Lucene search
K
CvelistRecent

364911 matches found

Cvelist
Cvelist
•added 2026/06/17 7:19 a.m.•35 views

CVE-2026-28576

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00148EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 7:17 a.m.•33 views

CVE-2026-28615

In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00123EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 7:15 a.m.•34 views

CVE-2026-0083

In Nfc::eventCallback of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00121EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 7:13 a.m.•34 views

CVE-2026-0082

In tryStartActivity of NfcDispatcher.java, there is a possible automatic special app access permission assignment due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00165EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 7:13 a.m.•34 views

CVE-2026-12199 Unauthenticated Denial of Service in nltk.app.wordnet_app

A vulnerability in nltk.app.wordnetapp up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens on all interfaces and processes a specific unauthenticated GET request /SHUTDOWN%20THE%20SERVER to...

7.5CVSS0.00325EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 7:12 a.m.•33 views

CVE-2026-0081

In NFC, there is a possible way to spoof an NFC event due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00148EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 7:9 a.m.•36 views

CVE-2026-0071

In SettingsLib, there is a possible missing permission check due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00155EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 7:2 a.m.•38 views

CVE-2026-28575

In PackageInstaller.Sessiontransfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed...

10CVSS0.00125EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 6:59 a.m.•36 views

CVE-2026-0064

In multiple places, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00122EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 6:57 a.m.•44 views

CVE-2026-0092

In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00218EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 6:49 a.m.•29 views

CVE-2026-8494 Permalink Manager Lite <= 2.5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00193EPSS
Exploits0References5
Cvelist
Cvelist
•added 2026/06/17 6:49 a.m.•27 views

CVE-2026-8607 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrap' Shortcode Attribute

The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wrap' Shortcode Attribute in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping...

6.4CVSS0.00269EPSS
Exploits0References8
Cvelist
Cvelist
•added 2026/06/17 6:49 a.m.•35 views

CVE-2026-0068

In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...

10CVSS0.00123EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 6:48 a.m.•29 views

CVE-2026-10094 Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026

A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server...

9.8CVSS0.0038EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 6:0 a.m.•30 views

CVE-2026-8383 LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API

The LearnPress WordPress plugin before 4.3.7 does not gate the edit context on one of its REST endpoint behind the editusers capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted...

0.00424EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 6:0 a.m.•28 views

CVE-2026-7850 WP Magnific Popup <= 1.0 - Author+ Stored XSS via href Attribute

The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displaying image load error messages, allowing authenticated attackers with Author-level access or above to perform Stored Cross-Site Scripting attacks...

0.0014EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 6:0 a.m.•59 views

CVE-2026-9570 Taskbuilder < 5.0.8 - Reflected XSS via Shortcode

The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend page containing one of its shortcodes, leading to a Reflected Cross-Site Scripting vulnerability that can be triggered against any logged-in user...

0.00146EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 6:0 a.m.•30 views

CVE-2026-8089 weMail < 2.1.3 - Reflected Cross-Site Scripting

The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated...

0.00215EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 5:53 a.m.•32 views

CVE-2026-0057

In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00065EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 5:53 a.m.•32 views

CVE-2026-0019

In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.0008EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 5:53 a.m.•28 views

CVE-2025-48643

In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00084EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 5:53 a.m.•31 views

CVE-2025-48640

In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00094EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 5:53 a.m.•28 views

CVE-2025-48617

In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00077EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 5:53 a.m.•33 views

CVE-2025-48571

In multiple functions of btmsec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

0.00191EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 4:56 a.m.•31 views

CVE-2026-53876

RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator...

8.6CVSS0.01786EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 4:32 a.m.•28 views

CVE-2026-12360 JetEngine <= 3.8.10.1 - Unauthenticated SQL Injection via Listing Grid Load More AJAX Endpoint

The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listingloadmore AJAX handler accepts a filteredquery parameter that is intentionally excluded from the HMAC query signature check to support front-end filter integration. However,...

7.5CVSS0.00322EPSS
Exploits0References6
Cvelist
Cvelist
•added 2026/06/17 1:48 a.m.•33 views

CVE-2025-15642 Netskope Client Service Insufficient Access Controls

Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List DACLs on the service object and related registry keys,. Produc...

6.8CVSS0.00143EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/06/17 1:47 a.m.•32 views

CVE-2026-50203 Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory allows local file write outside the destination directory via malicious server-supplied directory-entry names

A path traversal in the SFTP provider SFTPHook.retrievedirectory / SFTPOperatoroperation=get let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is a...

0.00626EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•23 views

CVE-2026-12469

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

0.00186EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•24 views

CVE-2026-12468

Race in Updater in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

0.00143EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•25 views

CVE-2026-12467

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

0.00222EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•25 views

CVE-2026-12465

Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

0.00242EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•22 views

CVE-2026-12466

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

0.00426EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•22 views

CVE-2026-12464

Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

0.00222EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•23 views

CVE-2026-12463

Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

0.00133EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•23 views

CVE-2026-12462

Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

0.00271EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•22 views

CVE-2026-12461

Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

0.00242EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•22 views

CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

0.00153EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•23 views

CVE-2026-12458

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

0.0019EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•21 views

CVE-2026-12459

Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

0.00181EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•23 views

CVE-2026-12457

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

0.00136EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•24 views

CVE-2026-12455

Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

0.00227EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•23 views

CVE-2026-12456

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: High...

0.00137EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•21 views

CVE-2026-12453

Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

0.0018EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•22 views

CVE-2026-12454

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

0.00146EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•19 views

CVE-2026-12451

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

0.00173EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•24 views

CVE-2026-12452

Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

0.00256EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•21 views

CVE-2026-12450

Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

0.00184EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•21 views

CVE-2026-12449

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...

0.00109EPSS
Exploits0References2
Cvelist
Cvelist
•added 2026/06/17 1:38 a.m.•21 views

CVE-2026-12448

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: High...

0.00255EPSS
Exploits0References2
Total number of security vulnerabilities364911