Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03
Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03
Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03
Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability. More...
The Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the delete_folders()...
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submit_nex_form() function due to missing validation...
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_license() function in all versions up to, and...
in OpenHarmony v6.0 and prior versions allow a local attacker case DOS through missing release of memory. More information : https://gitcode.com/openharmony/security/tree/master/zh/security-disclosure/2026/2026-02.md
Malformed ATAES132A responses with an oversized length field overflow a 52-byte stack buffer in the Zephyr crypto driver, allowing a compromised device or bus attacker to corrupt kernel memory and potentially hijack execution. More...
IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls. More information : https://www.ibm.com/support/pages/node/7263518
The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the ‘thim-ekit/archive-course/get-courses’ REST endpoint callback...
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0385
A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations. More information : https://docs.pointsharp.com/psa/advisories/psa-2026-001.html
The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add_menu_item() method hooked to admin_menu in all versions up...