Skip to main content
CVE-2025-21473 HIGH This Month

Memory corruption when using Virtual cdm (Camera Data Mover) to write registers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Snapdragon 8 Gen 1 Mobile Platform Firmware Wcd9380 Firmware +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21472 MEDIUM This Month

Information disclosure while capturing logs as eSE debug messages are logged. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qca9367 Firmware Qca9377 Firmware +8
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21465 MEDIUM This Month

Information disclosure while processing the hash segment in an MBN file. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware Ipq5300 Firmware Qca9984 Firmware +344
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-21464 MEDIUM This Month

Information disclosure while reading data from an image using specified offset and size parameters. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware Ipq5300 Firmware Qca9984 Firmware +337
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-21461 HIGH This Month

Memory corruption when programming registers through virtual CDM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fastconnect 6900 Firmware Fastconnect 7800 Firmware Sm6650 Firmware +21
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21458 HIGH PATCH This Month

Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Buffer Overflow Use After Free Fastconnect 6900 Firmware Qam8255p Firmware +22
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21457 MEDIUM PATCH This Month

Information disclosure while opening a fastrpc session when domain is not sanitized. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Ar8035 Firmware Fastconnect 7800 Firmware Qca6584au Firmware +12
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-21456 HIGH This Month

Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Ar8035 Firmware C V2x 9150 Firmware +62
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21455 HIGH This Month

Memory corruption while submitting blob data to kernel space though IOCTL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qca6391 Firmware +25
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21452 HIGH This Month

Transient DOS while processing a random-access response (RAR) with an invalid PDU length on LTE network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +76
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-7727 MEDIUM This Month

The Gutenverse plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Fun Fact blocks in all versions up to, and including, 3.1.0 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-21024 LOW Monitor

Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-21023 LOW Monitor

Improper access control in WcsExtension for Galaxy Watch prior to Android Watch 16 allows local attackers to access sensitive information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-21022 LOW Monitor

Improper access control in Galaxy Wearable prior to version 2.2.63.25042861 allows local attackers to access sensitive information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Galaxy Wearable
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-21021 MEDIUM This Month

Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 5.7). No vendor patch available.

Memory Corruption Buffer Overflow Blockchain Keystore
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-21016 MEDIUM Monitor

Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 in Chinese Android 13, 14, 15 and 16 allows local attackers to use the privileged APIs. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-21015 MEDIUM Monitor

Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-21014 MEDIUM Monitor

Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-21013 MEDIUM This Month

Improper access control in SemSensorManager for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to outdoor exercise and sleep time. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-21012 MEDIUM This Month

Improper access control in fall detection for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to modify fall detection configuration. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21011 MEDIUM This Month

Improper access control in SemSensorService for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to motion and body sensors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21010 MEDIUM This Month

Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-20990 MEDIUM Monitor

Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-8100 MEDIUM PATCH This Month

The Element Pack Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_content' parameter in versions up to, and including, 8.1.5 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Element Pack PHP
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-7498 MEDIUM PATCH This Month

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Widget in all versions up to, and including, 2.7.9.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Exclusive Addons For Elementor PHP Elementor
NVD
CVSS 3.1
6.4
EPSS
0.0%

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-54643 MEDIUM This Month

Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-54642 MEDIUM This Month

Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-54641 MEDIUM This Month

Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-54640 MEDIUM This Month

ParcelMismatch vulnerability in attribute deserialization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-54639 MEDIUM This Month

ParcelMismatch vulnerability in attribute deserialization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-8595 MEDIUM Monitor

The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-54628 MEDIUM This Month

Vulnerability of incomplete verification information in the communication module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-54627 HIGH This Month

Out-of-bounds write vulnerability in the skia module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Harmonyos
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-54626 MEDIUM Monitor

Pointer dangling vulnerability in the cjwindow module. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-54625 MEDIUM This Month

Race condition vulnerability in the kernel file system module. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-54624 MEDIUM This Month

Unexpected injection event vulnerability in the multimodalinput module. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Harmonyos
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-8656 MEDIUM This Month

Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.0%
CVE-2025-8655 MEDIUM This Month

Kenwood DMX958XR libSystemLib Command injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2025-8654 HIGH This Month

Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2025-8653 HIGH This Month

Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE Dmx958Xr Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2025-8652 MEDIUM This Month

Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Dmx958Xr Firmware
NVD
CVSS 3.0
6.8
EPSS
0.1%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy