|
1561
|
6.7 |
MEDIUM
Local
|
samsung
|
android
|
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.
|
CWE-787
Out-of-bounds Write
|
CVE-2026-21018
|
2026-05-14 02:31 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1562
|
- |
|
-
|
-
|
Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and d…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-42856
|
2026-05-14 02:31 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1563
|
4.3 |
MEDIUM
Network
|
-
|
-
|
@workos/authkit-session is a toolkit for building WorkOS AuthKit framework integrations. Prior to 0.5.1, an open redirect vulnerability exists in AuthService.handleCallback due to insufficient valida…
|
CWE-601
Open Redirect
|
CVE-2026-42565
|
2026-05-14 02:31 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1564
|
8.2 |
HIGH
Network
|
-
|
-
|
jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/[filename]. The filename route parameter is jo…
|
CWE-22
CWE-200
Path Traversal
Information Exposure
|
CVE-2026-42564
|
2026-05-14 02:31 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1565
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.…
|
CWE-290
CWE-348
Authentication Bypass by Spoofing
Use of Less Trusted Source
|
CVE-2026-44183
|
2026-05-14 02:31 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1566
|
7.8 |
HIGH
Local
|
samsung
|
android
|
Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions.
|
NVD-CWE-Other
|
CVE-2026-21020
|
2026-05-14 02:30 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1567
|
6.8 |
MEDIUM
Physics
|
samsung
|
android
|
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.
|
NVD-CWE-noinfo
|
CVE-2026-21021
|
2026-05-14 02:29 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1568
|
5.5 |
MEDIUM
Local
|
samsung
|
android
|
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
|
NVD-CWE-Other
|
CVE-2026-21022
|
2026-05-14 02:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1569
|
6.2 |
MEDIUM
Local
|
-
|
-
|
OpenMcdf is a fully .NET / C# library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-41511
|
2026-05-14 02:26 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1570
|
- |
|
-
|
-
|
Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated…
|
CWE-200
Information Exposure
|
CVE-2026-42865
|
2026-05-14 02:26 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
