CVE-2026-9088 - Keycloak: keycloak: information disclosure due to user profile permission bypass
CVE ID :CVE-2026-9088
Published : June 5, 2026, 8:16 a.m. | 3 hours, 4 minutes ago
Description :A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied, leading to information disclosure.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-9088
Published : June 5, 2026, 8:16 a.m. | 3 hours, 4 minutes ago
Description :A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied, leading to information disclosure.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11332 - Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution
CVE ID :CVE-2026-11332
Published : June 5, 2026, 9:16 a.m. | 2 hours, 5 minutes ago
Description :A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field. This allows arbitrary code execution on the machine of a user who installs the role via ansible-galaxy role install.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11332
Published : June 5, 2026, 9:16 a.m. | 2 hours, 5 minutes ago
Description :A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field. This allows arbitrary code execution on the machine of a user who installs the role via ansible-galaxy role install.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-49777 - WordPress Product Slider Pro for WooCommerce plugin < 3.5.3 - Backdoor vulnerability
CVE ID :CVE-2026-49777
Published : June 5, 2026, 9:16 a.m. | 2 hours, 5 minutes ago
Description :Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.3. No patched version is available - the vendor has applied a fix to an existing release without publishing a new version. While the patch provided by the vendor is valid, releasing it under the existing version number leaves users unable to reliably determine whether they are running a patched or vulnerable installation. As a result, we treat this as an unpatched version.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-49777
Published : June 5, 2026, 9:16 a.m. | 2 hours, 5 minutes ago
Description :Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.3. No patched version is available - the vendor has applied a fix to an existing release without publishing a new version. While the patch provided by the vendor is valid, releasing it under the existing version number leaves users unable to reliably determine whether they are running a patched or vulnerable installation. As a result, we treat this as an unpatched version.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6274 - Authentication Bypass in DTS Electronics' Redline WR3200
CVE ID :CVE-2026-6274
Published : June 5, 2026, 9:16 a.m. | 2 hours, 5 minutes ago
Description :Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6274
Published : June 5, 2026, 9:16 a.m. | 2 hours, 5 minutes ago
Description :Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8914 - Command injection in Profile change function
CVE ID :CVE-2026-8914
Published : June 5, 2026, 9:36 a.m. | 1 hour, 44 minutes ago
Description :In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the root user.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8914
Published : June 5, 2026, 9:36 a.m. | 1 hour, 44 minutes ago
Description :In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the root user.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-50265 - Libinput: local privilege escalation via crafted uinput devices
CVE ID :CVE-2026-50265
Published : June 5, 2026, 9:49 a.m. | 1 hour, 31 minutes ago
Description :A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVE_CMD properties that are executed when a device is removed. This vulnerability allows an attacker to gain elevated privileges on the system.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-50265
Published : June 5, 2026, 9:49 a.m. | 1 hour, 31 minutes ago
Description :A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVE_CMD properties that are executed when a device is removed. This vulnerability allows an attacker to gain elevated privileges on the system.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21017 - SecTelephonyProvider Insufficient Privileges Local File Access
CVE ID :CVE-2026-21017
Published : June 5, 2026, 10:14 a.m. | 1 hour, 6 minutes ago
Description :Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21017
Published : June 5, 2026, 10:14 a.m. | 1 hour, 6 minutes ago
Description :Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21025 - Telephony Improper Privilege Assignment Information Disclosure
CVE ID :CVE-2026-21025
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21025
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21026 - SpriteWallpaper Improper Export of Android Application Components Information Disclosure
CVE ID :CVE-2026-21026
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21026
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21027 - Samsung ImsSettings: Component Export Leads to Log Triggering
CVE ID :CVE-2026-21027
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21027
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21028 - SAP AuditLogService Improper Access Control Information Disclosure
CVE ID :CVE-2026-21028
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21028
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21029 - Samsung Galaxy Editing Service Component Export Vulnerability
CVE ID :CVE-2026-21029
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21029
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21030 - MediaTek Audio HAL Access Control Vulnerability
CVE ID :CVE-2026-21030
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21030
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21031 - AppBlock Improper Authorization Local Activity Launch
CVE ID :CVE-2026-21031
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21031
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21032 - Samsung Assistant: Intent Redirection Vulnerability
CVE ID :CVE-2026-21032
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21032
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21033 - Samsung Assistant: ExpressHomeWidgetReceiver Component Export Vulnerability
CVE ID :CVE-2026-21033
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21033
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21034 - Samsung Auto: Android Component Export Vulnerability
CVE ID :CVE-2026-21034
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21034
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21035 - Samsung Plus TV Information Disclosure
CVE ID :CVE-2026-21035
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21035
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21036 - Samsung Internet Local Information Disclosure
CVE ID :CVE-2026-21036
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21036
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21037 - Samsung Members Local URL and Activity Launch Vulnerability
CVE ID :CVE-2026-21037
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21037
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21038 - Samsung Android USB Driver Out-of-Bounds Read
CVE ID :CVE-2026-21038
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21038
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...