CVE-2025-48523

In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48524

In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-58438 internetarchive is vulnerable to Directory Traversal through file downloads

internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal path traversal vulnerability in the File.download method of the internetarchive library. The file.download method does not properly sanitize user-supplied filenames or...

CVE-2025-26450

In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...

CVE-2025-7388

It was possible to perform Remote Command Execution RCE via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permitted manipulation of a configuration property...

DEBIAN-CVE-2025-9566

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Malicious code in robux-codes-unlimited-generation-method-fkzkdz (npm)

The package robux-codes-unlimited-generation-method-fkzkdz was found to contain malicious code...

MAL-2025-45303 Malicious code in new-method-coin-master-free-spins-fdkdmspef (npm)

The package new-method-coin-master-free-spins-fdkdmspef was found to contain malicious code...

Malicious code in coin-master-free-spins-method-2023-working-and-updated-kefle (npm)

The package coin-master-free-spins-method-2023-working-and-updated-kefle was found to contain malicious code...

Fixed in Apache Tomcat 11.0.11

Low: Console manipulation via escape sequences in log messages CVE-2025-55754 Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...

ROS-20250905-07

A vulnerability in the user locking mechanism of the Vault Enterprise and Vault Community Edition enterprise data archiving platforms is due to the application not performing the correct normalization of the application. Enterprise and Vault Community Edition is related to the fact that the...

CVE-2025-32324

In onCommand of ActivityManagerShellCommand.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48562

CVE-2025-48562 is an Android information-disclosure flaw caused by a logic error in the writeContent function of RemotePrintDocument.java. The issue can lead to local information disclosure without additional execution privileges, and exploitation requires user interaction. Multiple connected sou...

CVE-2025-48524

In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48523

In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-32347

CVE-2025-32347 affects the Android BiometricEnrollIntroduction.java onStart path, where an unsafe PendingIntent can disclose the device’s location, enabling local privilege elevation with no extra privileges. Exploitation requires user interaction. Root cause: unsafe PendingIntent leading to info...

CVE-2025-26450

In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...

CVE-2025-26450

In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...

CVE-2025-22425

In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...