In multiple functions of arm-smmu-v3.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible way for an application on a work profile to set the main user's default NFC payment setting due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-48606 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-48620 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
CVE-2025-48629 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.
CVE-2025-48627 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In appendFrom of Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-48588 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
A remote code execution vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
CVE-2025-48628 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-48589 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
CVE-2025-48586 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
CVE-2025-48580 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-48536 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
CVE-2025-32329 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
CVE-2025-32328 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
CVE-2025-22420 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a reboot of the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
In initDecoder of C2SoftDav1dDec.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller (firmware 1.5.1799).
In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disassociation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2025-48621 is a security vulnerability (CVSS 7.3) that allows a tapjacking attack due. High severity vulnerability requiring prompt remediation. Vendor patch is available.
Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1.x) allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the web_action.do endpoint.
CVE-2025-14261 is a security vulnerability (CVSS 7.1). High severity vulnerability requiring prompt remediation.
Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Some endpoints in vulnerability-lookup that modified application state (e.g. changing database entries, user data, configurations, or other privileged actions) may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw leaves the application vulnerable to Cross-Site Request Forgery (CSRF) attacks: an attacker who tricks a logged-in user into visiting a malicious website could cause the user’s browser to issue GET requests that perform unintended state-changing operations in the context of their authenticated session. Because the server would treat these GET requests as valid (since no CSRF protection or POST method enforcement was in place), the attacker could exploit this to escalate privileges, change settings, or carry out other unauthorized actions without needing the user’s explicit consent or awareness. The fix ensures that all state-changing endpoints now require HTTP POST requests and include a valid CSRF token. This enforces that state changes cannot be triggered by arbitrary cross-site GET requests. This issue affects Vulnerability-Lookup: before 2.18.0.
In multiple locations, there is a possible intent filter bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In processLaunchBrowser of CommandParamsFactory.java, there is a possible browser interaction from the lockscreen due to improper locking. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
A remote code execution vulnerability (CVSS 6.7). Remediation should follow standard vulnerability management procedures.
In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.
In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a permissions bypass. This could lead to local escalation of privilege with user execution privileges needed. User interaction is not needed for exploitation.
Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-48598 is a security vulnerability (CVSS 6.6). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to cause a denial of service due to improper validation of a specified quantity size input.
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits.
Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This could potentially lead to information disclosure or denial of service.
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files.