Total CVEs

143,835

Critical Severity

4,094

High Severity

14,788

Last 7 Days

1,470
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 21,401 - 21,420 of 40,240 CVEs

External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege.

Vendor: Samsung Mobile
Product: Samsung Mobile Devices
Published: Apr 13, 2026
Source: NVD
CVE-2026-21011 MEDIUM - 6.8

Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.

Vendor: Samsung Mobile
Product: Samsung Mobile Devices
Published: Apr 13, 2026
Source: NVD
CVE-2026-21010 MEDIUM - 6.6

Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.

Vendor: Samsung Mobile
Product: Samsung Mobile Devices
Published: Apr 13, 2026
Source: NVD
CVE-2026-21009 MEDIUM - 6.8

Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning.

Vendor: Samsung Mobile
Product: Samsung Mobile Devices
Published: Apr 13, 2026
Source: NVD
CVE-2026-21008 MEDIUM - 6.5

Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information.

Vendor: Samsung Mobile
Product: Samsung Mobile Devices
Published: Apr 13, 2026
Source: NVD
CVE-2026-21007 MEDIUM - 6.8

Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Knox Guard.

Vendor: Samsung Mobile
Product: Samsung Mobile Devices
Published: Apr 13, 2026
Source: NVD

Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents.

Vendor: Samsung Mobile
Product: Samsung Mobile Devices
Published: Apr 13, 2026
Source: NVD
CVE-2026-6162 LOW - 3.5

A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has b...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6161 HIGH - 7.3

A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6160 MEDIUM - 5.3

A vulnerability was found in code-projects Simple ChatBox 1.0. Affected by this issue is the function SimpleChatbox_PHP of the file chatbox.sql of the component Endpoint. Performing a manipulation results in file and directory information exposure. It is possible to initiate the attack remotely. The...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6159 MEDIUM - 4.3

A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown functionality of the file /chatbox/insert.php of the component Endpoint. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from remote...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6158 HIGH - 7.3

A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

Published: Apr 13, 2026
Source: NVD
CVE-2026-40446 MEDIUM - 6.9

Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.

Vendor: Samsung Open Source
Product: Escargot
Published: Apr 13, 2026
Source: NVD
CVE-2026-35553 MEDIUM - 6.7

Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values.

Vendor: Dynabook Inc.
Product: TOSRFEC.SYS, DRFEC.SYS
Published: Apr 13, 2026
Source: NVD
CVE-2026-34864 MEDIUM - 6.8

Boundary-unlimited vulnerability in the application read module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Apr 13, 2026
Source: NVD
CVE-2026-34863 MEDIUM - 6.7

Out-of-bounds write vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Apr 13, 2026
Source: NVD
CVE-2026-34862 MEDIUM - 6.3

Race condition vulnerability in the power consumption statistics module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Apr 13, 2026
Source: NVD
CVE-2026-34861 MEDIUM - 6.3

Race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Apr 13, 2026
Source: NVD
CVE-2026-34859 MEDIUM - 5.9

UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

Vendor: Huawei
Product: HarmonyOS, EMUI
Published: Apr 13, 2026
Source: NVD
CVE-2026-34858 MEDIUM - 4.1

UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Apr 13, 2026
Source: NVD