CVE-2023-3666 - WordPress Sticky Side Buttons Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2023-3666
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-3666
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21025 - Samsung Mobile Remote Access Vulnerability - Access Control Bypass
CVE ID : CVE-2025-21025
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background execution management.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21025
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background execution management.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21026 - Samsung ImsService Permission Bypass Vulnerability
CVE ID : CVE-2025-21026
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the call.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21026
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the call.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21027 - "Google ImsService Broadcast Receiver Intent Verification Vulnerability"
CVE ID : CVE-2025-21027
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper verification of intent by broadcast receiver in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to temporarily disable the SIM.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21027
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper verification of intent by broadcast receiver in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to temporarily disable the SIM.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21028 - Xiaomi MiUI ThemeManager Privilege Escalation Vulnerability
CVE ID : CVE-2025-21028
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21028
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21029 - Samsung System UI Message Replay Vulnerability
CVE ID : CVE-2025-21029
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21029
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21030 - Samsung Android Privilege Escalation
CVE ID : CVE-2025-21030
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21030
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21031 - Samsung ImsService Privilege Escalation Vulnerability
CVE ID : CVE-2025-21031
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21031
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21032 - Samsung One UI Home Physical Kiosk Mode Bypass Vulnerability
CVE ID : CVE-2025-21032
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21032
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21033 - Samsung ContactProvider Information Disclosure Vulnerability
CVE ID : CVE-2025-21033
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21033
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21034 - Apache HTTP Server Out-of-bounds Write Vulnerability
CVE ID : CVE-2025-21034
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21034
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21035 - Samsung Calendar Privilege Escalation Vulnerability
CVE ID : CVE-2025-21035
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21035
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21036 - Samsung Notes Cross-Site Scripting (XSS)
CVE ID : CVE-2025-21036
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21036
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21037 - Samsung Notes Data Exfiltration via Physical Attack
CVE ID : CVE-2025-21037
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. User interaction is required for triggering this vulnerability.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21037
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. User interaction is required for triggering this vulnerability.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21038 - Samsung S Assistant Intent Verification Bypass Vulnerability
CVE ID : CVE-2025-21038
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21038
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21039 - Samsung S Assistant Intent Verification Bypass Vulnerability
CVE ID : CVE-2025-21039
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21039
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21040 - Google Assistant Improper Intent Verification Vulnerability
CVE ID : CVE-2025-21040
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21040
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21041 - Android Secure Folder Authentication Bypass
CVE ID : CVE-2025-21041
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21041
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58272 - Web Caster CSRF
CVE ID : CVE-2025-58272
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page created by an attacker, the settings of the product may be unintentionally changed.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58272
Published : Sept. 3, 2025, 6:15 a.m. | 38 minutes ago
Description : Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page created by an attacker, the settings of the product may be unintentionally changed.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-32444 - InspiryThemes RealHomes Privilege Escalation Vulnerability
CVE ID : CVE-2024-32444
Published : Sept. 3, 2025, 7:15 a.m. | 3 hours, 39 minutes ago
Description : Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation.This issue affects RealHomes: from n/a through 4.3.6.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-32444
Published : Sept. 3, 2025, 7:15 a.m. | 3 hours, 39 minutes ago
Description : Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation.This issue affects RealHomes: from n/a through 4.3.6.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58210 - Makeaholic Missing Authorization Vulnerability
CVE ID : CVE-2025-58210
Published : Sept. 3, 2025, 7:15 a.m. | 3 hours, 39 minutes ago
Description : Missing Authorization vulnerability in ThemeMove Makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through 1.8.5.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58210
Published : Sept. 3, 2025, 7:15 a.m. | 3 hours, 39 minutes ago
Description : Missing Authorization vulnerability in ThemeMove Makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through 1.8.5.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...