 a.m. | 3 hours, 25 minutes ago
Description :in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-52458
Published : March 16, 2026, 7:10 a.m. | 3 hours, 25 minutes ago
Description :in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...