Monthly
Permission bypass in Huawei HarmonyOS and EMUI LBS (Location-Based Services) module enables highly-privileged local attackers with user interaction to achieve full compromise across security contexts (confidentiality, integrity, availability impact). CVSS 7.7 HIGH severity. No public exploit identified at time of analysis. Attack requires local access, high privileges (administrator/root), user interaction, but succeeds with low complexity once prerequisites met. Scope change (S:C) indicates container escape or privilege boundary violation beyond the vulnerable component.
Freepbx versions up to 17.0.5 contains a vulnerability that allows attackers to forge a valid JWT with full access to the REST and GraphQL APIs on a FreePBX tha (CVSS 7.5).
Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for malicious userspace processes. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.
Under heavy system utilization a random race condition can occur during authentication or token refresh operation. Rated medium severity (CVSS 6.0). No vendor patch available.
CVE-2025-46406 is a security vulnerability (CVSS 5.6) that allows a privileged operator with high level access. Remediation should follow standard vulnerability management procedures.
A security vulnerability in XWiki (CVSS 3.5). Risk factors: public PoC available. Vendor patch is available.
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest's virtualised GPU memory. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.
Permission bypass in Huawei HarmonyOS and EMUI LBS (Location-Based Services) module enables highly-privileged local attackers with user interaction to achieve full compromise across security contexts (confidentiality, integrity, availability impact). CVSS 7.7 HIGH severity. No public exploit identified at time of analysis. Attack requires local access, high privileges (administrator/root), user interaction, but succeeds with low complexity once prerequisites met. Scope change (S:C) indicates container escape or privilege boundary violation beyond the vulnerable component.
Freepbx versions up to 17.0.5 contains a vulnerability that allows attackers to forge a valid JWT with full access to the REST and GraphQL APIs on a FreePBX tha (CVSS 7.5).
Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for malicious userspace processes. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.
Under heavy system utilization a random race condition can occur during authentication or token refresh operation. Rated medium severity (CVSS 6.0). No vendor patch available.
CVE-2025-46406 is a security vulnerability (CVSS 5.6) that allows a privileged operator with high level access. Remediation should follow standard vulnerability management procedures.
A security vulnerability in XWiki (CVSS 3.5). Risk factors: public PoC available. Vendor patch is available.
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest's virtualised GPU memory. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.