| CVE-2026-11423 |
2026-06-05 |
A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regula… |
| CVE-2025-5088 |
2026-06-05 |
An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on … |
| CVE-2026-11308 |
2026-06-05 |
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a craft… |
| CVE-2026-11296 |
2026-06-05 |
Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HT… |
| CVE-2026-11295 |
2026-06-05 |
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severit… |
| CVE-2026-11276 |
2026-06-05 |
Inappropriate implementation in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to bypass discretionary access control via malicious network traffic. (Chr… |
| CVE-2026-11229 |
2026-06-04 |
Inappropriate implementation in Enterprise in Google Chrome prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via physical access to the device. (Chromium security severi… |
| CVE-2026-11108 |
2026-06-04 |
Inappropriate implementation in NFC in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: M… |
| CVE-2026-11103 |
2026-06-04 |
Inappropriate implementation in Installer in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security … |
| CVE-2026-10868 |
2026-06-04 |
A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit(). When processing edit requests, the applicat… |
| CVE-2026-49189 |
2026-06-04 |
Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations. |
| CVE-2026-8206 |
2026-06-02 |
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions 6.0.0 to 6.0.6. This is due to the plugi… |
| CVE-2026-28586 |
2026-06-01 |
In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution priv… |
| CVE-2026-0091 |
2026-06-01 |
In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell user. This could lead to local escalation of privilege with no additional executi… |
| CVE-2026-0089 |
2026-06-01 |
In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no ad… |
| CVE-2026-0086 |
2026-06-01 |
In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execut… |
| CVE-2026-0055 |
2026-06-01 |
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid directory due to a path traversal error. This could lead to loc… |
| CVE-2026-0050 |
2026-06-01 |
In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional e… |
| CVE-2026-0048 |
2026-06-01 |
In hide of WindowState.java, there is a possible way to trick the user into approving permissions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additiona… |
| CVE-2026-0046 |
2026-06-01 |
In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no … |