{
"Source": "CVE FEED",
"Title": "CVE-2025-8299 - Realtek rtl81xx SDK Wi-Fi Driver Heap-based Buffer Overflow Privilege Escalation",
"Content": "CVE ID : CVE-2025-8299
Published : Sept. 2, 2025, 8:15 p.m. | 1 hour, 53 minutes ago
Description : Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the MgntActSet_TEREDO_SET_RS_PACKET function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25857.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-8299 - Realtek rtl81xx SDK Wi-Fi Driver Heap-based Buffer Overflow Privilege Escalation",
"Content": "CVE ID : CVE-2025-8299
Published : Sept. 2, 2025, 8:15 p.m. | 1 hour, 53 minutes ago
Description : Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the MgntActSet_TEREDO_SET_RS_PACKET function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25857.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-8300 - Realtek rtl81xx SDK Wi-Fi Driver Heap-based Buffer Overflow Local Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-8300
Published : Sept. 2, 2025, 8:15 p.m. | 1 hour, 53 minutes ago
Description : Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the N6CSet_DOT11_CIPHER_DEFAULT_KEY function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26552.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-8300 - Realtek rtl81xx SDK Wi-Fi Driver Heap-based Buffer Overflow Local Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-8300
Published : Sept. 2, 2025, 8:15 p.m. | 1 hour, 53 minutes ago
Description : Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the N6CSet_DOT11_CIPHER_DEFAULT_KEY function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26552.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-7975 - Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-7975
Published : Sept. 2, 2025, 8:15 p.m. | 1 hour, 53 minutes ago
Description : Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of CHX files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-26913.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-7975 - Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-7975
Published : Sept. 2, 2025, 8:15 p.m. | 1 hour, 53 minutes ago
Description : Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of CHX files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-26913.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-7976 - Anritsu ShockLine CHX File Parsing Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-7976
Published : Sept. 2, 2025, 8:15 p.m. | 1 hour, 53 minutes ago
Description : Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of CHX files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26882.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-7976 - Anritsu ShockLine CHX File Parsing Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-7976
Published : Sept. 2, 2025, 8:15 p.m. | 1 hour, 53 minutes ago
Description : Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of CHX files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26882.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-6685 - ATEN eco DC Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-6685
Published : Sept. 2, 2025, 8:15 p.m. | 1 hour, 54 minutes ago
Description : ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based interface. The issue results from the lack of validating the assigned user role when handling requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-26647.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-6685 - ATEN eco DC Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-6685
Published : Sept. 2, 2025, 8:15 p.m. | 1 hour, 54 minutes ago
Description : ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability.
The specific flaw exists within the web-based interface. The issue results from the lack of validating the assigned user role when handling requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-26647.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-7974 - Rocket.Chat Authorization Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-7974
Published : Sept. 2, 2025, 8:15 p.m. | 1 hour, 53 minutes ago
Description : rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the web service, which listens on TCP port 3000 by default. The issue results from incorrect authorization. An attacker can leverage this vulnerability to disclose information in the context of the application. Was ZDI-CAN-26517.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-7974 - Rocket.Chat Authorization Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-7974
Published : Sept. 2, 2025, 8:15 p.m. | 1 hour, 53 minutes ago
Description : rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the web service, which listens on TCP port 3000 by default. The issue results from incorrect authorization. An attacker can leverage this vulnerability to disclose information in the context of the application. Was ZDI-CAN-26517.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-9840 - iSourcecode Sports Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9840
Published : Sept. 2, 2025, 11:15 p.m. | 56 minutes ago
Description : A weakness has been identified in itsourcecode Sports Management System 1.0. The impacted element is an unknown function of the file /Admin/gametype.php. Executing manipulation of the argument code can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-9840 - iSourcecode Sports Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9840
Published : Sept. 2, 2025, 11:15 p.m. | 56 minutes ago
Description : A weakness has been identified in itsourcecode Sports Management System 1.0. The impacted element is an unknown function of the file /Admin/gametype.php. Executing manipulation of the argument code can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-9839 - iSourcecode Student Information Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9839
Published : Sept. 2, 2025, 11:15 p.m. | 56 minutes ago
Description : A security flaw has been discovered in itsourcecode Student Information Management System 1.0. The affected element is an unknown function of the file /admin/modules/course/index.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-9839 - iSourcecode Student Information Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9839
Published : Sept. 2, 2025, 11:15 p.m. | 56 minutes ago
Description : A security flaw has been discovered in itsourcecode Student Information Management System 1.0. The affected element is an unknown function of the file /admin/modules/course/index.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-22438 - Android InputDispatcher Use After Free Vulnerability",
"Content": "CVE ID : CVE-2025-22438
Published : Sept. 2, 2025, 11:15 p.m. | 56 minutes ago
Description : In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-22438 - Android InputDispatcher Use After Free Vulnerability",
"Content": "CVE ID : CVE-2025-22438
Published : Sept. 2, 2025, 11:15 p.m. | 56 minutes ago
Description : In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-22439 - Android ActionHandler Java Missing Permission Check Local Privilege Escalation",
"Content": "CVE ID : CVE-2025-22439
Published : Sept. 2, 2025, 11:15 p.m. | 56 minutes ago
Description : In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-22439 - Android ActionHandler Java Missing Permission Check Local Privilege Escalation",
"Content": "CVE ID : CVE-2025-22439
Published : Sept. 2, 2025, 11:15 p.m. | 56 minutes ago
Description : In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-22442 - Samsung DevicePolicyManagerService Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-22442
Published : Sept. 2, 2025, 11:15 p.m. | 56 minutes ago
Description : In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-22442 - Samsung DevicePolicyManagerService Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-22442
Published : Sept. 2, 2025, 11:15 p.m. | 56 minutes ago
Description : In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-26416 - LibTIFF SkBmp Standard Codec Heap Buffer Overflow",
"Content": "CVE ID : CVE-2025-26416
Published : Sept. 2, 2025, 11:15 p.m. | 56 minutes ago
Description : In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-26416 - LibTIFF SkBmp Standard Codec Heap Buffer Overflow",
"Content": "CVE ID : CVE-2025-26416
Published : Sept. 2, 2025, 11:15 p.m. | 56 minutes ago
Description : In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-9838 - iSourcecode Student Information Management System SQL Injection",
"Content": "CVE ID : CVE-2025-9838
Published : Sept. 2, 2025, 11:15 p.m. | 56 minutes ago
Description : A vulnerability was identified in itsourcecode Student Information Management System 1.0. Impacted is an unknown function of the file /admin/modules/subject/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-9838 - iSourcecode Student Information Management System SQL Injection",
"Content": "CVE ID : CVE-2025-9838
Published : Sept. 2, 2025, 11:15 p.m. | 56 minutes ago
Description : A vulnerability was identified in itsourcecode Student Information Management System 1.0. Impacted is an unknown function of the file /admin/modules/subject/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-22429 - Apache HTTP Server Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-22429
Published : Sept. 2, 2025, 11:15 p.m. | 57 minutes ago
Description : In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-22429 - Apache HTTP Server Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-22429
Published : Sept. 2, 2025, 11:15 p.m. | 57 minutes ago
Description : In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-22431 - Cisco Phone Emergency Services Denial of Service",
"Content": "CVE ID : CVE-2025-22431
Published : Sept. 2, 2025, 11:15 p.m. | 57 minutes ago
Description : In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. This could lead to local denial of service until the phone reboots with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-22431 - Cisco Phone Emergency Services Denial of Service",
"Content": "CVE ID : CVE-2025-22431
Published : Sept. 2, 2025, 11:15 p.m. | 57 minutes ago
Description : In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. This could lead to local denial of service until the phone reboots with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-22433 - Google Android IntentForwarderActivity.java Cross-Profile Intent Filter Bypass Local Privilege Escalation",
"Content": "CVE ID : CVE-2025-22433
Published : Sept. 2, 2025, 11:15 p.m. | 57 minutes ago
Description : In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-22433 - Google Android IntentForwarderActivity.java Cross-Profile Intent Filter Bypass Local Privilege Escalation",
"Content": "CVE ID : CVE-2025-22433
Published : Sept. 2, 2025, 11:15 p.m. | 57 minutes ago
Description : In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-22434 - Android Phone Lock Screen Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-22434
Published : Sept. 2, 2025, 11:15 p.m. | 57 minutes ago
Description : In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-22434 - Android Phone Lock Screen Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-22434
Published : Sept. 2, 2025, 11:15 p.m. | 57 minutes ago
Description : In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-22435 - AVDT Memory Corruption Type Confusion Vulnerability",
"Content": "CVE ID : CVE-2025-22435
Published : Sept. 2, 2025, 11:15 p.m. | 57 minutes ago
Description : In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-22435 - AVDT Memory Corruption Type Confusion Vulnerability",
"Content": "CVE ID : CVE-2025-22435
Published : Sept. 2, 2025, 11:15 p.m. | 57 minutes ago
Description : In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-22437 - Android Media Button Receiver Activity Hijacking",
"Content": "CVE ID : CVE-2025-22437
Published : Sept. 2, 2025, 11:15 p.m. | 56 minutes ago
Description : In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-22437 - Android Media Button Receiver Activity Hijacking",
"Content": "CVE ID : CVE-2025-22437
Published : Sept. 2, 2025, 11:15 p.m. | 56 minutes ago
Description : In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-22428 - Google Android Local Escalation of Privilege",
"Content": "CVE ID : CVE-2025-22428
Published : Sept. 2, 2025, 11:15 p.m. | 57 minutes ago
Description : In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-22428 - Google Android Local Escalation of Privilege",
"Content": "CVE ID : CVE-2025-22428
Published : Sept. 2, 2025, 11:15 p.m. | 57 minutes ago
Description : In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-22430 - Apache Access Control Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-22430
Published : Sept. 2, 2025, 11:15 p.m. | 57 minutes ago
Description : In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-22430 - Apache Access Control Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-22430
Published : Sept. 2, 2025, 11:15 p.m. | 57 minutes ago
Description : In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹