9908 matches found
CVE-2026-20985
Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability...
CVE-2026-20985
Samsung Members app (versions before 5.6.00.11) contains an input validation flaw that allows remote attackers to connect arbitrary URLs and launch arbitrary activities with Samsung Members privileges. Trigger requires user interaction. Impact is elevated privileges within the Samsung Members con...
EUVD-2026-5392
Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege...
CVE-2026-20983
Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege...
CVE-2026-20979
Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege...
CVE-2026-20979
Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege...
CVE-2026-20979
CVE-2026-20979 affects Samsung Settings prior to SMR Feb-2026 Release 1. The issue is improper privilege management that lets local attackers launch arbitrary activity with Settings privileges. Impact is local privilege escalation. Remediation: update Samsung Settings to SMR Feb-2026 Release 1 or...
PT-2026-6095
Name of the Vulnerable Software and Affected Versions Samsung Members versions prior to 5.6.00.11 Description Improper input validation in Samsung Members allows remote attackers to connect an arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required...
Malicious code in incode-kyc-backend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57c3747164b70855673dc56ebec2fbfcd084909fe71fe4ded3b1e80d4c155f53 The package incode-kyc-backend was found to contain malicious code. Source: ghsa-malware...
GO-2026-4329 Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered in github.com/pterodactyl/wings
Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered in github.com/pterodactyl/wings...
MAL-2026-704 Malicious code in testing-package-xdsfdsfsc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 128bcd8c35be8360c070b2fc3bbb64392b17fd5c576efdc7d99e2722d992bc44 The package testing-package-xdsfdsfsc was found to contain malicious code. Source: ghsa-malware...
Malicious code in @x-clients/features (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11011581541d17f28bb84a9e3ea5703dfc0f4834506875fa48f61ea79c87c30c The package @x-clients/features was found to contain malicious code. Source: ossf-package-analysis...
CVE-2026-0617
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer profile fields in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2026-6505
Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered in github.com/pterodactyl/wings...
CERTFR-2026-ACT-005
creationtimestamp| type| source ---|---|--- 2026-02-02 14:24:55+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3mdv2f55uwk26 2026-02-02 15:42:59+00:00| seen| https://bsky.app/profile/infosecfr.skyfleet.blue/post/3mdv6qqjhxb2m 2026-02-06 23:48:20+00:00| seen|...
CVE-2022-50940
Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially...
PT-2026-5567
Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially...
MAL-2026-617 Malicious code in roots-cms-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9670a58bdf8573b9c7d94a74cf58593a55692bfcf33d931693680389b981f89c The package roots-cms-client was found to contain malicious code. Source: ghsa-malware 88007d193d64ac8d7a2a970903353601b1f620a48f22c3cd3c7a838da0cce4...
Malicious code in c11dff444 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d47b3f981fe050f2eab507069b880d1c47c4107c28eba0d1a16010400a249ad The package c11dff444 was found to contain malicious code. Source: ghsa-malware 437d8651f7d884d1905e0d01e2accffb3fcce5408fc4a6b0ef2ca6c37f0bade4 Any...
MAL-2026-607 Malicious code in banquet-runtime-modules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 236dee5bac395a6446685322fb3dadb454e4b7f7d43a132111a8392721fed206 The package banquet-runtime-modules was found to contain malicious code. Source: ghsa-malware...