CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-28587
Medium

In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

CVE-2026-28576
Medium

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed.

CVE-2026-28575
Medium

In PackageInstaller.Session#transfer, there is a logic error that may lead to a memory exhaustion attack. This could result in local denial of service with no additional execution privileges needed.

CVE-2026-27870
Medium

A Cross-Site Scripting (XSS) vulnerability in the Regesta Smart HD-PLC device from Teldat allows an authenticated network attacker to inject arbitrary JavaScript via the 'Hostname' field in the configuration file. The script executes in the context of the /upgrade/query.php?cmd=p+3%3Bversion path.

CVE-2026-27869
Medium

A vulnerability in the Teldat Regesta Smart HD-PLC device allows an unauthenticated network attacker to perform a Slow Loris attack, causing Denial of Service (DoS) on the web interface. The issue affects firmware version TLDPH16D2 11.02.05.10.02.

CVE-2026-27868
Medium

A vulnerability in the Teldat Regesta Smart HD-PLC device allows an attacker with network access (no authentication required) to obtain privilege information by sending a Version request to the path /upgrade/query.php?cmd=p+3&3Bversion. This affects firmware version TLDPH16D2 11.02.05.10.02.

CVE-2026-27410
Medium

In Slimstat Analytics versions below 5.4.0, there is a vulnerability to unauthenticated deserialization of untrusted data.

CVE-2026-24610
Medium

There is a broken access control issue in MetForm Pro versions up to 3.9.1 that may allow unauthorized subscribers to access resources.

CVE-2026-24575
Medium

There is a broken access control issue in WishList Member X versions up to 3.29.0 that may allow unauthorized access to subscribers.

CVE-2026-12491
Medium

A flaw was found in vLLM due to improper handling of image metadata, including EXIF orientation and PNG transparency (tRNS) data. During conversion to RGB, transparency information may be discarded or remapped, causing distortion of input content. This can lead to misinterpretation of images by the model.

CVE-2026-12469
Medium

In Google Chrome on Android prior to version 149.0.7827.155, there was an uninitialized use in GPU that allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVE-2026-12463
Medium

Inappropriate implementation in Views in Google Chrome on Linux prior to version 149.0.7827.155 allowed a remote attacker who compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

CVE-2026-12461
Medium

An out of bounds read in WebRTC in Google Chrome on Windows prior to version 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-12460
Medium

Insufficient policy enforcement in File System Access in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file.

CVE-2026-12459
Medium

Inappropriate implementation in Serial in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.

CVE-2026-12457
Medium

Inappropriate implementation in Extensions in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker who compromised the renderer process to bypass site isolation via a crafted HTML page.

CVE-2026-12456
Medium

Inappropriate implementation in Extensions in Google Chrome prior to version 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.

CVE-2026-12453
Medium

Insufficient validation of untrusted input in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker who compromised the renderer process to bypass same origin policy via a crafted HTML page.

CVE-2026-12450
Medium

Inappropriate implementation in Media in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CVE-2026-12446
Medium

Inappropriate implementation in Passwords in Google Chrome prior to version 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

PreviousPage 107 of 553Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS