{
"Source": "CVE FEED",
"Title": "CVE-2025-35060 - Newforma Info Exchange (NIX) stored XSS via SVG file upload",
"Content": "CVE ID : CVE-2025-35060
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-35060 - Newforma Info Exchange (NIX) stored XSS via SVG file upload",
"Content": "CVE ID : CVE-2025-35060
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-35061 - Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServices.asmx",
"Content": "CVE ID : CVE-2025-35061
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-35061 - Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServices.asmx",
"Content": "CVE ID : CVE-2025-35061
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-35062 - Newforma Info Exchange (NIX) default anonymous access",
"Content": "CVE ID : CVE-2025-35062
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-35062 - Newforma Info Exchange (NIX) default anonymous access",
"Content": "CVE ID : CVE-2025-35062
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-11450 - Reflected Cross Site Scripting in ServiceNow AI Platform",
"Content": "CVE ID : CVE-2025-11450
Published : Oct. 10, 2025, 2:15 a.m. | 23 minutes ago
Description : ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link.
ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-11450 - Reflected Cross Site Scripting in ServiceNow AI Platform",
"Content": "CVE ID : CVE-2025-11450
Published : Oct. 10, 2025, 2:15 a.m. | 23 minutes ago
Description : ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link.
ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-11449 - Reflected Cross Site Scripting in ServiceNow AI Platform",
"Content": "CVE ID : CVE-2025-11449
Published : Oct. 10, 2025, 2:15 a.m. | 23 minutes ago
Description : ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link.
ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configuration. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-11449 - Reflected Cross Site Scripting in ServiceNow AI Platform",
"Content": "CVE ID : CVE-2025-11449
Published : Oct. 10, 2025, 2:15 a.m. | 23 minutes ago
Description : ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link.
ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configuration. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10124 - Booking Manager < 2.1.15 - Contributor+ Booking Deletion",
"Content": "CVE ID : CVE-2025-10124
Published : Oct. 10, 2025, 6:15 a.m. | 25 minutes ago
Description : The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10124 - Booking Manager < 2.1.15 - Contributor+ Booking Deletion",
"Content": "CVE ID : CVE-2025-10124
Published : Oct. 10, 2025, 6:15 a.m. | 25 minutes ago
Description : The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-61871 - Buffalo INC. NAS Navigator2 Unquoted Service Path Privilege Escalation",
"Content": "CVE ID : CVE-2025-61871
Published : Oct. 10, 2025, 5:15 a.m. | 1 hour, 25 minutes ago
Description : NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-61871 - Buffalo INC. NAS Navigator2 Unquoted Service Path Privilege Escalation",
"Content": "CVE ID : CVE-2025-61871
Published : Oct. 10, 2025, 5:15 a.m. | 1 hour, 25 minutes ago
Description : NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-11570 - Drupal Pattern Lab Unified Twig Extensions Cross-site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-11570
Published : Oct. 10, 2025, 5:15 a.m. | 1 hour, 25 minutes ago
Description : Versions of the package drupal-pattern-lab/unified-twig-extensions from 0.0.0 are vulnerable to Cross-site Scripting (XSS) due to insufficient filtering of data.
**Note:**
This is exploitable only if the code is executed outside of Drupal; the function is intended to be shared between Drupal and Pattern Lab.
The package drupal-pattern-lab/unified-twig-extensions is unmaintained, the fix for this issue exists in version 1.1.1 of [drupal/unified_twig_ext]()
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-11570 - Drupal Pattern Lab Unified Twig Extensions Cross-site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-11570
Published : Oct. 10, 2025, 5:15 a.m. | 1 hour, 25 minutes ago
Description : Versions of the package drupal-pattern-lab/unified-twig-extensions from 0.0.0 are vulnerable to Cross-site Scripting (XSS) due to insufficient filtering of data.
**Note:**
This is exploitable only if the code is executed outside of Drupal; the function is intended to be shared between Drupal and Pattern Lab.
The package drupal-pattern-lab/unified-twig-extensions is unmaintained, the fix for this issue exists in version 1.1.1 of [drupal/unified_twig_ext]()
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-11569 - Apache Cross-Zip Directory Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-11569
Published : Oct. 10, 2025, 5:15 a.m. | 1 hour, 25 minutes ago
Description : All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync() and unzipSync () functions that allow arguments such as __dirname. An attacker can access system files by selectively doing zip/unzip operations.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-11569 - Apache Cross-Zip Directory Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-11569
Published : Oct. 10, 2025, 5:15 a.m. | 1 hour, 25 minutes ago
Description : All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync() and unzipSync () functions that allow arguments such as __dirname. An attacker can access system files by selectively doing zip/unzip operations.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-62292 - SonarQube Information Disclosure",
"Content": "CVE ID : CVE-2025-62292
Published : Oct. 10, 2025, midnight | 6 hours, 40 minutes ago
Description : In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-62292 - SonarQube Information Disclosure",
"Content": "CVE ID : CVE-2025-62292
Published : Oct. 10, 2025, midnight | 6 hours, 40 minutes ago
Description : In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-40640 - Multiple vulnerabilities in Energy CRM by Status Tracker",
"Content": "CVE ID : CVE-2025-40640
Published : Oct. 10, 2025, 8:19 a.m. | 21 minutes ago
Description : Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to โ/crm/create_invoice_submit.phpโ, using the โcustomerName_0โ parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-40640 - Multiple vulnerabilities in Energy CRM by Status Tracker",
"Content": "CVE ID : CVE-2025-40640
Published : Oct. 10, 2025, 8:19 a.m. | 21 minutes ago
Description : Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to โ/crm/create_invoice_submit.phpโ, using the โcustomerName_0โ parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-21067 - Samsung Notes Out-of-Bounds Read",
"Content": "CVE ID : CVE-2025-21067
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-21067 - Samsung Notes Out-of-Bounds Read",
"Content": "CVE ID : CVE-2025-21067
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-21068 - Samsung Notes Out-of-bounds Read Vulnerability",
"Content": "CVE ID : CVE-2025-21068
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Out-of-bounds read in the reading of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-21068 - Samsung Notes Out-of-bounds Read Vulnerability",
"Content": "CVE ID : CVE-2025-21068
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Out-of-bounds read in the reading of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-21069 - Samsung Notes OOB Read Vulnerability",
"Content": "CVE ID : CVE-2025-21069
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Out-of-bounds read in the parsing of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-21069 - Samsung Notes OOB Read Vulnerability",
"Content": "CVE ID : CVE-2025-21069
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Out-of-bounds read in the parsing of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-21070 - Samsung Notes Out-of-Bounds Write Buffer Overflow",
"Content": "CVE ID : CVE-2025-21070
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-21070 - Samsung Notes Out-of-Bounds Write Buffer Overflow",
"Content": "CVE ID : CVE-2025-21070
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-21062 - Smart Switch Cryptographic Algorithm Vulnerability (CWE-327)",
"Content": "CVE ID : CVE-2025-21062
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-21062 - Smart Switch Cryptographic Algorithm Vulnerability (CWE-327)",
"Content": "CVE ID : CVE-2025-21062
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-21063 - Samsung Voice Recorder Lock Screen File Access Vulnerability",
"Content": "CVE ID : CVE-2025-21063
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-21063 - Samsung Voice Recorder Lock Screen File Access Vulnerability",
"Content": "CVE ID : CVE-2025-21063
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-21065 - Zebra Technologies Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-21065
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Improper input validation in Retail Mode prior to version 5.59.11 allows self attackers to execute privileged commands on their own devices.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-21065 - Zebra Technologies Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-21065
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Improper input validation in Retail Mode prior to version 5.59.11 allows self attackers to execute privileged commands on their own devices.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-21066 - Samsung Notes SPI Decoder Out-of-Bounds Read Vulnerability",
"Content": "CVE ID : CVE-2025-21066
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Out-of-bounds read in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-21066 - Samsung Notes SPI Decoder Out-of-Bounds Read Vulnerability",
"Content": "CVE ID : CVE-2025-21066
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Out-of-bounds read in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-21061 - Smart Switch Plain Text Data Exposure Vulnerability",
"Content": "CVE ID : CVE-2025-21061
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User interaction is required for triggering this vulnerability.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-21061 - Smart Switch Plain Text Data Exposure Vulnerability",
"Content": "CVE ID : CVE-2025-21061
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User interaction is required for triggering this vulnerability.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-21064 - D-Link Smart Switch Authentication Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-21064
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to access transferring data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-21064 - D-Link Smart Switch Authentication Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-21064
Published : Oct. 10, 2025, 7:15 a.m. | 1 hour, 25 minutes ago
Description : Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to access transferring data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น