CVE-2025-0093 - Android Device AdapterService Remote Information Disclosure Vulnerability
CVE ID : CVE-2025-0093
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0093
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22403 - "Vulnerability in Google SDP's SDP Disovery Service: Arbitrary Code Execution"
CVE ID : CVE-2025-22403
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22403
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22404 - Qualcomm AvCT LCB Act Use After Free Privilege Escalation
CVE ID : CVE-2025-22404
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In avct_lcb_msg_ind of avct_lcb_act.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22404
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In avct_lcb_msg_ind of avct_lcb_act.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22405 - Apache HTTP Server Use After Free Arbitrary Code Execution
CVE ID : CVE-2025-22405
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22405
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22406 - Apache OpenWRT bnep Use After Free Local Privilege Escalation
CVE ID : CVE-2025-22406
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In bnepu_check_send_packet of bnep_utils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22406
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In bnepu_check_send_packet of bnep_utils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22407 - BlueZ Use After Free Remote Information Disclosure
CVE ID : CVE-2025-22407
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22407
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22408 - Citrix NetScaler Use-After-Free Remote Code Execution Vulnerability
CVE ID : CVE-2025-22408
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22408
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22409 - RFC TS Frames Use After Free Local Privilege Escalation
CVE ID : CVE-2025-22409
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22409
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22410 - Apache HTTP Server Use-After-Free Remote Code Execution Vulnerability
CVE ID : CVE-2025-22410
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22410
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22411 - Cisco SDP Use After Free Remote Code Execution Vulnerability
CVE ID : CVE-2025-22411
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In process_service_attr_rsp of sdp_discovery.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22411
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In process_service_attr_rsp of sdp_discovery.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22412 - Apache SDP Server Use-After-Free Remote Code Execution Vulnerability
CVE ID : CVE-2025-22412
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22412
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22413 - Apache HTTP Server Privilege Escalation Vulnerability
CVE ID : CVE-2025-22413
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In multiple functions of hyp-main.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22413
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In multiple functions of hyp-main.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26417 - Google Android Confused Deputy Local Information Disclosure
CVE ID : CVE-2025-26417
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26417
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-35112 - Agiloft XML External Entities (XXE)
CVE ID : CVE-2025-35112
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-35112
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-35113 - Agiloft Remote Code Execution Vulnerability
CVE ID : CVE-2025-35113
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-35113
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-35114 - Agiloft Default Credentials Privilege Escalation
CVE ID : CVE-2025-35114
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-35114
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-35115 - Agiloft Insecure Package Download Vulnerability
CVE ID : CVE-2025-35115
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-35115
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57820 - Svelte Devalue Prototype Pollution Vulnerability
CVE ID : CVE-2025-57820
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a __proto__ property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype pollution. This issue has been fixed in version 5.3.2
Severity: 7.9 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57820
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a __proto__ property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype pollution. This issue has been fixed in version 5.3.2
Severity: 7.9 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9277 - SiteSEO - WordPress Stored Cross-Site Scripting
CVE ID : CVE-2025-9277
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the broken preg_replace expression in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9277
Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 21 minutes ago
Description : The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the broken preg_replace expression in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8490 - All-in-One WP Migration and Backup Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8490
Published : Aug. 27, 2025, 12:15 a.m. | 2 hours, 20 minutes ago
Description : The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8490
Published : Aug. 27, 2025, 12:15 a.m. | 2 hours, 20 minutes ago
Description : The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7732 - WordPress Lazy Load for Videos Stored Cross-Site Scripting
CVE ID : CVE-2025-7732
Published : Aug. 27, 2025, 3:15 a.m. | 3 hours, 22 minutes ago
Description : The Lazy Load for Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lazy‑loading handlers in all versions up to, and including, 2.18.7 due to insufficient input sanitization and output escaping. The plugin’s JavaScript registration handlers read the client‑supplied 'data-video-title' and 'href' attributes, decode HTML entities by default, and pass them directly into DOM sinks without any escaping or validation. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7732
Published : Aug. 27, 2025, 3:15 a.m. | 3 hours, 22 minutes ago
Description : The Lazy Load for Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lazy‑loading handlers in all versions up to, and including, 2.18.7 due to insufficient input sanitization and output escaping. The plugin’s JavaScript registration handlers read the client‑supplied 'data-video-title' and 'href' attributes, decode HTML entities by default, and pass them directly into DOM sinks without any escaping or validation. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...