Skip to main content
CVE-2025-20765 MEDIUM This Month

In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10190802; Issue ID: MSV-4833.

Denial Of Service Race Condition Openwrt Android Yocto +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-58488 MEDIUM This Month

Improper verification of source of a communication channel in SmartTouchCall prior to version 1.0.1.1 allows remote attackers to access sensitive information. User interaction is required for triggering this vulnerability.

Information Disclosure Smart Touch Call
NVD
CVSS 3.1
4.5
EPSS
0.1%
CVE-2025-65105 MEDIUM PATCH This Month

A remote code execution vulnerability in Apptainer (CVSS 4.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Debian Red Hat Ubuntu Apptainer +1
NVD GitHub
CVSS 3.1
4.5
EPSS
0.0%
CVE-2025-64750 MEDIUM PATCH This Month

A remote code execution vulnerability (CVSS 4.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Ubuntu Debian Suse
NVD GitHub
CVSS 3.1
4.5
EPSS
0.0%
CVE-2025-13635 MEDIUM PATCH This Month

Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Google Authentication Bypass Ubuntu Debian Chrome +2
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-13634 MEDIUM PATCH This Month

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. (Chromium security severity: Medium)

Google Authentication Bypass Microsoft Ubuntu Debian +3
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-20789 MEDIUM This Month

In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538.

Information Disclosure Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-20788 MEDIUM This Month

In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID: MSV-4539.

Denial Of Service Buffer Overflow Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-13636 MEDIUM PATCH This Month

Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)

Google Authentication Bypass Ubuntu Debian Chrome +2
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-58478 MEDIUM This Month

Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-58477 MEDIUM This Month

Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-58480 MEDIUM This Month

Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-58479 MEDIUM This Month

Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-11726 MEDIUM PATCH This Month

The Beaver Builder - WordPress Page Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.9.4. This is due to insufficient capability checks in the REST API endpoints under the 'fl-controls/v1' namespace that control site-wide Global Presets. This makes it possible for authenticated attackers with contributor-level access and above to add, modify, or delete global color and background presets that affect all Beaver Builder content site-wide.

Authentication Bypass WordPress Beaver Builder PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13685 MEDIUM This Month

The Photo Gallery by Ays plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.8. This is due to missing nonce verification on the bulk action functionality in the 'process_bulk_action()' function. This makes it possible for unauthenticated attackers to perform bulk operations (delete, publish, or unpublish galleries) via a forged request granted they can trick an administrator into performing an action such as clicking on a link.

CSRF WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13637 MEDIUM PATCH This Month

A security vulnerability in Downloads in Google Chrome (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Google Authentication Bypass Ubuntu Debian Chrome +2
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13140 MEDIUM This Month

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS_DeleteSurvey AJAX action. This makes it possible for unauthenticated attackers to delete surveys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CSRF WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13372 MEDIUM PATCH This Month

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. `FilteredRelation` is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet.annotate()` or `QuerySet.alias()` on PostgreSQL. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Stackered for reporting this issue.

SQLi PostgreSQL Python Ubuntu Debian +3
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-58476 MEDIUM This Month

Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-58486 MEDIUM This Month

A security vulnerability in Samsung Account (CVSS 4.0) that allows local attacker. Remediation should follow standard vulnerability management procedures.

Samsung Information Disclosure Account
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-58487 MEDIUM This Month

A security vulnerability in Samsung Account (CVSS 4.0) that allows local attacker. Remediation should follow standard vulnerability management procedures.

Samsung Information Disclosure Account
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-58484 MEDIUM This Month

A security vulnerability in Samsung Cloud Assistant (CVSS 4.0) that allows local attacker. Remediation should follow standard vulnerability management procedures.

Samsung Information Disclosure
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-41743 MEDIUM PATCH This Month

Insufficient encryption strength in Sprecher Automation SPRECON-E-C, SPRECON-E-P, and SPRECON-E-T3 allows a local unprivileged attacker to extract data from update images and thus obtain limited information about the architecture and internal processes.

Information Disclosure Sprecon E P Firmware Sprecon E C Firmware Sprecon E T3 Firmware
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-13640 LOW PATCH Monitor

Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the device. (Chromium security severity: Low)

Google Authentication Bypass Ubuntu Debian Chrome
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-13870 LOW PATCH Monitor

Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate the user permission when accessing the files and subscribing to the block in Boards, which allows an authenticated user to access other board files and was able to subscribe to the block from other boards that the user does not have access to

Authentication Bypass Debian
NVD GitHub
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-13877 LOW PATCH Monitor

A security vulnerability in nocobase (CVSS 5.6). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-13879 LOW Monitor

Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vulnerability allows an authenticated user with administrator privileges to list directories other than those to which the have authorized access using the 'directory' parameter in '/mod/ajax.php?action=sections/list/list'.For examplem setting the 'directory' parameter to '/' displays files outside the 'LOCAL:///' folder.

PHP Path Traversal
NVD
CVSS 3.1
2.7
EPSS
0.1%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy