CVE-2025-21021

Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory...

CVE-2025-21010

CVE-2025-21010 affects SamsungAccount prior to SMR Aug-2025 Release 1. The root cause is improper privilege management that can allow a local attacker with high privileges to deactivate a Samsung account. Impact is feasible deactivation with local access; CVSS v3.1 vector: AV:L/AC:L/PR:H/UI:N/S:C...

PT-2025-32109 · Unknown · Blockchain Keystore

Name of the Vulnerable Software and Affected Versions: Blockchain Keystore versions prior to 1.3.17.2 Description: An out-of-bounds read issue exists in Blockchain Keystore. This allows local privileged attackers to read out-of-bounds memory. Recommendations: Update Blockchain Keystore to version...

NewStart CGSL MAIN 7.02 : libarchive Multiple Vulnerabilities (NS-SA-2025-0118)

The remote NewStart CGSL host, running version MAIN 7.02, has libarchive packages installed that are affected by multiple vulnerabilities: - listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified othe...

CVE-2025-21009

Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption...

CVE-2025-21009

Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption...

PT-2025-26236 · Unknown +1 · Webassembly Wabt +1

Name of the Vulnerable Software and Affected Versions: WebAssembly wabt versions up to 1.0.37 Description: A vulnerability was found in WebAssembly wabt, classified as problematic. The function OnDataCount of the file src/interp/binary-reader-interp.cc is affected, leading to resource consumption...

CVE-2025-20993

Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory...

CVE-2025-20992

Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory...

CVE-2025-32802 Insecure handling of file paths allows multiple local attacks

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...

CVE-2025-32802 Insecure handling of file paths allows multiple local attacks

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...

ISC KEA -- Multiple vulnerabilities

Internet Systems Consortium, Inc. reports: Loading a malicious hook library can lead to local privilege escalation https://kb.isc.org/docs/cve-2025-32801 Insecure handling of file paths allows multiple local attacks https://kb.isc.org/docs/cve-2025-32802 Insecure file permissions can result in...

CVE-2025-5173 HumanSignal label-studio-ml-backend PT File neural_nets.py load deserialization

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/labelstudioml/examples/yolo/utils/neuralnets.py of the...

CVE-2024-6040

In parisneo/lollms-webui version v9.8, the lollmsbindinginfos is missing the clientid parameter, which leads to multiple security vulnerabilities. Specifically, the endpoints /reloadbinding, /installbinding, /reinstallbinding, /unInstallbinding, /setactivebindingsettings, and /updatebindingsettin...

CVE-2024-20884

Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API...

CVE-2022-33728

Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal...

CVE-2021-22420

A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist mechanism is missing...

CVE-2020-14027

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLELOCALINFILE, that can be leveraged by attackers to enable MySQL Load Data Local rogue MySQL server attacks...

CVE-2024-36340

A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure...

CVE-2025-20979

Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code...