CVE-2026-22069 - O+ Connect Local Privilege Escalation Vulnerability
CVE ID :CVE-2026-22069
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-22069
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24792 - web_webview has a Race Condition vulnerability
CVE ID :CVE-2026-24792
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-24792
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25110 - Sensors_medical_sensor has a NULL pointer dereference vulnerability
CVE ID :CVE-2026-25110
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-25110
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25781 - kernel_liteos_a has an out-of-bounds write vulnerability
CVE ID :CVE-2026-25781
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-25781
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25850 - filemanagement_storage_service has an improper preservation of permissions vulnerability
CVE ID :CVE-2026-25850
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-25850
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27648 - web_webview has an out-of-bounds write vulnerability
CVE ID :CVE-2026-27648
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27648
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27766 - multimedia_audio_framework has a Race Condition vulnerability
CVE ID :CVE-2026-27766
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27766
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27781 - kernel_liteos_a has an integer overflow vulnerability
CVE ID :CVE-2026-27781
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-27781
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28733 - filemanagement_storage_service has an use after free vulnerability
CVE ID :CVE-2026-28733
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-28733
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28751 - filemanagement_storage_service has an improper input validation vulnerability
CVE ID :CVE-2026-28751
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-28751
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-33565 - kernel_linux_common_modules has a Race Condition vulnerability
CVE ID :CVE-2026-33565
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-33565
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-47307 - Samsung Open Source Walrus Null Pointer Dereference Denial of Service Vulnerability
CVE ID :CVE-2026-47307
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-47307
Published : May 19, 2026, 4:16 a.m. | 3 hours, 8 minutes ago
Description :NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-47309 - Samsung Open Source Escargot Uncontrolled Recursion Deserialization Vulnerability
CVE ID :CVE-2026-47309
Published : May 19, 2026, 4:47 a.m. | 2 hours, 37 minutes ago
Description :Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-47309
Published : May 19, 2026, 4:47 a.m. | 2 hours, 37 minutes ago
Description :Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-47310 - Samsung Escargot After Free Pointer Manipulation
CVE ID :CVE-2026-47310
Published : May 19, 2026, 4:52 a.m. | 2 hours, 32 minutes ago
Description :Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-47310
Published : May 19, 2026, 4:52 a.m. | 2 hours, 32 minutes ago
Description :Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-47311 - Samsung Open Source Escargot Heap Buffer Overflow
CVE ID :CVE-2026-47311
Published : May 19, 2026, 4:58 a.m. | 2 hours, 26 minutes ago
Description :Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-47311
Published : May 19, 2026, 4:58 a.m. | 2 hours, 26 minutes ago
Description :Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8813 - Apache ExifReader ICC mluc Tag Buffer Overflow Vulnerability
CVE ID :CVE-2026-8813
Published : May 19, 2026, 5 a.m. | 2 hours, 25 minutes ago
Description :This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficient bounds validation, causing excessive memory growth. In applications that parse attacker-supplied images, this may lead to denial of service through memory exhaustion.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8813
Published : May 19, 2026, 5 a.m. | 2 hours, 25 minutes ago
Description :This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficient bounds validation, causing excessive memory growth. In applications that parse attacker-supplied images, this may lead to denial of service through memory exhaustion.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8814 - ExifReader PNG zTXt Data Amplification Vulnerability
CVE ID :CVE-2026-8814
Published : May 19, 2026, 5 a.m. | 2 hours, 25 minutes ago
Description :Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containing a highly compressed zTXt chunk can cause ExifReader to materialize a disproportionately large Comment value in memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8814
Published : May 19, 2026, 5 a.m. | 2 hours, 25 minutes ago
Description :Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containing a highly compressed zTXt chunk can cause ExifReader to materialize a disproportionately large Comment value in memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32994 - Slack API Autotranslate Message ID Information Disclosure Vulnerability
CVE ID :CVE-2026-32994
Published : May 19, 2026, 5:16 a.m. | 2 hours, 8 minutes ago
Description :The /api/v1/autotranslate.translateMessage endpoint in versions <8 (canaccessroomidasync (private .5.0, <7.10.12 <7.13.8, <8.0.6, <8.1.5, <8.2.4, <8.3.4, <8.4.2,
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-32994
Published : May 19, 2026, 5:16 a.m. | 2 hours, 8 minutes ago
Description :The /api/v1/autotranslate.translateMessage endpoint in versions <8 (canaccessroomidasync (private .5.0, <7.10.12 <7.13.8, <8.0.6, <8.1.5, <8.2.4, <8.3.4, <8.4.2,
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-47308 - Samsung Open Source Walrus NULL Pointer Dereference Vulnerability
CVE ID :CVE-2026-47308
Published : May 19, 2026, 5:16 a.m. | 2 hours, 8 minutes ago
Description :NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-47308
Published : May 19, 2026, 5:16 a.m. | 2 hours, 8 minutes ago
Description :NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15609 - Fortis For WooCommerce < 1.3.1 - Sensitive API Key Disclosure
CVE ID :CVE-2025-15609
Published : May 19, 2026, 6 a.m. | 1 hour, 25 minutes ago
Description :The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-15609
Published : May 19, 2026, 6 a.m. | 1 hour, 25 minutes ago
Description :The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8830 - Keycloak: org.keycloak/keycloak-services: keycloak: policy bypass during webauthn credential registration via client-side javascript manipulation
CVE ID :CVE-2026-8830
Published : May 19, 2026, 6:04 a.m. | 1 hour, 21 minutes ago
Description :A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction() fails to validate that the newly created credential's parameters, such as public key algorithms, match the realm's configured WebAuthn policies. This could lead to the creation of credentials that do not adhere to administrative security requirements, potentially weakening the overall security posture of the system by allowing non-compliant authentication methods.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8830
Published : May 19, 2026, 6:04 a.m. | 1 hour, 21 minutes ago
Description :A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction() fails to validate that the newly created credential's parameters, such as public key algorithms, match the realm's configured WebAuthn policies. This could lead to the creation of credentials that do not adhere to administrative security requirements, potentially weakening the overall security posture of the system by allowing non-compliant authentication methods.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...