XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection when parsing DTD files. External entities referenced in a malicious DTD document are resolved and retrieved. This allows attackers to expose information from internal URLs that are not meant to be...

CVE-2025-20910

Incorrect default permission in Galaxy Watch Gallery prior to SMR Mar-2025 Release 1 allows local attackers to access data in Galaxy Watch Gallery...

CVE-2025-20910

CVE-2025-20910 affects Galaxy Watch Gallery versions prior to SMR Mar-2025 Release 1, where an incorrect default permission allows local attackers to access data in Galaxy Watch Gallery. The CVSS v3.1 vector (Local, Low attack complexity, No privileges, No user interaction) yields a base score of...

SUSE CVE-2025-22413

In multiple functions of hyp-main.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Linux Distros Unpatched Vulnerability : CVE-2023-49345

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a...

CVE-2025-20653

In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue I...

MediaTek Chipsets 缓冲区错误漏洞

MediaTek Chipsets is a family of chips from China's MediaTek Corporation MediaTek. A buffer error vulnerability exists in MediaTek Chipsets that stems from a lack of boundary checking and could lead to local information disclosure...

VulnCheck KEV: CVE-2018-1217

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local...

PT-2025-4179 · Samsung +1 · Secure Folder +3

Name of the Vulnerable Software and Affected Versions: Secure Folder versions prior to 1.9.20.50 in Android 14 Secure Folder versions prior to 1.8.11.0 in Android 13 Secure Folder versions prior to 1.7.04.0 in Android 12 Description: The issue is related to improper access control in Secure Folde...

PT-2025-2991 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a possible out of bounds read in the GetCellInfoList function of protocolnetadapter.cpp due to a missing bounds check. This coul...

CVE-2024-49416

Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information...

PT-2024-30284 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a confused deputy flaw in the visitUris of multiple files, which could lead to local information disclosure without requiring...

PT-2024-32342 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned. Description: The issue is related to a possible out-of-bounds read in the ProtocolMiscHwConfigChangeAdapter::GetData function, located in protocolmiscadapter.cpp. This could lead to local...

Google Pixel 安全漏洞

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from an out-of-bounds read vulnerability that stems from a lack of boundary checking, which can be exploited by an attacker to read local information out of bounds...

PYSEC-2024-215

Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to Server-Side Request Forgery SSRF in the /queue/join endpoint. Gradio’s asyncsaveurltocache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This...

Malicious code in quantum-visualization (npm)

The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d42dd8c61fb6c954a84e856396fe7c18901c2f57996f2a7a23947f4e124d4da7 Any computer that has this package installed or running...

CVE-2024-34643

Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability...

Apache Portable Runtime 安全漏洞

Apache Portable Runtime APR is an Apache Foundation library that provides an underlying support interface for upper-tier applications that can be used across multiple operating system platforms. A security vulnerability exists in Apache Portable Runtime versions 0.9.0 through 1.7.4, which stems...

openHAB 安全漏洞

openHAB is an open source home automation application from openHAB. A security vulnerability exists in openHAB versions prior to 4.2.1, which stems from the vulnerability of the CometVisu component to an unauthenticated path traversal attack, where an HTTP GET on the component can request a local...

Incorrect Error Handling

github.com/mattermost/mattermost-server is vulnerable to Incorrect Error Handling. The vulnerability is caused due to a failure to properly safeguard an error handling. This allows an attacker to permanently delete local data by abusing dangerous error handling, when share channels were enabled...