Lucene search
K

4837 matches found

OSV
OSV
added 2025/09/04 8:15 p.m.4 views

CVE-2025-26439

In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS5.8AI score0.00082EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/04 6:34 p.m.1 views

CVE-2025-48559

In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.6AI score0.00085EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/04 6:34 p.m.4 views

CVE-2025-48554

In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation...

5.6AI score0.00079EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/04 5:14 p.m.3 views

CVE-2025-26449

In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.6AI score0.00076EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/04 5:14 p.m.4 views

CVE-2025-26432

In multiple locations, there is a possible way to persistently DoS the device due to a missing length check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5AI score0.00076EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/04 4:34 a.m.4 views

CVE-2025-9815

A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the attack on the loca...

8.5CVSS7.3AI score0.00268EPSS
Exploits1References1
OSV
OSV
added 2025/09/03 6:15 p.m.4 views

CVE-2025-56803

Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to childprocess.exec without validation, leading to...

8.4CVSS6.1AI score0.01058EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2025/09/03 12:29 p.m.5 views

CVE-2025-9778

A security vulnerability has been detected in Tenda W12 up to 3.0.0.63948. Affected is an unknown function of the file /etcro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is...

7CVSS6.3AI score0.0013EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.4 views

PT-2025-35692

Name of the Vulnerable Software and Affected Versions: S Assistant versions prior to 9.3.2 Description: Improper verification of intent by SamsungExceptionalBroadcastReceiver allows local attackers to modify itinerary information. Recommendations: Update S Assistant to version 9.3.2 or later...

5.1CVSS6.1AI score0.00101EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.5 views

PT-2025-35946

Name of the Vulnerable Software and Affected Versions NVIDIA BlueField affected versions not specified Description NVIDIA BlueField contains an issue in the management interface. An attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit...

8.7CVSS5.8AI score0.00134EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/09/02 10:37 a.m.5 views

CVE-2025-9725

A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high...

8.8CVSS6.4AI score0.00321EPSS
Exploits1References1
NVD
NVD
added 2025/09/02 1:15 a.m.5 views

CVE-2025-9806

A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etcro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high...

6.4CVSS0.00145EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/09/02 12:32 a.m.3 views

CVE-2025-9806 Tenda F1202 Administrative shadow hard-coded credentials

A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etcro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high...

1.9CVSS6.2AI score0.00145EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/09/02 12:0 a.m.6 views

PT-2025-35520

Name of the Vulnerable Software and Affected Versions: Tenda F1202 versions 1.2.0.9 through 1.2.0.20 Description: A vulnerability exists in the Tenda F1202 device, specifically impacting an unknown function within the /etc ro/shadow file of the Administrative Interface component. Manipulation of...

1.9CVSS3.9AI score0.00145EPSS
Exploits0References9
OSV
OSV
added 2025/09/01 12:15 p.m.5 views

CVE-2025-9778

A security vulnerability has been detected in Tenda W12 up to 3.0.0.63948. Affected is an unknown function of the file /etcro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is...

7CVSS4.6AI score0.0013EPSS
Exploits0References6
NVD
NVD
added 2025/09/01 12:15 p.m.6 views

CVE-2025-9778

A security vulnerability has been detected in Tenda W12 up to 3.0.0.63948. Affected is an unknown function of the file /etcro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is...

7CVSS0.0013EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/09/01 12:2 p.m.9 views

CVE-2025-9778 Tenda W12 Administrative shadow hard-coded credentials

A security vulnerability has been detected in Tenda W12 up to 3.0.0.63948. Affected is an unknown function of the file /etcro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is...

1.9CVSS0.0013EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/09/01 12:2 p.m.4 views

CVE-2025-9778 Tenda W12 Administrative shadow hard-coded credentials

A security vulnerability has been detected in Tenda W12 up to 3.0.0.63948. Affected is an unknown function of the file /etcro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is...

1.9CVSS6AI score0.0013EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/08/31 8:26 p.m.4 views

CVE-2025-9671

A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation can lead to improper export of android application components. The attack needs to be launched...

5.3CVSS5.3AI score0.00122EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/31 8:26 p.m.4 views

CVE-2025-9673

A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. The...

5.3CVSS5.2AI score0.00122EPSS
Exploits0References1
Rows per page
Query Builder