CVE-2026-10510

Cross-Site Scripting XSS in GeniexWebView component in Transsion AI Assistant Lifestyle application com.transsion.aiassistantlifestyle all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context via crafted webactiondata URL parameter...

CVE-2026-6075

The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonce verification on the bulk action handlers in the settings tab handlers. This makes it possible for unauthenticated attackers to trick an...

CVE-2026-42759

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through = 1.10.1...

CVE-2026-22070

ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal...

CVE-2026-44698

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app WebView window.externalApp on Android and...

CVE-2026-21032

Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

CVE-2026-21033

Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

CVE-2026-21033

Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

CVE-2026-21033

Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

CVE-2026-21033

Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

EUVD-2026-34805

Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

CVE-2026-21032

Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

EUVD-2026-34804

Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

CVE-2026-21032

Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

CVE-2026-21032

CVE-2026-21032 concerns Samsung Assistant's SmartHomeWidgetReceiver where improper export of Android app components allows a local attacker to execute arbitrary script. Affected software: Samsung Assistant prior to version 9.3.14 (the vulnerable component is SmartHomeWidgetReceiver). Root cause: ...

WordPress Media Library Assistant <= 3.34 - SQL Injection

David Lingren Media Library Assistant = 3.34 contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2026-34885 info: name: WordPress Media Library Assistant = 3.34 -...

LG LED Assistant - Thumbnail Path Traversal File Upload

A path traversal vulnerability exists in the endpoint handler for /api/thumbnail in Common.js. An unauthenticated remote attacker can exploit this to upload arbitrary files to any location on the disk drive where the product is installed. id: CVE-2024-2863 info: name: LG LED Assistant - Thumbnail...

AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls

The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ayschatgptdisconnect, ayschatgptconnect, and ayschatgptsavefeedback id: CVE-2024-7714 info: name: AI Assistant with...

Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion

Media Library Assistant plugin for WordPress before 2.82 contains a local file inclusion caused by unsanitized mlagallery link parameter, letting attackers include arbitrary local files, exploit requires access to the vulnerable link. id: CVE-2020-11732 info: name: Media Library Assistant 2.82 -...

PT-2026-46923

Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...