CVE-2026-21026 - SpriteWallpaper Improper Export of Android Application Components Information Disclosure
CVE ID :CVE-2026-21026
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21026
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21027 - Samsung ImsSettings: Component Export Leads to Log Triggering
CVE ID :CVE-2026-21027
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21027
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21028 - SAP AuditLogService Improper Access Control Information Disclosure
CVE ID :CVE-2026-21028
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21028
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21029 - Samsung Galaxy Editing Service Component Export Vulnerability
CVE ID :CVE-2026-21029
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21029
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21030 - MediaTek Audio HAL Access Control Vulnerability
CVE ID :CVE-2026-21030
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21030
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21031 - AppBlock Improper Authorization Local Activity Launch
CVE ID :CVE-2026-21031
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21031
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21032 - Samsung Assistant: Intent Redirection Vulnerability
CVE ID :CVE-2026-21032
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21032
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21033 - Samsung Assistant: ExpressHomeWidgetReceiver Component Export Vulnerability
CVE ID :CVE-2026-21033
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21033
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21034 - Samsung Auto: Android Component Export Vulnerability
CVE ID :CVE-2026-21034
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21034
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21035 - Samsung Plus TV Information Disclosure
CVE ID :CVE-2026-21035
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21035
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21036 - Samsung Internet Local Information Disclosure
CVE ID :CVE-2026-21036
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21036
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21037 - Samsung Members Local URL and Activity Launch Vulnerability
CVE ID :CVE-2026-21037
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21037
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21038 - Samsung Android USB Driver Out-of-Bounds Read
CVE ID :CVE-2026-21038
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21038
Published : June 5, 2026, 10:15 a.m. | 1 hour, 5 minutes ago
Description :Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11347 - Hardcoded Cryptographic Keys and Weak IV Generation in Linqi Application
CVE ID :CVE-2026-11347
Published : June 5, 2026, 10:18 a.m. | 1 hour, 2 minutes ago
Description :The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can leverage these vulnerabilities to decrypt sensitive obfuscated strings, including ConnectionString values containing database credentials from appsettings.json.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11347
Published : June 5, 2026, 10:18 a.m. | 1 hour, 2 minutes ago
Description :The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can leverage these vulnerabilities to decrypt sensitive obfuscated strings, including ConnectionString values containing database credentials from appsettings.json.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-50260 - Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()
CVE ID :CVE-2026-50260
Published : June 5, 2026, 12:16 p.m. | 3 hours, 6 minutes ago
Description :A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-50260
Published : June 5, 2026, 12:16 p.m. | 3 hours, 6 minutes ago
Description :A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-50261 - Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()
CVE ID :CVE-2026-50261
Published : June 5, 2026, 12:16 p.m. | 3 hours, 6 minutes ago
Description :A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-50261
Published : June 5, 2026, 12:16 p.m. | 3 hours, 6 minutes ago
Description :A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-50262 - Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes
CVE ID :CVE-2026-50262
Published : June 5, 2026, 12:16 p.m. | 3 hours, 6 minutes ago
Description :An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-50262
Published : June 5, 2026, 12:16 p.m. | 3 hours, 6 minutes ago
Description :An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-50263 - Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()
CVE ID :CVE-2026-50263
Published : June 5, 2026, 12:16 p.m. | 3 hours, 6 minutes ago
Description :A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-50263
Published : June 5, 2026, 12:16 p.m. | 3 hours, 6 minutes ago
Description :A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-50264 - Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds heap write in dri2 drigetbuffers/drigetbufferswithformat
CVE ID :CVE-2026-50264
Published : June 5, 2026, 12:16 p.m. | 3 hours, 6 minutes ago
Description :An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-50264
Published : June 5, 2026, 12:16 p.m. | 3 hours, 6 minutes ago
Description :An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-11329 - onnx onnx-mlir Placeholder Node Cache backend.py generate_hash_key weak hash
CVE ID :CVE-2026-11329
Published : June 5, 2026, 1:16 p.m. | 2 hours, 6 minutes ago
Description :A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generate_hash_key of the file src/Runtime/python/torch_onnxmlir/src/torch_onnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack has to be approached locally. A high complexity level is associated with this attack. The exploitation is known to be difficult. The name of the patch is 72c5187ff6d13c2c2b3d3789b8f5faf99f08a5b4. Applying a patch is advised to resolve this issue.
Severity: 3.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-11329
Published : June 5, 2026, 1:16 p.m. | 2 hours, 6 minutes ago
Description :A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generate_hash_key of the file src/Runtime/python/torch_onnxmlir/src/torch_onnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack has to be approached locally. A high complexity level is associated with this attack. The exploitation is known to be difficult. The name of the patch is 72c5187ff6d13c2c2b3d3789b8f5faf99f08a5b4. Applying a patch is advised to resolve this issue.
Severity: 3.6 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59174 - Ericsson Packet Core Controller Denial of Service
CVE ID :CVE-2025-59174
Published : June 5, 2026, 1:44 p.m. | 1 hour, 38 minutes ago
Description :Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-59174
Published : June 5, 2026, 1:44 p.m. | 1 hour, 38 minutes ago
Description :Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...