Skip to main content
CVE-2025-26428 LOW PATCH Monitor

In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. Rated low severity (CVSS 3.2), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
3.2
EPSS
0.0%
CVE-2025-9937 LOW Monitor

A security flaw has been discovered in elunez eladmin 1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-9939 LOW Monitor

A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-55305 MEDIUM POC PATCH This Month

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Red Hat Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-55244 CRITICAL This Week

Azure Bot Service Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Microsoft Azure Ai Bot Service
NVD
CVSS 3.1
9.0
EPSS
0.1%
CVE-2025-55242 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xbox Gaming Services
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-55241 CRITICAL This Week

Azure Entra ID Elevation of Privilege Vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Entra Id
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2025-55238 HIGH This Month

Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Dynamics 365
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55209 MEDIUM This Month

contactmanager is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation XSS
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-58361 CRITICAL This Week

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-58353 HIGH This Month

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-48543 HIGH KEV PATCH THREAT Act Now

Android Chrome sandbox contains a use-after-free enabling sandbox escape and local privilege escalation to attack the Android system_server process.

Memory Corruption Google Use After Free Denial Of Service Privilege Escalation +2
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-26454 HIGH PATCH This Month

In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Java Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22441 HIGH This Month

In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Java Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-0089 HIGH This Month

In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-0076 LOW PATCH Monitor

In multiple locations, there is a possible way to view icons belonging to another user due to a missing permission check. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Android Google
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-49714 HIGH PATCH This Month

In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32312 HIGH PATCH This Month

In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Privilege Escalation Java Android Google
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26452 HIGH PATCH This Month

In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-26450 HIGH PATCH This Month

In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-26449 MEDIUM PATCH This Month

In multiple locations, there is a possible permanent denial of service due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-26448 MEDIUM PATCH This Month

In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-26445 MEDIUM PATCH This Month

In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-26444 HIGH PATCH This Month

In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-26424 MEDIUM PATCH Monitor

In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Information Disclosure Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-26423 MEDIUM PATCH This Month

In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a permanent DoS due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Privilege Escalation Android Google
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-26422 MEDIUM PATCH Monitor

In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-26421 MEDIUM PATCH Monitor

In multiple locations, there is a possible lock screen bypass due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-26420 MEDIUM PATCH Monitor

In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Java Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-22425 MEDIUM PATCH This Month

In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android Google
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-0087 MEDIUM This Month

In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-0077 MEDIUM PATCH Monitor

In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-49739 MEDIUM Monitor

In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-9636 HIGH PATCH This Month

pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Pgadmin 4 Suse
NVD GitHub
CVSS 3.1
7.9
EPSS
0.0%
CVE-2025-57576 MEDIUM POC This Month

PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) in /admin/updateorder.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Shopping Portal
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-38730 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: io_uring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38726 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect After the call to phy_disconnect() netdev->phydev is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38722 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: habanalabs: fix UAF in export_dmabuf() As soon as we'd inserted a file reference into descriptor table, another thread could close. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38720 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fix rtnl deadlock issue Currently, the hibmcge netdev acquires the rtnl_lock in pci_error_handlers.reset_prepare(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38719 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fix the division by zero issue When the network port is down, the queue is released, and ring->len is 0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38717 MEDIUM PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcm_unattach() syzbot found a race condition when kcm_unattach(psock) and kcm_release(kcm) are. Rated medium severity (CVSS 4.7).

Linux Information Disclosure Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-38716 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: hfs: fix general protection fault in hfs_find_init() The hfs_find_init() method can trigger the crash if tree pointer is NULL: [. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Canonical Debian Linux Denial Of Service +4
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38709 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: loop: Avoid updating block size under exclusive owner Syzbot came up with a reproducer where a loop device block size is changed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38705 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters (' ', '\n', '\0') to the under gpu_od/fan_ctrl sysfs or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Amd Linux Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38703 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Make dma-fences compliant with the safe access rules Xe can free some of the data pointed to by the dma-fences it exports. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38692 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: exfat: add cluster chain loop check for dir An infinite loop may occur if the following conditions occur due to file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38690 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/xe/migrate: prevent infinite recursion If the buf + offset is not aligned to XE_CAHELINE_BYTES we fallback to using a bounce. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38689 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix NULL dereference in avx512_status() Problem ------- With CONFIG_X86_DEBUG_FPU enabled, reading. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38688 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iommufd: Prevent ALIGN() overflow When allocating IOVA the candidate range gets aligned to the target alignment. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38686 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry When UFFDIO_MOVE encounters a migration PMD entry, it. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 4 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy