CVE-2026-21021

Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity...

CVE-2026-45435

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a through 5.6.3...

CVE-2026-33657

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard non-administrative privileges to inject arbitrary HTML into system-generated email notifications by crafting...

CVE-2026-42673

Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Activity Logs Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity allows Retrieve Embedded Sensitive Data. This issue affects Activity Logs, User Activity Tracking, Multisite Activity Log from...

CVE-2026-21031

Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability...

CVE-2026-21037

Technical details for CVE-2026-21037 are not publicly available in the provided documents. Monitor for updates.

EUVD-2026-34803

Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability...

CVE-2026-21031

Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability...

CVE-2026-21031

Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability...

PT-2026-46927

Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege...

PT-2026-46921

Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability...

Malicious code in cms-store-ren (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3593e36ce898d648883ea6f911a5cec1f75f9e8bda5585f7ff5f8754c821de The package's scripts.install runs install.js on every npm install. The script unconditionally POSTs the installer's hostname, OS, and architecture t...

MAL-2026-5364 Malicious code in cms-store-ren (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3593e36ce898d648883ea6f911a5cec1f75f9e8bda5585f7ff5f8754c821de The package's scripts.install runs install.js on every npm install. The script unconditionally POSTs the installer's hostname, OS, and architecture t...

CVE-2025-32348

In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

MAL-2026-5158 Malicious code in page-info-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9314c597c5023f198b20ebe47d09cf929d8e252e27f60928a3ab73dbe77de8cd [email protected] ships an empty stub index.js is module.exports = with placeholder author/description metadata and an unusually high 99.9.1...

Malicious code in po-ops-local-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ed7a024c524e1a4bc29e2670d7dc00e5aa4c6891650c3c6bf38a2f388f4a3cb9 The OpenSSF Package Analysis project identified 'po-ops-local-dev' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...

multi-layered-security-assessment

Advanced Network Attack and Defense: Multi-Layered Assessment...

CERTFR-2026-ACT-024

creationtimestamp| type| source ---|---|--- 2026-06-02 08:18:23+00:00| seen| https://bsky.app/profile/infosecfr.skyfleet.blue/post/3mnc5u7bels2o 2026-06-08 13:44:39+00:00| seen| https://bsky.app/profile/infosecfr.skyfleet.blue/post/3mnrsv5au222s...

EUVD-2026-33804

In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...

EUVD-2026-33808

In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...