Skip to main content
CVE-2025-20988 MEDIUM This Month

Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20986 MEDIUM This Month

A security vulnerability in ScreenCapture for Galaxy Watch (CVSS 5.5) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Wear Os
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20275 MEDIUM This Month

A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device.  This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading an authenticated, local user to open a crafted .aef file. A successful exploit could allow the attacker to execute arbitrary code on the host that is running the editor application with the privileges of the user who launched it.

Deserialization Java RCE Cisco Unified Contact Center Express
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2025-49007 MEDIUM PATCH This Month

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. Version 3.1.16 contains a patch for the vulnerability.

Denial Of Service Ubuntu Debian Rack Red Hat +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-20259 MEDIUM This Month

Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These vulnerabilities are due to improper access controls on files that are in the local file system. An attacker could exploit these vulnerabilities by using a symbolic link to perform an agent upgrade that redirects the delete operation of any protected file. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.

Microsoft Path Traversal Cisco Thousandeyes Endpoint Agent Windows
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20989 MEDIUM This Month

A security vulnerability in fingerprint trustlet (CVSS 5.2) that allows local privileged attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Android
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-20987 MEDIUM This Month

A security vulnerability in fingerprint trustlet (CVSS 5.2) that allows local privileged attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Android
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-20996 MEDIUM This Month

A security vulnerability in Smart Switch installed on non-Samsung Device (CVSS 5.0) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Samsung Smart Switch
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-20130 MEDIUM This Month

A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system.

File Upload Authentication Bypass Cisco Identity Services Engine Identity Services Engine Passive Identity Connector
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-20995 MEDIUM This Month

A arbitrary file access vulnerability in ClientProvider in Samsung Internet installed on non-Samsung Device (CVSS 4.9) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Samsung Internet
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-2336 MEDIUM PATCH This Month

A remote code execution vulnerability (CVSS 4.8) that allows attackers. Remediation should follow standard vulnerability management procedures.

Authentication Bypass Ubuntu Debian
NVD HeroDevs GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-27444 MEDIUM This Month

A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filter[dateFrom] GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin or editor privileges to inject arbitrary JavaScript code by crafting a malicious URL.

XSS Joomla
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-20279 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system.

XSS Cisco Unified Contact Center Express
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-20994 MEDIUM This Month

A arbitrary file access vulnerability in SyncClientProvider in Samsung Internet installed on non-Samsung Device (CVSS 4.5) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Samsung Internet
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2025-48962 MEDIUM PATCH This Month

Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938.

Microsoft Information Disclosure SSRF Windows
NVD
CVSS 3.0
4.3
EPSS
0.0%
CVE-2025-20129 MEDIUM This Month

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.

Information Disclosure Cisco Unified Contact Center Express Socialminer
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-48710 MEDIUM PATCH This Month

kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in unauthenticated remote code execution on cluster nodes.

RCE Suse
NVD GitHub
CVSS 3.1
4.1
EPSS
0.3%
CVE-2025-20993 MEDIUM This Month

Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory.

Buffer Overflow Samsung Memory Corruption Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-20991 MEDIUM This Month

A security vulnerability in Bluetooth (CVSS 4.0) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Android Samsung
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-20992 MEDIUM This Month

Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory.

Buffer Overflow Information Disclosure Samsung Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy