Skip to main content
CVE-2025-48603 MEDIUM PATCH This Month

In InputMethodInfo of InputMethodInfo.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48590 MEDIUM PATCH This Month

In verifyAndGetBypass of AppOpsService.java, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48576 MEDIUM PATCH This Month

In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48608 MEDIUM This Month

In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Authentication Bypass Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48604 MEDIUM PATCH This Month

In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Authentication Bypass Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48600 MEDIUM PATCH This Month

In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Authentication Bypass Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48591 MEDIUM This Month

In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Authentication Bypass Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48607 MEDIUM PATCH This Month

In multiple locations, there is a possible way to create a large amount of app ops due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48584 MEDIUM PATCH This Month

In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-12635 MEDIUM This Month

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-66323 MEDIUM This Month

CVE-2025-66323 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-66322 MEDIUM This Month

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Information Disclosure Race Condition Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-66321 MEDIUM This Month

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Information Disclosure Race Condition Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-66320 MEDIUM This Month

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Information Disclosure Race Condition Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-14253 MEDIUM This Month

Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files.

Path Traversal Vitalsesp
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-66330 MEDIUM This Month

App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Information Disclosure Harmonyos
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-12832 MEDIUM This Month

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

IBM SSRF Infosphere Information Server
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-65229 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in the web interface of Lyrion Music Server <= 9.0.3. An authenticated user with access to Settings Player can save arbitrary HTML/JavaScript in the Player name field. That value is stored by the server and later rendered without proper output encoding on the Information (Player Info) tab, causing the script to execute in the context of any user viewing that page.

XSS Lyrion Music Server
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-64499 MEDIUM PATCH This Month

Tuleap is a free and open source suite for management of software development and collaboration. Tuleap Community Editon versions prior to 17.0.99.1762456922 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 are vulnerable to CSRF attacks through planning management API. Attackers have access to create, edit or remove plans. This issue is fixed in Tuleap Community Edition version 17.0.99.1762456922 and Tuleap Enterprise Edtion versions 17.0-2, 16.13-7 and 16.12-10.

CSRF Tuleap
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-64760 MEDIUM PATCH This Month

Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763126988 and Tuleap Enterprise Edition prior to 17.0-3 and 16.13-8 have missing CSRF protections which allow attackers to create or remove tracker triggers. This issue is fixed in Tuleap Community Edition version 17.0.99.1763126988 and Tuleap Enterprise Edition versions 17.0-3 and 16.13-8.

CSRF Tuleap
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-64498 MEDIUM PATCH This Month

Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. This issue is fixed in version Tuleap Community Edition version 17.0.99.1762444754 and Tuleap Enterprise Edition versions 17.0-2, 16.13-7 and 16.12-10.

CSRF Tuleap
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-48614 MEDIUM PATCH This Month

In rebootWipeUserData of RecoverySystem.java, there is a possible way to factory reset the device while in DSU mode due to a missing permission check. This could lead to physical denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Authentication Bypass Denial Of Service Android Google
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-58279 MEDIUM This Month

Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Information Disclosure Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-33111 MEDIUM This Month

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks.

IBM Information Disclosure Controller Cognos Controller
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-14262 MEDIUM PATCH This Month

A security vulnerability in KNIME Business Hub (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Business Hub
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-66329 MEDIUM This Month

Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.

Privilege Escalation
NVD
CVSS 3.1
4.0
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy