CVE-2026-6274 - Authentication Bypass in DTS Electronics' Redline WR3200
CVE ID :CVE-2026-6274
Published : June 5, 2026, 9:16 a.m. | 2 hours, 5 minutes ago
Description :Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6274
Published : June 5, 2026, 9:16 a.m. | 2 hours, 5 minutes ago
Description :Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8914 - Command injection in Profile change function
CVE ID :CVE-2026-8914
Published : June 5, 2026, 9:36 a.m. | 1 hour, 44 minutes ago
Description :In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the root user.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8914
Published : June 5, 2026, 9:36 a.m. | 1 hour, 44 minutes ago
Description :In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the root user.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-50265 - Libinput: local privilege escalation via crafted uinput devices
CVE ID :CVE-2026-50265
Published : June 5, 2026, 9:49 a.m. | 1 hour, 31 minutes ago
Description :A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVE_CMD properties that are executed when a device is removed. This vulnerability allows an attacker to gain elevated privileges on the system.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-50265
Published : June 5, 2026, 9:49 a.m. | 1 hour, 31 minutes ago
Description :A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVE_CMD properties that are executed when a device is removed. This vulnerability allows an attacker to gain elevated privileges on the system.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21017 - SecTelephonyProvider Insufficient Privileges Local File Access
CVE ID :CVE-2026-21017
Published : June 5, 2026, 10:14 a.m. | 1 hour, 6 minutes ago
Description :Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21017
Published : June 5, 2026, 10:14 a.m. | 1 hour, 6 minutes ago
Description :Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21025 - Telephony Improper Privilege Assignment Information Disclosure
CVE ID :CVE-2026-21025
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21025
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21026 - SpriteWallpaper Improper Export of Android Application Components Information Disclosure
CVE ID :CVE-2026-21026
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21026
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21027 - Samsung ImsSettings: Component Export Leads to Log Triggering
CVE ID :CVE-2026-21027
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21027
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21028 - SAP AuditLogService Improper Access Control Information Disclosure
CVE ID :CVE-2026-21028
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21028
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21029 - Samsung Galaxy Editing Service Component Export Vulnerability
CVE ID :CVE-2026-21029
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21029
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21030 - MediaTek Audio HAL Access Control Vulnerability
CVE ID :CVE-2026-21030
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21030
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21031 - AppBlock Improper Authorization Local Activity Launch
CVE ID :CVE-2026-21031
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21031
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21032 - Samsung Assistant: Intent Redirection Vulnerability
CVE ID :CVE-2026-21032
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21032
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21033 - Samsung Assistant: ExpressHomeWidgetReceiver Component Export Vulnerability
CVE ID :CVE-2026-21033
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21033
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21034 - Samsung Auto: Android Component Export Vulnerability
CVE ID :CVE-2026-21034
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21034
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21035 - Samsung Plus TV Information Disclosure
CVE ID :CVE-2026-21035
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21035
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21036 - Samsung Internet Local Information Disclosure
CVE ID :CVE-2026-21036
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21036
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21037 - Samsung Members Local URL and Activity Launch Vulnerability
CVE ID :CVE-2026-21037
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21037
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21038 - Samsung Android USB Driver Out-of-Bounds Read
CVE ID :CVE-2026-21038
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21038
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11347 - Hardcoded Cryptographic Keys and Weak IV Generation in Linqi Application
CVE ID :CVE-2026-11347
Published : June 5, 2026, 10:18 a.m. | 1 hour, 2 minutes ago
Description :The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can leverage these vulnerabilities to decrypt sensitive obfuscated strings, including ConnectionString values containing database credentials from appsettings.json.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11347
Published : June 5, 2026, 10:18 a.m. | 1 hour, 2 minutes ago
Description :The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can leverage these vulnerabilities to decrypt sensitive obfuscated strings, including ConnectionString values containing database credentials from appsettings.json.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-50260 - Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()
CVE ID :CVE-2026-50260
Published : June 5, 2026, 12:16 p.m. | 3 hours, 6 minutes ago
Description :A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-50260
Published : June 5, 2026, 12:16 p.m. | 3 hours, 6 minutes ago
Description :A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-50261 - Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()
CVE ID :CVE-2026-50261
Published : June 5, 2026, 12:16 p.m. | 3 hours, 6 minutes ago
Description :A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-50261
Published : June 5, 2026, 12:16 p.m. | 3 hours, 6 minutes ago
Description :A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...