CVE-2025-21022

CVE-2025-21022 affects Samsung Galaxy Wearable prior to 2.2.63.25042861. The issue is improper access control that could allow a local attacker to access sensitive information. Affected component is Galaxy Wearable software; root cause is access-control weakness. Mitigation seen in PT-2025-32113 ...

CVE-2025-21021

Summary: CVE-2025-21021 describes an out-of-bounds write in the drawing pinpad of Samsung’s Blockchain Keystore. Affected component: Blockchain Keystore (drawing pinpad) prior to version 1.3.17.2. Root cause / vulnerability: out-of-bounds memory write, enabling a local privileged attacker to writ...

CVE-2025-21012

CVE-2025-21012 - Galaxy Watch fall detection : Affected product is Samsung Galaxy Watch; vulnerability is an improper access control in the fall-detection feature, allowing a local attacker to modify the configuration before the SMR Aug-2025 Release 1. Root cause: inadequate authorization for loc...

CVE-2025-8613

creationtimestamp| type| source ---|---|--- 2025-08-06 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-805/ 2025-09-02 23:21:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lxvazgzilv27...

CVE-2025-54645

Out-of-bounds array access issue due to insufficient data verification in the location service module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2025-54644

Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2025-54643

Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2025-8647

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...

CVE-2025-20696

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215;...

CVE-2025-8632 Kenwood DMX958XR Firmware Update Command Injection Vulnerability

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...

CVE-2023-43039

creationtimestamp| type| source ---|---|--- 2025-08-06 01:04:20+00:00| seen| MISP/853ff921-86fb-463b-bc2a-2860bf336b81 2025-08-21 10:03:54+00:00| seen| MISP/853ff921-86fb-463b-bc2a-2860bf336b81...

CVE-2025-49529

creationtimestamp| type| source ---|---|--- 2025-08-06 01:04:19+00:00| seen| MISP/853ff921-86fb-463b-bc2a-2860bf336b81 2025-08-21 10:03:52+00:00| seen| MISP/853ff921-86fb-463b-bc2a-2860bf336b81...

CVE-2025-44962

RUCKUS SmartZone SZ before 6.1.2p3 Refresh Build allows ../ directory traversal to read files...

CVE-2025-45766

CVE-2025-45766 relates to the Poco library, specifically version 1.14.1-release , which is described as having a weakness in encryption. The description notes a dispute over whether key lengths should be determined by the application using the library rather than by the library itself. The connec...

CVE-2025-50688

creationtimestamp| type| source ---|---|--- 2025-08-05 21:34:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvonxysoc62c...

CVE-2025-51387

creationtimestamp| type| source ---|---|--- 2025-08-05 21:02:19+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lvom73tdfa24...

CVE-2025-46658

creationtimestamp| type| source ---|---|--- 2025-08-05 17:23:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvo7ydeekg2p...

CVE-2025-7769

creationtimestamp| type| source ---|---|--- 2025-08-05 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-217-02 2025-08-05 16:06:34+00:00| seen| https://bsky.app/profile/pigondrugs.bsky.social/post/3lvo3obrv5y2b 2025-08-07 00:05:37+00:00| seen|...

CVE-2025-8295 Employee Directory <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter

The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccessmsg’ parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

CVE-2025-52239

creationtimestamp| type| source ---|---|--- 2025-08-05 04:31:39+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lvmutnbacx2k...