CVE-2025-58487

Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege...

Malicious code in karemm3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bd722766b62cd6170d4f383859a06e6a2a680b4a27dfad18580d867812e57c0 The package karemm3 was found to contain malicious code. Source: ossf-package-analysis f604c8fe5fbfae97b812b063b2707f681c1499484e959e7229a06227b1607b...

CVE-2025-58487

Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege...

CVE-2025-58487

The advisory concerns Samsung Account, where an improper authorization flaw before version 15.5.01.1 could let a local attacker launch arbitrary activities under Samsung Account privileges. The issue, described consistently across multiple feeds (NVD, Red Hat, CVE lists, regional advisories), is ...

CVE-2025-58487

Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege...

EUVD-2025-200131

Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege...

CVE-2025-58487

Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege...

PT-2025-48605

Name of the Vulnerable Software and Affected Versions Samsung Account versions prior to 15.5.01.1 Description An improper authorization issue exists in Samsung Account. This allows a local attacker to launch arbitrary activity with Samsung Account privileges. Recommendations Update Samsung Accoun...

CERTFR-2025-ACT-052

creationtimestamp| type| source ---|---|--- 2025-12-01 13:24:26+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3m6wjmyxrdx2w 2025-12-01 13:24:27+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/115644528440908877 2025-12-01 13:39:09+00:00| seen|...

PT-2025-49015

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A flaw exists in the Framework component of Android operating systems due to insufficient input validation. This issue may allow an attacker to elevate their privileges. The issue resides...

ASB-A-376461726

In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...

ASB-A-385736540

In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-289809991

In notifyTimeout of CallRedirectionProcessor, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-326571066

In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

ASB-A-299633613

In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PUB-A-369100626

In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Malicious code in eslint-plugin-react-hooks-published (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 647dedd2c8ea8a9cef54b85666b74459095d17369da310d54a0c1960f87dafe6 The package eslint-plugin-react-hooks-published was found to contain malicious code. Source: ghsa-malware...

Malicious code in browser-client-neptune (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9ad0cf7ca8faf91e654dc6ceb89ca235f191edc099334e5d8cf1a070bfb128a The package browser-client-neptune was found to contain malicious code. Source: ghsa-malware...

CVE-2022-37055

creationtimestamp| type| source ---|---|--- 2025-11-27 11:52:43+00:00| seen| https://threatintel.cc/2025/11/27/botnet-takes-advantage-of-aws.html 2025-11-27 12:52:30+00:00| seen| https://infosec.exchange/users/edwardk/statuses/115621753678740046 2025-11-27 15:20:22+00:00| seen|...

CVE-2025-33203

creationtimestamp| type| source ---|---|--- 2025-11-26 16:25:11+00:00| seen| https://infosec.exchange/users/AAKL/statuses/115616927159484156 2025-11-26 17:31:15+00:00| seen| https://mastodon.social/ap/users/115426718704364579/statuses/115617187434161563 2025-11-26 17:31:31+00:00| seen|...