Security Vulnerabilities
Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.
CVSS Score
5.2
EPSS Score
0.0
Published
2026-06-05
Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files.
CVSS Score
4.6
EPSS Score
0.0
Published
2026-06-05
Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-06-05
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover and data compromise.
CVSS Score
8.7
EPSS Score
0.001
Published
2026-06-05
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-06-05
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-06-05
Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVSS Score
4.3
EPSS Score
0.0
Published
2026-06-05
Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)
CVSS Score
4.3
EPSS Score
0.0
Published
2026-06-05
Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
CVSS Score
8.8
EPSS Score
0.001
Published
2026-06-05
Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Low)
CVSS Score
8.8
EPSS Score
0.001
Published
2026-06-05