Lucene search
K

160 matches found

RedhatCVE
RedhatCVE
added 2025/09/20 12:30 a.m.14 views

CVE-2025-57452

In realme BackupRestore app v15.1.122810c08250314, improper URI scheme handling in com.coloros.pc.PcToolMainActivity allows local attackers to cause a crash and potential XSS via crafted ADB intents...

6.1CVSS5.8AI score0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/06 4:23 a.m.7 views

CVE-2025-21021

Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory...

5.7CVSS0.00129EPSS
Exploits0References1
CVE
CVE
added 2025/08/06 4:23 a.m.21 views

CVE-2025-21010

CVE-2025-21010 affects SamsungAccount prior to SMR Aug-2025 Release 1. The root cause is improper privilege management that can allow a local attacker with high privileges to deactivate a Samsung account. Impact is feasible deactivation with local access; CVSS v3.1 vector: AV:L/AC:L/PR:H/UI:N/S:C...

6CVSS6.2AI score0.00129EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/06 12:0 a.m.7 views

PT-2025-32109 · Unknown · Blockchain Keystore

Name of the Vulnerable Software and Affected Versions: Blockchain Keystore versions prior to 1.3.17.2 Description: An out-of-bounds read issue exists in Blockchain Keystore. This allows local privileged attackers to read out-of-bounds memory. Recommendations: Update Blockchain Keystore to version...

4.4CVSS6.2AI score0.00147EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/07/25 12:0 a.m.5 views

NewStart CGSL MAIN 7.02 : libarchive Multiple Vulnerabilities (NS-SA-2025-0118)

The remote NewStart CGSL host, running version MAIN 7.02, has libarchive packages installed that are affected by multiple vulnerabilities: - listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified othe...

7.8CVSS4.4AI score0.87896EPSS
Exploits4References13
NVD
NVD
added 2025/07/08 11:15 a.m.7 views

CVE-2025-21009

Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption...

5.5CVSS0.00118EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/08 10:34 a.m.9 views

CVE-2025-21009

Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption...

5.5CVSS0.00118EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/19 12:0 a.m.5 views

PT-2025-26236 · Unknown +1 · Webassembly Wabt +1

Name of the Vulnerable Software and Affected Versions: WebAssembly wabt versions up to 1.0.37 Description: A vulnerability was found in WebAssembly wabt, classified as problematic. The function OnDataCount of the file src/interp/binary-reader-interp.cc is affected, leading to resource consumption...

4.8CVSS3.8AI score0.00189EPSS
Exploits1References19
RedhatCVE
RedhatCVE
added 2025/06/06 5:12 a.m.17 views

CVE-2025-20993

Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory...

4CVSS6.9AI score0.00126EPSS
Exploits0References1
NVD
NVD
added 2025/06/04 5:15 a.m.11 views

CVE-2025-20992

Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory...

7.7CVSS0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/28 5:8 p.m.20 views

CVE-2025-32802 Insecure handling of file paths allows multiple local attacks

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...

6.1CVSS0.00195EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/28 5:8 p.m.10 views

CVE-2025-32802 Insecure handling of file paths allows multiple local attacks

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...

6.1CVSS7AI score0.00195EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2025/05/28 12:0 a.m.7 views

ISC KEA -- Multiple vulnerabilities

Internet Systems Consortium, Inc. reports: Loading a malicious hook library can lead to local privilege escalation https://kb.isc.org/docs/cve-2025-32801 Insecure handling of file paths allows multiple local attacks https://kb.isc.org/docs/cve-2025-32802 Insecure file permissions can result in...

7.8CVSS6.7AI score0.00233EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/05/26 6:31 a.m.8 views

CVE-2025-5173 HumanSignal label-studio-ml-backend PT File neural_nets.py load deserialization

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/labelstudioml/examples/yolo/utils/neuralnets.py of the...

5.3CVSS5.4AI score0.00188EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:10 a.m.5 views

CVE-2024-6040

In parisneo/lollms-webui version v9.8, the lollmsbindinginfos is missing the clientid parameter, which leads to multiple security vulnerabilities. Specifically, the endpoints /reloadbinding, /installbinding, /reinstallbinding, /unInstallbinding, /setactivebindingsettings, and /updatebindingsettin...

8.8CVSS7.1AI score0.00161EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:31 a.m.7 views

CVE-2024-20884

Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API...

7.8CVSS6.6AI score0.00148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:57 p.m.5 views

CVE-2022-33728

Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal...

4CVSS6.2AI score0.00088EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:14 p.m.12 views

CVE-2021-22420

A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist mechanism is missing...

7.8CVSS6.8AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:48 p.m.10 views

CVE-2020-14027

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLELOCALINFILE, that can be leveraged by attackers to enable MySQL Load Data Local rogue MySQL server attacks...

5.3CVSS6.8AI score0.00843EPSS
Exploits1
NVD
NVD
added 2025/05/13 2:15 p.m.33 views

CVE-2024-36340

A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure...

6.6CVSS0.00136EPSS
Exploits0References1
Rows per page
Query Builder