Total
34067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21026 | 2 Google, Samsung | 4 Android, Android, Mobile and 1 more | 2025-09-11 | 4 Medium |
| Improper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the call. | ||||
| CVE-2025-21025 | 2 Google, Samsung | 4 Android, Android, Mobile and 1 more | 2025-09-11 | 5.1 Medium |
| Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background execution management. | ||||
| CVE-2025-5387 | 2 Huayi-tec, Jeewms | 2 Jeewms, Jeewms | 2025-09-11 | 6.3 Medium |
| A vulnerability classified as critical has been found in JeeWMS up to 20250504. Affected is the function dogenerate of the file /generateController.do?dogenerate of the component File Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | ||||
| CVE-2025-5389 | 2 Huayi-tec, Jeewms | 2 Jeewms, Jeewms | 2025-09-11 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the file /generateController.do?dogenerateOne2Many of the component File Handler. The manipulation leads to improper access controls. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2025-5390 | 2 Huayi-tec, Jeewms | 2 Jeewms, Jeewms | 2025-09-11 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedeal of the file /systemController/filedeal.do of the component File Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | ||||
| CVE-2025-9093 | 1 Buzzfeed | 1 Buzzfeed | 2025-09-11 | 5.3 Medium |
| A security vulnerability has been detected in BuzzFeed App 2024.9 on Android. This affects an unknown part of the file AndroidManifest.xml of the component com.buzzfeed.android. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9102 | 1 Mail | 1 Mail.com | 2025-09-11 | 5.3 Medium |
| A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-9139 | 1 Scada-lts | 1 Scada-lts | 2025-09-11 | 4.3 Medium |
| A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor explains: "[T]he risks of indicated vulnerabilities seem to be minimal as all scenarios likely require admin permissions. Moreover, regardless our team fixes those vulnerabilities - the overall risk change to the user due to malicious admin actions will not be lower." | ||||
| CVE-2024-6504 | 1 Rapid7 | 1 Insightvm | 2025-09-11 | 4.3 Medium |
| Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. There is no indication that an attacker can use this method to escalate privilege, acquire unauthorized access to data, or gain control of protected resources. This issue is fixed in version 6.6.261. | ||||
| CVE-2025-58276 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-11 | 6.8 Medium |
| Permission verification vulnerability in the home screen module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-58445 | 1 Runatlantis | 1 Atlantis | 2025-09-10 | 7.5 High |
| Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix. | ||||
| CVE-2025-57808 | 1 Esphome | 2 Esphome, Esphome Firmware | 2025-09-10 | 8.1 High |
| ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's web_server authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value. This allows access to web_server functionality (including OTA, if enabled) without knowing any information about the correct username or password. This issue has been patched in version 2025.8.1. | ||||
| CVE-2025-9695 | 2 Galleryvault, Google | 2 Gallery Vault, Android | 2025-09-10 | 5.3 Medium |
| A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.thinkyeah.galleryvault. The manipulation leads to improper export of android application components. The attack can only be performed from a local environment. The exploit is publicly available and might be used. | ||||
| CVE-2025-47161 | 1 Microsoft | 1 Defender For Endpoint | 2025-09-10 | 7.8 High |
| Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-47732 | 1 Microsoft | 1 Dataverse | 2025-09-10 | 8.7 High |
| Microsoft Dataverse Remote Code Execution Vulnerability | ||||
| CVE-2025-29955 | 1 Microsoft | 3 Windows 11 24h2, Windows Server 2022 23h2, Windows Server 2025 | 2025-09-10 | 6.2 Medium |
| Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally. | ||||
| CVE-2025-32703 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-09-10 | 5.5 Medium |
| Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-29976 | 1 Microsoft | 1 Sharepoint Server | 2025-09-10 | 7.8 High |
| Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29968 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-09-10 | 6.5 Medium |
| Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-21293 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-09-09 | 8.8 High |
| Active Directory Domain Services Elevation of Privilege Vulnerability | ||||