Skip to main content
CVE-2025-32347 HIGH PATCH This Week

In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32346 HIGH This Week

In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32332 HIGH This Week

In multiple locations, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Denial Of Service Privilege Escalation +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32327 HIGH PATCH This Week

In multiple functions of PickerDbFacade.java, there is a possible unauthorized data access due to SQL injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation SQLi Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32326 HIGH PATCH This Week

In multiple functions of AppRestrictionsFragment.java, there is a possible way to bypass intent security check due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32325 HIGH PATCH This Week

In appendFrom of Parcel.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32324 HIGH PATCH This Week

In onCommand of ActivityManagerShellCommand.java, there is a possible arbitrary activity launch due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32321 HIGH PATCH This Week

In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-26455 HIGH PATCH This Week

In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-58355 HIGH PATCH This Week

Soft Serve is a self-hostable Git server for the command line. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Suse
NVD GitHub
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-48556 HIGH PATCH This Week

In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-48547 HIGH This Week

In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-26443 HIGH PATCH This Week

In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-48548 HIGH PATCH This Week

In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-48532 HIGH This Week

In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a confused deputy. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-43772 HIGH PATCH This Week

Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
7.1
EPSS
0.9%
CVE-2025-38728 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Dell Linux Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-38715 HIGH PATCH CISA This Week

A slab-out-of-bounds vulnerability exists in the Linux kernel's HFS filesystem implementation in the hfs_bnode_read() function, allowing local attackers with low privileges to trigger out-of-bounds memory access. The vulnerability can result in information disclosure (high confidentiality impact) and denial of service through system crashes (high availability impact). With an EPSS score of only 0.01% (3rd percentile), active exploitation appears unlikely despite patches being available from the vendor.

Linux Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-38714 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() The hfsplus_bnode_read() method can trigger the issue: [ 174.852007][. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Debian Linux Buffer Overflow Ubuntu Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-38713 HIGH PATCH CISA This Week

A slab-out-of-bounds read vulnerability exists in the Linux kernel's HFS Plus filesystem driver, specifically in the hfsplus_uni2asc() function called during directory read operations. Local attackers with low privileges can trigger this vulnerability by performing directory listing operations on crafted HFS Plus filesystems, leading to high confidentiality impact through kernel memory disclosure and high availability impact via potential kernel crashes. With an EPSS score of 0.01% (3rd percentile), active exploitation in the wild is currently minimal, though patches are available from the vendor.

Linux Buffer Overflow Information Disclosure Ubuntu Debian
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-38680 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() The buffer length check before calling uvc_parse_format() only. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Linux Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-48537 HIGH PATCH This Week

In multiple locations, there is a possible way to persistently DoS the device due to improper input validation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Android Google
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-38679 HIGH PATCH CISA This Week

In the Linux kernel, the following vulnerability has been resolved: media: venus: Fix OOB read due to missing payload bound check Currently, The event_seq_changed() handler processes a variable. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-48545 HIGH PATCH This Week

In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-48533 HIGH This Week

In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-55238 HIGH This Month

Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dynamics 365
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-58353 HIGH This Month

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-48543 HIGH KEV PATCH THREAT Act Now

Android Chrome sandbox contains a use-after-free enabling sandbox escape and local privilege escalation to attack the Android system_server process.

Memory Corruption Google Use After Free Denial Of Service Privilege Escalation +2
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-26454 HIGH PATCH This Month

In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Java Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22441 HIGH This Month

In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-0089 HIGH This Month

In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-49714 HIGH PATCH This Month

In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32312 HIGH PATCH This Month

In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Privilege Escalation Java Android Google
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26452 HIGH PATCH This Month

In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-26450 HIGH PATCH This Month

In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-26444 HIGH PATCH This Month

In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-9636 HIGH PATCH This Month

pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Pgadmin 4 Suse
NVD GitHub
CVSS 3.1
7.9
EPSS
0.0%
CVE-2025-38730 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: io_uring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38722 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: habanalabs: fix UAF in export_dmabuf() As soon as we'd inserted a file reference into descriptor table, another thread could close. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38703 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Make dma-fences compliant with the safe access rules Xe can free some of the data pointed to by the dma-fences it exports. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38688 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iommufd: Prevent ALIGN() overflow When allocating IOVA the candidate range gets aligned to the target alignment. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38682 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: i2c: core: Fix double-free of fwnode in i2c_unregister_device() Before commit df6d7277e552 ("i2c: core: Do not dereference fwnode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23258 HIGH This Month

NVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian package for arm64 that could allow an attacker with low privileges to escalate privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Privilege Escalation Debian
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-23257 HIGH This Month

NVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian package that could allow an actor with low privileges to escalate privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Privilege Escalation Debian
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-23256 HIGH This Month

NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Nvidia Information Disclosure
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-57263 HIGH POC This Month

An authenticated SQL injection vulnerability in VX Guestbook 1.07 allows attackers with admin access to inject malicious SQL payloads via the "word" POST parameter in the words.php admin panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Vx Guestbook
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-7388 HIGH This Month

It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Java
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2025-41035 HIGH This Month

A problem has been discovered in appRain CMF 4.0.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apprain
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-41034 HIGH This Month

An SQL injection vulnerability has been found in appRain CMF 4.0.5. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apprain
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-41033 HIGH This Month

An SQL injection vulnerability has been found in appRain CMF 4.0.5. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apprain
NVD
CVSS 4.0
8.7
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy