CVE-2025-4497 code-projects Simple Banking System Sign In buffer overflow

A vulnerability was found in code-projects Simple Banking System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the component Sign In. The manipulation of the argument password2 leads to buffer overflow. Attacking locally is a requirement. The exploit has...

PT-2025-20646

Name of the Vulnerable Software and Affected Versions Discord version 1.0.9188 Description A critical issue has been found in Discord, affecting some unknown functionality in the library WINSTA.dll. This issue leads to an uncontrolled search path. The attack must be approached locally and has a...

CVE-2024-13944

Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via the creation of a symbolic link and...

CVE-2025-20970

Improper access control in Bixby Vision prior to version 3.8.1 in Android 13, 3.8.3 in Android 14, 3.8.21 in Android 15 allows local attackers to access image files with Bixby Vision privilege...

CVE-2025-20955

Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images...

CVE-2025-20960

Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api...

CVE-2025-20975

Improper Export of Android Application Components in AODService prior to version 8.8.28.12 allows local attackers to launch arbitrary activity with systemui privilege...

CVE-2025-4471 code-projects Jewelery Store Management system Search Item View stack-based overflow

A vulnerability, which was classified as critical, has been found in code-projects Jewelery Store Management system 1.0. Affected by this issue is some unknown functionality of the component Search Item View. The manipulation of the argument str2 leads to stack-based buffer overflow. The attack...

CVE-2025-4471

CVE-2025-4471 affects code-projects Jewelery Store Management system 1.0, specifically the Search Item View component. The vulnerability is a stack-based buffer overflow caused by manipulating the str2 argument, exploitable locally. The issue is documented across several sources (Red Hat, NVD, CN...

CVE-2025-4455 Patch My PC Home Updater System.IO uncontrolled search path

A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library...

Patch My PC Home Updater 代码问题漏洞

Patch My PC Home Updater is a lightweight third-party software updater tool from Patch My PC, Inc. A code issue vulnerability exists in Patch My PC Home Updater version 5.1.3.0 and prior versions, which stems from improperly controlled search paths for multiple DLL files, which could lead to a...

CVE-2025-20201

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific...

CVE-2025-20199

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific...

CVE-2025-20198

A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation when processing specific...

CVE-2025-20972

Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration...

CVE-2025-20972

Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration...

CVE-2025-20970

Improper access control in Bixby Vision prior to version 3.8.1 in Android 13, 3.8.3 in Android 14, 3.8.21 in Android 15 allows local attackers to access image files with Bixby Vision privilege...

CVE-2025-20960

CVE-2025-20960 affects CocktailBarService (Samsung) and is caused by improper handling of insufficient permissions in the service, enabling a local attacker to invoke the privileged API before the SMR May-2025 Release 1 patch. Connected sources confirm the issue applies to CocktailBarService vers...

CVE-2025-27241

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference...

CVE-2025-27248

in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference...