|
2071
|
7.8 |
HIGH
Local
|
samsung
|
android
|
Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions.
|
NVD-CWE-Other
|
CVE-2026-21020
|
2026-05-14 02:30 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2072
|
6.8 |
MEDIUM
Physics
|
samsung
|
android
|
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.
|
NVD-CWE-noinfo
|
CVE-2026-21021
|
2026-05-14 02:29 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2073
|
5.5 |
MEDIUM
Local
|
samsung
|
android
|
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
|
NVD-CWE-Other
|
CVE-2026-21022
|
2026-05-14 02:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2074
|
6.2 |
MEDIUM
Local
|
-
|
-
|
OpenMcdf is a fully .NET / C# library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-41511
|
2026-05-14 02:26 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2075
|
- |
|
-
|
-
|
Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated…
|
CWE-200
Information Exposure
|
CVE-2026-42865
|
2026-05-14 02:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2076
|
- |
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients (node-fetch, axios) …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-43995
|
2026-05-14 02:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2077
|
8.4 |
HIGH
Local
|
-
|
-
|
Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Cloc…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2020-37221
|
2026-05-14 02:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2078
|
- |
|
-
|
-
|
Data Space Portal is an open-source Software as a Service (SaaS) solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization …
|
CWE-602
CWE-863
Client-Side Enforcement of Server-Side Security
Incorrect Authorization
|
CVE-2026-42160
|
2026-05-14 02:24 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2079
|
9.9 |
CRITICAL
Network
|
-
|
-
|
FireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/raid/jira_bot endpoint (CreateJiraBotView) is reachable without authentication (permission_classes = […
|
CWE-306
CWE-918
Missing Authentication for Critical Function
Server-Side Request Forgery (SSRF)
|
CVE-2026-42864
|
2026-05-14 02:24 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2080
|
6.8 |
MEDIUM
Adjacent
|
-
|
-
|
Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled (LDAP_USE_TLS = True), Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-44305
|
2026-05-14 02:24 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
