) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2026-21017 - Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files.
Published: Jun 05, 2026; 7:16:34 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-21025 - Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Published: Jun 05, 2026; 7:16:34 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-21026 - Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information.
Published: Jun 05, 2026; 7:16:35 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-21027 - Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.
Published: Jun 05, 2026; 7:16:35 AM -0400V3.1: 3.3 LOW
-
CVE-2026-21028 - Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Published: Jun 05, 2026; 7:16:35 AM -0400V3.1: 5.5 MEDIUM
-
CVE-2026-21029 - Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
Published: Jun 05, 2026; 7:16:35 AM -0400V3.1: 7.8 HIGH
-
CVE-2026-21030 - Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.
Published: Jun 05, 2026; 7:16:35 AM -0400V3.1: 7.8 HIGH
-
CVE-2026-21031 - Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.
Published: Jun 05, 2026; 7:16:35 AM -0400V3.1: 7.8 HIGH
-
CVE-2026-11204 - Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Published: Jun 04, 2026; 7:17:27 PM -0400 -
CVE-2026-11206 - Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Published: Jun 04, 2026; 7:17:27 PM -0400 -
CVE-2026-11207 - Insufficient validation of untrusted input in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: Medium)
Published: Jun 04, 2026; 7:17:27 PM -0400 -
CVE-2026-11208 - Use after free in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
Published: Jun 04, 2026; 7:17:28 PM -0400 -
CVE-2026-11209 - Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium... read CVE-2026-11209
Published: Jun 04, 2026; 7:17:28 PM -0400 -
CVE-2026-11210 - Inappropriate implementation in Safe Browsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted RAR file. (Chromium security severity: Medium)
Published: Jun 04, 2026; 7:17:28 PM -0400 -
CVE-2026-11212 - Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Me... read CVE-2026-11212
Published: Jun 04, 2026; 7:17:28 PM -0400 -
CVE-2026-11225 - Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low)
Published: Jun 04, 2026; 7:17:30 PM -0400 -
CVE-2026-11226 - Insufficient policy enforcement in PreviewTab in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium secur... read CVE-2026-11226
Published: Jun 04, 2026; 7:17:30 PM -0400 -
CVE-2026-11227 - Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low)
Published: Jun 04, 2026; 7:17:30 PM -0400 -
CVE-2026-10939 - Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Published: Jun 04, 2026; 7:16:56 PM -0400 -
CVE-2026-10958 - Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Published: Jun 04, 2026; 7:16:58 PM -0400