4837 matches found
CVE-2025-26439
In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...
CVE-2025-48559
In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48554
In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-26449
In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-26432
In multiple locations, there is a possible way to persistently DoS the device due to a missing length check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-9815
A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the attack on the loca...
CVE-2025-56803
Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...
CVE-2025-9778
A security vulnerability has been detected in Tenda W12 up to 3.0.0.63948. Affected is an unknown function of the file /etcro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is...
PT-2025-35692
Name of the Vulnerable Software and Affected Versions: S Assistant versions prior to 9.3.2 Description: Improper verification of intent by SamsungExceptionalBroadcastReceiver allows local attackers to modify itinerary information. Recommendations: Update S Assistant to version 9.3.2 or later...
PT-2025-35946
Name of the Vulnerable Software and Affected Versions NVIDIA BlueField affected versions not specified Description NVIDIA BlueField contains an issue in the management interface. An attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit...
CVE-2025-9725
A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high...
CVE-2025-9806
A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etcro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high...
CVE-2025-9806 Tenda F1202 Administrative shadow hard-coded credentials
A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etcro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high...
PT-2025-35520
Name of the Vulnerable Software and Affected Versions: Tenda F1202 versions 1.2.0.9 through 1.2.0.20 Description: A vulnerability exists in the Tenda F1202 device, specifically impacting an unknown function within the /etc ro/shadow file of the Administrative Interface component. Manipulation of...
CVE-2025-9778
A security vulnerability has been detected in Tenda W12 up to 3.0.0.63948. Affected is an unknown function of the file /etcro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is...
CVE-2025-9778
A security vulnerability has been detected in Tenda W12 up to 3.0.0.63948. Affected is an unknown function of the file /etcro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is...
CVE-2025-9778 Tenda W12 Administrative shadow hard-coded credentials
A security vulnerability has been detected in Tenda W12 up to 3.0.0.63948. Affected is an unknown function of the file /etcro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is...
CVE-2025-9778 Tenda W12 Administrative shadow hard-coded credentials
A security vulnerability has been detected in Tenda W12 up to 3.0.0.63948. Affected is an unknown function of the file /etcro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is...
CVE-2025-9671
A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation can lead to improper export of android application components. The attack needs to be launched...
CVE-2025-9673
A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. The...