282 CVEs tracked today. 12 Critical, 118 High, 138 Medium, 5 Low.
-
CVE-2025-58357
CRITICAL
CVSS 9.6
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
XSS
5ire
-
CVE-2025-55190
CRITICAL
CVSS 9.9
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Kubernetes
Information Disclosure
Argo Cd
Redhat
Suse
-
CVE-2025-54914
CRITICAL
CVSS 10.0
Azure Networking Elevation of Privilege Vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Microsoft
Azure Networking
-
CVE-2025-48543
HIGH
CVSS 8.8
Android Chrome sandbox contains a use-after-free enabling sandbox escape and local privilege escalation to attack the Android system_server process.
Memory Corruption
Google
Use After Free
Denial Of Service
Privilege Escalation
-
CVE-2025-8311
CRITICAL
CVSS 9.4
dotCMS versions 24.03.22 and after, identified a Boolean-based blind SQLi vulnerability in the /api/v1/contenttype endpoint. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Privilege Escalation
SQLi
-
CVE-2025-7385
CRITICAL
CVSS 9.3
Input from search query parameter in GOV CMS is not sanitized properly, leading to a Blind SQL injection vulnerability, which might be exploited by an unauthenticated remote attacker. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SQLi
-
CVE-2025-58361
CRITICAL
CVSS 9.3
Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
XSS
-
CVE-2025-55244
CRITICAL
CVSS 9.0
Azure Bot Service Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Authentication Bypass
Microsoft
Azure Ai Bot Service
-
CVE-2025-55241
CRITICAL
CVSS 10.0
Azure Entra ID Elevation of Privilege Vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Microsoft
Entra Id
-
CVE-2025-36904
CRITICAL
CVSS 9.8
WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Google
Privilege Escalation
Android
-
CVE-2025-36897
CRITICAL
CVSS 9.8
In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
RCE
Android
Google
-
CVE-2025-36896
CRITICAL
CVSS 9.8
WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Google
Privilege Escalation
Android
-
CVE-2025-36890
CRITICAL
CVSS 9.8
Elevation of Privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Privilege Escalation
Android
-
CVE-2025-58358
HIGH
CVSS 7.5
Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Command Injection
RCE
-
CVE-2025-58355
HIGH
CVSS 7.7
Soft Serve is a self-hostable Git server for the command line. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Path Traversal
Suse
-
CVE-2025-58353
HIGH
CVSS 8.2
Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Code Injection
-
CVE-2025-57263
HIGH
CVSS 7.2
An authenticated SQL injection vulnerability in VX Guestbook 1.07 allows attackers with admin access to inject malicious SQL payloads via the "word" POST parameter in the words.php admin panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHP
SQLi
Vx Guestbook
-
CVE-2025-55238
HIGH
CVSS 7.5
Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Information Disclosure
Dynamics 365
-
CVE-2025-48581
HIGH
CVSS 8.4
In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Privilege Escalation
Android
Google
-
CVE-2025-48563
HIGH
CVSS 7.8
In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Android
Google
-
CVE-2025-48558
HIGH
CVSS 7.8
In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Privilege Escalation
Android
Google
-
CVE-2025-48556
HIGH
CVSS 7.3
In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
Privilege Escalation
Android
Google
-
CVE-2025-48553
HIGH
CVSS 7.8
In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Android
Google
-
CVE-2025-48552
HIGH
CVSS 7.8
In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Android
Google
-
CVE-2025-48549
HIGH
CVSS 7.8
In multiple locations, there is a possible way to record audio via a background app due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Authentication Bypass
Privilege Escalation
Android
Google
-
CVE-2025-48548
HIGH
CVSS 7.3
In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
Privilege Escalation
Race Condition
Android
Google
-
CVE-2025-48547
HIGH
CVSS 7.3
In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass
Privilege Escalation
Android
Google
-
CVE-2025-48546
HIGH
CVSS 7.8
In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Android
Google
-
CVE-2025-48545
HIGH
CVSS 7.1
In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.
Privilege Escalation
Android
Google
-
CVE-2025-48544
HIGH
CVSS 7.8
In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
SQLi
Android
Google
-
CVE-2025-48541
HIGH
CVSS 7.8
In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user profiles due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Privilege Escalation
Android
Google
-
CVE-2025-48540
HIGH
CVSS 7.8
In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Memory Corruption
Buffer Overflow
Privilege Escalation
Android
Google
-
CVE-2025-48539
HIGH
CVSS 8.0
In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity.
Memory Corruption
Buffer Overflow
RCE
Use After Free
Denial Of Service
-
CVE-2025-48537
HIGH
CVSS 7.1
In multiple locations, there is a possible way to persistently DoS the device due to improper input validation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.
Information Disclosure
Android
Google
-
CVE-2025-48535
HIGH
CVSS 7.8
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java , there is a possible way to exploit a parcel mismatch resulting in a launch anywhere vulnerability due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.
Deserialization
Privilege Escalation
Java
Android
Google
-
CVE-2025-48534
HIGH
CVSS 8.8
In getDefaultCBRPackageName of CellBroadcastHandler.java, there is a possible escalation of privilege due to a logic error in the code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Denial Of Service
Privilege Escalation
Android
Google
-
CVE-2025-48533
HIGH
CVSS 7.0
In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
Privilege Escalation
Race Condition
Android
Google
-
CVE-2025-48532
HIGH
CVSS 7.3
In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a confused deputy. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Android
Google
-
CVE-2025-48531
HIGH
CVSS 7.8
In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Privilege Escalation
Android
Google
-
CVE-2025-48530
HIGH
CVSS 8.1
In multiple locations, there is a possible condition that results in OOB accesses due to an incorrect bounds check. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Buffer Overflow
RCE
Information Disclosure
Android
Google
-
CVE-2025-48523
HIGH
CVSS 7.8
In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
Authentication Bypass
Privilege Escalation
Android
Google
-
CVE-2025-48522
HIGH
CVSS 7.8
In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Android
Google
-
CVE-2025-43772
HIGH
CVSS 7.1
Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Denial Of Service
-
CVE-2025-41035
HIGH
CVSS 7.1
A problem has been discovered in appRain CMF 4.0.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Path Traversal
Apprain
-
CVE-2025-41034
HIGH
CVSS 8.7
An SQL injection vulnerability has been found in appRain CMF 4.0.5. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQLi
Apprain
-
CVE-2025-41033
HIGH
CVSS 8.7
An SQL injection vulnerability has been found in appRain CMF 4.0.5. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQLi
Apprain
-
CVE-2025-41032
HIGH
CVSS 8.7
An SQL injection vulnerability has been found in appRain CMF 4.0.5. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQLi
Apprain
-
CVE-2025-38730
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: io_uring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Memory Corruption
Buffer Overflow
Linux
Linux Kernel
Redhat
-
CVE-2025-38729
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Memory Corruption
Buffer Overflow
Linux
Linux Kernel
Debian Linux
-
CVE-2025-38728
HIGH
CVSS 7.1
In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Dell
Linux
Buffer Overflow
Information Disclosure
Linux Kernel
-
CVE-2025-38724
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory Corruption
Use After Free
Information Disclosure
Linux
Linux Kernel
-
CVE-2025-38722
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: habanalabs: fix UAF in export_dmabuf() As soon as we'd inserted a file reference into descriptor table, another thread could close. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory Corruption
Use After Free
Information Disclosure
Linux
Linux Kernel
-
CVE-2025-38718
HIGH
CVSS 7.8
A memory safety vulnerability in the Linux kernel's SCTP (Stream Control Transmission Protocol) implementation allows local attackers to read uninitialized memory contents, potentially exposing sensitive kernel data. The issue affects Linux kernel versions from 2.6.12 through 6.12.8 and occurs when the SCTP subsystem improperly handles cloned GSO (Generic Segmentation Offload) packets, leading to use-after-free conditions in memory. While requiring local access and low privileges to exploit, the vulnerability has a high CVSS score of 7.8 and could lead to information disclosure or system compromise.
Linux
Denial Of Service
Use After Free
Memory Corruption
Linux Kernel
-
CVE-2025-38715
HIGH
CVSS 7.1
A slab-out-of-bounds vulnerability exists in the Linux kernel's HFS filesystem implementation in the hfs_bnode_read() function, allowing local attackers with low privileges to trigger out-of-bounds memory access. The vulnerability can result in information disclosure (high confidentiality impact) and denial of service through system crashes (high availability impact). With an EPSS score of only 0.01% (3rd percentile), active exploitation appears unlikely despite patches being available from the vendor.
Linux
Buffer Overflow
Denial Of Service
Linux Kernel
Debian Linux
-
CVE-2025-38714
HIGH
CVSS 7.1
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() The hfsplus_bnode_read() method can trigger the issue: [ 174.852007][. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Debian
Linux
Buffer Overflow
Ubuntu
Information Disclosure
-
CVE-2025-38713
HIGH
CVSS 7.1
A slab-out-of-bounds read vulnerability exists in the Linux kernel's HFS Plus filesystem driver, specifically in the hfsplus_uni2asc() function called during directory read operations. Local attackers with low privileges can trigger this vulnerability by performing directory listing operations on crafted HFS Plus filesystems, leading to high confidentiality impact through kernel memory disclosure and high availability impact via potential kernel crashes. With an EPSS score of 0.01% (3rd percentile), active exploitation in the wild is currently minimal, though patches are available from the vendor.
Linux
Buffer Overflow
Denial Of Service
Information Disclosure
Debian Linux
-
CVE-2025-38708
HIGH
CVSS 7.8
A use-after-free vulnerability exists in the Linux kernel's DRBD (Distributed Replicated Block Device) subsystem when handling write conflicts in two-primary mode, caused by a missing reference count increment. The vulnerability affects Linux kernel versions from 3.14 through various 6.x branches and can lead to kernel crashes, memory corruption, and potential privilege escalation with local access. With an EPSS score of only 0.02% and no known exploits in the wild, this represents a low real-world risk as the vulnerable code path is rarely triggered in production environments.
Denial Of Service
Memory Corruption
Linux
Use After Free
Debian Linux
-
CVE-2025-38707
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add sanity check for file name The length of the file name should be smaller than the directory entry size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38704
HIGH
CVSS 7.8
Linux kernel RCU (Read-Copy-Update) no-callback subsystem allows local authenticated users to trigger invalid pointer dereference via CPU hotplug operations, potentially leading to arbitrary code execution, privilege escalation, or denial of service with high impact (CVSS 7.8). The vulnerability occurs when CPU online preparation fails to create nocb_cb_kthread but leaves nocb_gp_rdp and nocb_gp_kthread pointers valid, causing subsequent re-offload operations to access an invalid nocb_cb_kthread pointer. Exploitation probability is low (EPSS 0.01%, 3rd percentile) with no public exploit identified at time of analysis, and vendor patches are available across multiple kernel versions.
Linux Kernel
Linux
Null Pointer Dereference
Denial Of Service
Redhat
-
CVE-2025-38703
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Make dma-fences compliant with the safe access rules Xe can free some of the data pointed to by the dma-fences it exports. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory Corruption
Use After Free
Information Disclosure
Linux
Linux Kernel
-
CVE-2025-38702
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Memory Corruption
Buffer Overflow
Linux
Linux Kernel
Debian Linux
-
CVE-2025-38699
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Double-free fix When the bfad_im_probe() function fails during initialization, the memory pointed to by bfad->im is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38697
HIGH
CVSS 7.8
A vulnerability in the Linux kernel's JFS (Journaled File System) implementation allows local attackers with low privileges to potentially achieve arbitrary code execution or cause system crashes through improper bounds checking when calculating tree indices in the dbAllocAG function. This occurs when processing corrupted filesystem metadata, leading to out-of-bounds memory access. With an EPSS score of only 0.01% and no known exploits in the wild, this represents a low real-world risk despite the high CVSS score of 7.8.
Linux
Buffer Overflow
Denial Of Service
Debian Linux
Linux Kernel
-
CVE-2025-38688
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: iommufd: Prevent ALIGN() overflow When allocating IOVA the candidate range gets aligned to the target alignment. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Buffer Overflow
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-38685
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit This issue triggers when a userspace program does an ioctl. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Memory Corruption
Buffer Overflow
Linux
Linux Kernel
Debian Linux
-
CVE-2025-38682
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: i2c: core: Fix double-free of fwnode in i2c_unregister_device() Before commit df6d7277e552 ("i2c: core: Do not dereference fwnode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-38680
HIGH
CVSS 7.1
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() The buffer length check before calling uvc_parse_format() only. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.
Linux
Buffer Overflow
Information Disclosure
Linux Kernel
Debian Linux
-
CVE-2025-38679
HIGH
CVSS 7.1
In the Linux kernel, the following vulnerability has been resolved: media: venus: Fix OOB read due to missing payload bound check Currently, The event_seq_changed() handler processes a variable. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Linux
Buffer Overflow
Information Disclosure
Linux Kernel
Debian Linux
-
CVE-2025-36907
HIGH
CVSS 7.3
In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Google
Privilege Escalation
Android
-
CVE-2025-36906
HIGH
CVSS 7.8
In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Privilege Escalation
Android
Google
-
CVE-2025-36905
HIGH
CVSS 7.8
In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Android
Google
-
CVE-2025-36903
HIGH
CVSS 7.8
In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
Privilege Escalation
Android
Google
-
CVE-2025-36901
HIGH
CVSS 8.8
WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Google
Privilege Escalation
Android
-
CVE-2025-36899
HIGH
CVSS 8.4
There is a possible escalation of privilege due to test/debugging code left in a production build. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Privilege Escalation
Android
Google
-
CVE-2025-36898
HIGH
CVSS 7.8
There is a possible escalation of privilege due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Android
Google
-
CVE-2025-36895
HIGH
CVSS 7.5
Information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Android
-
CVE-2025-36894
HIGH
CVSS 7.5
In TBD of TBD, there is a possible DoS due to a missing null check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial Of Service
Null Pointer Dereference
Android
Google
-
CVE-2025-36891
HIGH
CVSS 8.8
Elevation of privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Privilege Escalation
Android
-
CVE-2025-36887
HIGH
CVSS 7.8
In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
Privilege Escalation
Android
Google
-
CVE-2025-32350
HIGH
CVSS 7.8
In maybeShowDialog of ControlsSettingsDialogManager.kt, there is a possible overlay of the ControlsSettingsDialog due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
XSS
Android
Google
-
CVE-2025-32349
HIGH
CVSS 7.8
In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Privilege Escalation
XSS
Android
Google
-
CVE-2025-32347
HIGH
CVSS 7.8
In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Privilege Escalation
Android
Google
-
CVE-2025-32346
HIGH
CVSS 7.8
In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Android
Google
-
CVE-2025-32345
HIGH
CVSS 7.8
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Android
Google
-
CVE-2025-32333
HIGH
CVSS 7.8
In startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
Authentication Bypass
Privilege Escalation
Android
Google
-
CVE-2025-32332
HIGH
CVSS 7.8
In multiple locations, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
Use After Free
Denial Of Service
Privilege Escalation
-
CVE-2025-32331
HIGH
CVSS 7.8
In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Privilege Escalation
Android
Google
-
CVE-2025-32327
HIGH
CVSS 7.8
In multiple functions of PickerDbFacade.java, there is a possible unauthorized data access due to SQL injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Privilege Escalation
SQLi
Android
Google
-
CVE-2025-32326
HIGH
CVSS 7.8
In multiple functions of AppRestrictionsFragment.java, there is a possible way to bypass intent security check due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Privilege Escalation
Android
Google
-
CVE-2025-32325
HIGH
CVSS 7.8
In appendFrom of Parcel.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Heap Overflow
Buffer Overflow
Privilege Escalation
Android
Google
-
CVE-2025-32324
HIGH
CVSS 7.8
In onCommand of ActivityManagerShellCommand.java, there is a possible arbitrary activity launch due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Privilege Escalation
Android
Google
-
CVE-2025-32323
HIGH
CVSS 7.8
In getCallingAppName of Shared.java, there is a possible way to trick users into granting file access via deceptive text in a permission popup due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Privilege Escalation
Android
Google
-
CVE-2025-32322
HIGH
CVSS 7.8
In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Java
Android
Google
-
CVE-2025-32321
HIGH
CVSS 7.8
In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Privilege Escalation
Android
Google
-
CVE-2025-32312
HIGH
CVSS 7.8
In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.
Deserialization
Privilege Escalation
Java
Android
Google
-
CVE-2025-26464
HIGH
CVSS 7.8
In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Privilege Escalation
Android
Google
-
CVE-2025-26462
HIGH
CVSS 7.8
In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
Privilege Escalation
Android
Google
-
CVE-2025-26458
HIGH
CVSS 7.8
In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Privilege Escalation
Android
Google
-
CVE-2025-26455
HIGH
CVSS 7.8
In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Heap Overflow
Buffer Overflow
Privilege Escalation
Android
Google
-
CVE-2025-26454
HIGH
CVSS 7.8
In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Privilege Escalation
Java
Android
Google
-
CVE-2025-26452
HIGH
CVSS 7.8
In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Privilege Escalation
Android
Google
-
CVE-2025-26450
HIGH
CVSS 7.8
In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Authentication Bypass
Privilege Escalation
Android
Google
-
CVE-2025-26444
HIGH
CVSS 7.8
In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Privilege Escalation
Android
-
CVE-2025-26443
HIGH
CVSS 7.3
In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
Privilege Escalation
Android
Google
-
CVE-2025-26440
HIGH
CVSS 7.8
In multiple functions of CameraService.cpp, there is a possible way to use the camera from the background due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Authentication Bypass
Privilege Escalation
Android
Google
-
CVE-2025-26439
HIGH
CVSS 7.8
In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Android
Google
-
CVE-2025-26438
HIGH
CVSS 8.8
In smp_process_secure_connection_oob_data of smp_act.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
Authentication Bypass
Privilege Escalation
Android
Google
-
CVE-2025-26436
HIGH
CVSS 7.8
In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
Authentication Bypass
Privilege Escalation
Android
Google
-
CVE-2025-26435
HIGH
CVSS 7.8
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
Privilege Escalation
Android
Google
-
CVE-2025-26431
HIGH
CVSS 7.8
In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Android
Google
-
CVE-2025-26430
HIGH
CVSS 7.8
In getDestinationForApp of SpaAppBridgeActivity, there is a possible cross-user file reveal due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Authentication Bypass
Privilege Escalation
Android
Google
-
CVE-2025-23258
HIGH
CVSS 7.3
NVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian package for arm64 that could allow an attacker with low privileges to escalate privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Nvidia
Privilege Escalation
Debian
-
CVE-2025-23257
HIGH
CVSS 7.3
NVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian package that could allow an actor with low privileges to escalate privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Nvidia
Privilege Escalation
Debian
-
CVE-2025-23256
HIGH
CVSS 8.7
NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass
Denial Of Service
Nvidia
Information Disclosure
-
CVE-2025-22441
HIGH
CVSS 7.3
In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Java
Android
Google
-
CVE-2025-22414
HIGH
CVSS 7.8
In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass
Privilege Escalation
Android
Google
-
CVE-2025-9938
HIGH
CVSS 7.4
A weakness has been identified in D-Link DI-8400 16.07.26A1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Buffer Overflow
D-Link
Di 8400 Firmware
-
CVE-2025-9636
HIGH
CVSS 7.9
pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable. No vendor patch available.
Privilege Escalation
Pgadmin 4
Suse
-
CVE-2025-9519
HIGH
CVSS 7.2
The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
RCE
Code Injection
PHP
-
CVE-2025-9518
HIGH
CVSS 7.2
The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debug_path' parameter in all versions up to, and including, 1.2.22. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
PHP
RCE
-
CVE-2025-9517
HIGH
CVSS 7.2
The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
RCE
Code Injection
PHP
-
CVE-2025-7388
HIGH
CVSS 8.4
It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable. No vendor patch available.
Command Injection
Java
-
CVE-2025-6984
HIGH
CVSS 7.5
The langchain-ai/langchain project, specifically the EverNoteLoader component, is vulnerable to XML External Entity (XXE) attacks due to insecure XML parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
XXE
Information Disclosure
Langchain
AI / ML
Redhat
-
CVE-2025-6085
HIGH
CVSS 7.2
The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions up to, and including, 1.5.10. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress
RCE
File Upload
-
CVE-2025-2417
HIGH
CVSS 8.6
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft e-Mutabakat allows Authentication Bypass.02.06 before v2.02.06. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
-
CVE-2025-2411
HIGH
CVSS 8.6
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass.06.04 before v1.06.06. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
-
CVE-2025-0089
HIGH
CVSS 7.8
In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Android
Google
-
CVE-2024-56190
HIGH
CVSS 7.8
In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Buffer Overflow
Privilege Escalation
Android
Google
-
CVE-2024-49714
HIGH
CVSS 7.8
In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Heap Overflow
Buffer Overflow
Privilege Escalation
Android
Google
-
CVE-2024-34598
HIGH
CVSS 7.7
Improper export of component in GoodLock prior to version 2.2.04.95 allows local attackers to install arbitrary applications from Galaxy Store. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Good Lock
-
CVE-2025-58057
MEDIUM
CVSS 6.9
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Denial Of Service
Netty
Redhat
Suse
-
CVE-2025-57576
MEDIUM
CVSS 5.4
PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) in /admin/updateorder.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHP
XSS
Online Shopping Portal
-
CVE-2025-55305
MEDIUM
CVSS 6.1
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
RCE
Code Injection
Redhat
Suse
-
CVE-2025-55242
MEDIUM
CVSS 6.5
Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Xbox Gaming Services
-
CVE-2025-55209
MEDIUM
CVSS 5.1
contactmanager is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Privilege Escalation
XSS
-
CVE-2025-48562
MEDIUM
CVSS 5.0
In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.
Information Disclosure
Android
Google
-
CVE-2025-48561
MEDIUM
CVSS 5.5
In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Android
Google
-
CVE-2025-48560
MEDIUM
CVSS 5.5
In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
Android
Google
-
CVE-2025-48559
MEDIUM
CVSS 5.5
In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Denial Of Service
Android
Google
-
CVE-2025-48554
MEDIUM
CVSS 6.1
In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Android
Google
-
CVE-2025-48551
MEDIUM
CVSS 5.0
In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.
Google
Information Disclosure
Android
-
CVE-2025-48550
MEDIUM
CVSS 5.5
In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Denial Of Service
Path Traversal
Android
Google
-
CVE-2025-48542
MEDIUM
CVSS 5.5
In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
Denial Of Service
Android
Google
-
CVE-2025-48538
MEDIUM
CVSS 5.5
In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Denial Of Service
Android
Google
-
CVE-2025-48529
MEDIUM
CVSS 5.5
In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Java
Android
Google
-
CVE-2025-48528
MEDIUM
CVSS 4.0
In multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay attack. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.
Privilege Escalation
Android
Google
-
CVE-2025-48527
MEDIUM
CVSS 6.2
In multiple locations, there is a possible way to leak hidden work profile notifications due to a logic error in the code. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Information Disclosure
Android
Google
-
CVE-2025-48526
MEDIUM
CVSS 4.0
In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profile due to improper input validation. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.
Privilege Escalation
Java
Android
Google
-
CVE-2025-48524
MEDIUM
CVSS 5.5
In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass
Denial Of Service
Android
Google
-
CVE-2025-41063
MEDIUM
CVSS 4.8
A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41062
MEDIUM
CVSS 4.8
A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 'page' parameter in. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41061
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41060
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41059
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41058
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41057
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41056
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41055
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41054
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41053
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41052
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41051
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41050
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41049
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41048
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41047
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41046
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41045
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41044
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Page][name]' parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41043
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[AppReportCode][id]' and. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41042
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Option][message]',. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41041
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]',. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41040
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]',. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41039
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41038
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Group][name]' parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41037
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[FileManager][search]'. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-41036
MEDIUM
CVSS 5.1
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Admin][description]',. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
Apprain
-
CVE-2025-38727
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: netlink: avoid infinite retry looping in netlink_unicast() netlink_attachskb() checks for the socket's read memory allocation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Denial Of Service
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38726
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect After the call to phy_disconnect() netdev->phydev is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Linux
Linux Kernel
Redhat
-
CVE-2025-38725
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: add phy_mask for ax88772 mdio bus Without setting phy_mask for ax88772 mdio bus, current driver may create. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
D-Link
Linux
Linux Kernel
-
CVE-2025-38723
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix jump offset calculation in tailcall The extra pass of bpf_int_jit_compile() skips JIT context initialization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38721
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix refcount leak on table dump There is a reference count leak in ctnetlink_dump_table(): if (res < 0) {. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38720
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fix rtnl deadlock issue Currently, the hibmcge netdev acquires the rtnl_lock in pci_error_handlers.reset_prepare(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-38719
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fix the division by zero issue When the network port is down, the queue is released, and ring->len is 0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-38717
MEDIUM
CVSS 4.7
In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcm_unattach() syzbot found a race condition when kcm_unattach(psock) and kcm_release(kcm) are. Rated medium severity (CVSS 4.7).
Linux
Information Disclosure
Race Condition
Linux Kernel
Redhat
-
CVE-2025-38716
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: hfs: fix general protection fault in hfs_find_init() The hfs_find_init() method can trigger the crash if tree pointer is NULL: [. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Null Pointer Dereference
Canonical
Debian
Linux
Denial Of Service
-
CVE-2025-38712
MEDIUM
CVSS 5.5
CVE-2025-38712 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Linux
Denial Of Service
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38711
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: smb/server: avoid deadlock when linking with ReplaceIfExists If smb2_create_link() is called with ReplaceIfExists set and the name. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38710
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: gfs2: Validate i_depth for exhash directories A fuzzer test introduced corruption that ends up with a depth of 0 in dir_e_read(),. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
-
CVE-2025-38709
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: loop: Avoid updating block size under exclusive owner Syzbot came up with a reproducer where a loop device block size is changed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-38706
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() snd_soc_remove_pcm_runtime() might be called with rtd == NULL. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Linux
Linux Kernel
Debian Linux
-
CVE-2025-38705
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters (' ', '\n', '\0') to the under gpu_od/fan_ctrl sysfs or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Amd
Linux
Linux Kernel
-
CVE-2025-38701
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38700
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated In case of an ib_fast_reg_mr allocation failure during. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Linux
Linux Kernel
Debian Linux
-
CVE-2025-38698
MEDIUM
CVSS 5.5
A file corruption vulnerability exists in the Linux kernel's JFS (Journaled File System) implementation where a specially crafted file with a negative i_size value on disk can cause system instability and denial of service. The vulnerability affects all versions of the Linux kernel with JFS support, requiring local access and standard user privileges to trigger. An attacker with local file system access can cause file operation failures and system crashes, though the EPSS score of 0.01% indicates this is unlikely to be actively exploited in the wild.
Linux
Denial Of Service
Debian Linux
Linux Kernel
Redhat
-
CVE-2025-38696
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Not all tasks have an ABI associated or vDSO mapped, for example. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Linux
Linux Kernel
Debian Linux
-
CVE-2025-38695
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure If a call to lpfc_sli4_read_rev() from. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Linux
Linux Kernel
Debian Linux
-
CVE-2025-38694
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() In dib7090p_rw_on_apb, msg is controlled by user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Linux
Linux Kernel
Debian Linux
-
CVE-2025-38693
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar In. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Linux
Linux Kernel
Debian Linux
-
CVE-2025-38692
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: exfat: add cluster chain loop check for dir An infinite loop may occur if the following conditions occur due to file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Denial Of Service
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-38691
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
Information Disclosure
Linux
Linux Kernel
Debian Linux
Redhat
-
CVE-2025-38690
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: drm/xe/migrate: prevent infinite recursion If the buf + offset is not aligned to XE_CAHELINE_BYTES we fallback to using a bounce. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-38689
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix NULL dereference in avx512_status() Problem ------- With CONFIG_X86_DEBUG_FPU enabled, reading. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Linux
Linux Kernel
Redhat
-
CVE-2025-38687
MEDIUM
CVSS 4.7
In the Linux kernel, the following vulnerability has been resolved: comedi: fix race between polling and detaching syzbot reports a use-after-free in comedi in the below link, which is due to comedi. Rated medium severity (CVSS 4.7).
Linux
Information Disclosure
Race Condition
Linux Kernel
Debian Linux
-
CVE-2025-38686
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry When UFFDIO_MOVE encounters a migration PMD entry, it. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Denial Of Service
Google
Linux
Linux Kernel
Redhat
-
CVE-2025-38684
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: use old 'nbands' while purging unused classes Shuang reported sch_ets test-case [1] crashing in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Redhat
Null Pointer Dereference
Dell
Linux
Denial Of Service
-
CVE-2025-38683
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix panic during namespace deletion with VF The existing code move the VF NIC to new namespace when NETDEV_REGISTER is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Denial Of Service
Null Pointer Dereference
Microsoft
Linux
Linux Kernel
-
CVE-2025-38681
MEDIUM
CVSS 4.7
In the Linux kernel, the following vulnerability has been resolved: mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Memory hot remove unmaps and tears down various kernel page table. Rated medium severity (CVSS 4.7).
Linux
Information Disclosure
Race Condition
Linux Kernel
Debian Linux
-
CVE-2025-36909
MEDIUM
CVSS 5.3
Information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Information Disclosure
Android
-
CVE-2025-36908
MEDIUM
CVSS 6.7
In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
Privilege Escalation
Android
Google
-
CVE-2025-36902
MEDIUM
CVSS 6.7
In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Privilege Escalation
Android
Google
-
CVE-2025-36900
MEDIUM
CVSS 6.7
In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Integer Overflow
Android
Google
-
CVE-2025-36893
MEDIUM
CVSS 5.5
In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
Android
Google
-
CVE-2025-32330
MEDIUM
CVSS 5.7
In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity.
Information Disclosure
Android
Google
-
CVE-2025-26463
MEDIUM
CVSS 5.5
In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
Denial Of Service
Android
-
CVE-2025-26456
MEDIUM
CVSS 5.5
In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Android
Google
-
CVE-2025-26453
MEDIUM
CVSS 5.5
In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Information Disclosure
Android
Google
-
CVE-2025-26449
MEDIUM
CVSS 5.5
In multiple locations, there is a possible permanent denial of service due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
Denial Of Service
Android
Google
-
CVE-2025-26448
MEDIUM
CVSS 5.5
In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Buffer Overflow
Information Disclosure
Android
Google
-
CVE-2025-26445
MEDIUM
CVSS 5.5
In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Authentication Bypass
Information Disclosure
Android
Google
-
CVE-2025-26442
MEDIUM
CVSS 5.5
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect verification of proper intent filters in NLS due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
Authentication Bypass
Information Disclosure
Android
Google
-
CVE-2025-26441
MEDIUM
CVSS 6.5
In add_attr of sdp_discovery.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Buffer Overflow
Information Disclosure
Android
Google
-
CVE-2025-26437
MEDIUM
CVSS 5.5
In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Authentication Bypass
Information Disclosure
Android
Google
-
CVE-2025-26432
MEDIUM
CVSS 5.5
In multiple locations, there is a possible way to persistently DoS the device due to a missing length check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Denial Of Service
Android
Google
-
CVE-2025-26429
MEDIUM
CVSS 5.5
In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Denial Of Service
Android
Google
-
CVE-2025-26427
MEDIUM
CVSS 4.4
In multiple locations, there is a possible Android/data access due to a path traversal error. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity.
Privilege Escalation
Google
Path Traversal
Android
-
CVE-2025-26426
MEDIUM
CVSS 5.1
In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "android" package due to improper input validation. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Google
Privilege Escalation
Java
Android
-
CVE-2025-26425
MEDIUM
CVSS 4.0
In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.
Google
Privilege Escalation
Android
-
CVE-2025-26424
MEDIUM
CVSS 4.0
In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.
Authentication Bypass
Information Disclosure
Android
Google
-
CVE-2025-26423
MEDIUM
CVSS 6.2
In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a permanent DoS due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
Denial Of Service
Privilege Escalation
Android
Google
-
CVE-2025-26422
MEDIUM
CVSS 4.0
In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.
Privilege Escalation
Android
Google
-
CVE-2025-26421
MEDIUM
CVSS 4.0
In multiple locations, there is a possible lock screen bypass due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.
Authentication Bypass
Privilege Escalation
Android
Google
-
CVE-2025-26420
MEDIUM
CVSS 4.4
In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity.
Privilege Escalation
Java
Android
Google
-
CVE-2025-25048
MEDIUM
CVSS 6.5
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
IBM
Information Disclosure
Jazz Foundation
-
CVE-2025-23302
MEDIUM
CVSS 4.2
NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. Rated medium severity (CVSS 4.2). No vendor patch available.
Denial Of Service
Nvidia
-
CVE-2025-23301
MEDIUM
CVSS 4.2
NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. Rated medium severity (CVSS 4.2). No vendor patch available.
Denial Of Service
Nvidia
-
CVE-2025-23262
MEDIUM
CVSS 6.3
NVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass
Denial Of Service
Nvidia
Information Disclosure
-
CVE-2025-23261
MEDIUM
CVSS 5.5
NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass
Nvidia
-
CVE-2025-23259
MEDIUM
CVSS 6.5
NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver (PMD), where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Denial Of Service
Information Disclosure
Nvidia
Race Condition
Suse
-
CVE-2025-22425
MEDIUM
CVSS 5.1
In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.
Privilege Escalation
Android
Google
-
CVE-2025-22415
MEDIUM
CVSS 4.0
In android_app of Android.bp, there is a possible way to launch any activity as a system user. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Google
Privilege Escalation
Android
-
CVE-2025-9942
MEDIUM
CVSS 5.3
A vulnerability has been found in CodeAstro Real Estate Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Authentication Bypass
PHP
File Upload
Real Estate Management System
-
CVE-2025-9941
MEDIUM
CVSS 5.3
A flaw has been found in CodeAstro Real Estate Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Authentication Bypass
PHP
File Upload
Real Estate Management System
-
CVE-2025-9940
MEDIUM
CVSS 5.1
A vulnerability was detected in CodeAstro Real Estate Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHP
XSS
Real Estate Management System
-
CVE-2025-9939
MEDIUM
CVSS 5.1
A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
PHP
XSS
Real Estate Management System
-
CVE-2025-9937
MEDIUM
CVSS 5.3
A security flaw has been discovered in elunez eladmin 1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information Disclosure
-
CVE-2025-9936
MEDIUM
CVSS 5.3
A vulnerability was identified in fuyang_lipengjun platform 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Information Disclosure
Platform
-
CVE-2025-9935
MEDIUM
CVSS 6.9
A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Command Injection
N600r Firmware
TOTOLINK
-
CVE-2025-9934
MEDIUM
CVSS 5.3
A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Command Injection
X5000r Firmware
TOTOLINK
-
CVE-2025-9933
MEDIUM
CVSS 6.9
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHP
SQLi
Beauty Parlour Management System
-
CVE-2025-9932
MEDIUM
CVSS 6.9
A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHP
SQLi
Beauty Parlour Management System
-
CVE-2025-9931
MEDIUM
CVSS 5.3
A vulnerability was detected in Jinher OA 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Jinher Oa
-
CVE-2025-9930
MEDIUM
CVSS 6.9
A security vulnerability has been detected in 1000projects Beauty Parlour Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHP
SQLi
Beauty Parlour Management System
-
CVE-2025-9929
MEDIUM
CVSS 4.8
A weakness has been identified in code-projects Responsive Blog Site 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHP
XSS
Responsive Blog Site
-
CVE-2025-9616
MEDIUM
CVSS 5.3
The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
CSRF
PHP
-
CVE-2025-9516
MEDIUM
CVSS 4.9
The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'custom_log' parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
Information Disclosure
PHP
-
CVE-2025-9467
MEDIUM
CVSS 5.3
When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass
-
CVE-2025-6785
MEDIUM
CVSS 4.7
Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Code Injection
-
CVE-2025-2694
MEDIUM
CVSS 4.8
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM
XSS
Sterling B2b Integrator
Sterling File Gateway
-
CVE-2025-0087
MEDIUM
CVSS 5.1
In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Privilege Escalation
Android
Google
-
CVE-2025-0077
MEDIUM
CVSS 4.0
In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.
Privilege Escalation
Android
Google
-
CVE-2024-56189
MEDIUM
CVSS 6.5
In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Android
Google
-
CVE-2024-49739
MEDIUM
CVSS 4.0
In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
Privilege Escalation
Android
Google
-
CVE-2024-49731
MEDIUM
CVSS 4.0
In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Privilege Escalation
Android
Google
-
CVE-2024-43184
MEDIUM
CVSS 6.1
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
IBM
XSS
Jazz Foundation
-
CVE-2024-40664
MEDIUM
CVSS 6.2
In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Denial Of Service
Java
Android
Google
-
CVE-2024-13073
MEDIUM
CVSS 4.7
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft TaskPano allows Cross-Site Scripting (XSS).06.04. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
-
CVE-2024-13071
MEDIUM
CVSS 4.3
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft e-Mutabakat allows Cross-Site Scripting (XSS).02.05 before v2.02.06. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
-
CVE-2025-58701
None
Rejected reason: Not used. No vendor patch available.
Information Disclosure
-
CVE-2025-58700
None
Rejected reason: Not used. No vendor patch available.
Information Disclosure
-
CVE-2025-58699
None
Rejected reason: Not used. No vendor patch available.
Information Disclosure
-
CVE-2025-58698
None
Rejected reason: Not used. No vendor patch available.
Information Disclosure
-
CVE-2025-58697
None
Rejected reason: Not used. No vendor patch available.
Information Disclosure
-
CVE-2025-58696
None
Rejected reason: Not used. No vendor patch available.
Information Disclosure
-
CVE-2025-58695
None
Rejected reason: Not used. No vendor patch available.
Information Disclosure
-
CVE-2025-58694
None
Rejected reason: Not used. No vendor patch available.
Information Disclosure
-
CVE-2025-58171
None
Rejected reason: This CVE is a duplicate of another CVE. No vendor patch available.
Information Disclosure
-
CVE-2025-58064
LOW
CVSS 2.3
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
RCE
XSS
-
CVE-2025-26428
LOW
CVSS 3.2
In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. Rated low severity (CVSS 3.2), this vulnerability is no authentication required, low attack complexity.
Authentication Bypass
Privilege Escalation
Android
Google
-
CVE-2025-26419
LOW
CVSS 3.3
In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Privilege Escalation
Android
Google
-
CVE-2025-2667
LOW
CVSS 2.7
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
IBM
Information Disclosure
Sterling B2b Integrator
Sterling File Gateway
-
CVE-2025-0076
LOW
CVSS 3.3
In multiple locations, there is a possible way to view icons belonging to another user due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Authentication Bypass
Information Disclosure
Android
Google