CVE-2025-48563 - Google Android Remote Fill Service Null Binding Privilege Escalation
CVE ID : CVE-2025-48563
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48563
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48581 - Apache Apex Local Privilege Escalation Vulnerability
CVE ID : CVE-2025-48581
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates through mainline installations due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48581
Published : Sept. 4, 2025, 6:34 p.m. | 32 minutes ago
Description : In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates through mainline installations due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-40664 - Samsung Android AccessibilityService Denial of Service Vulnerability
CVE ID : CVE-2024-40664
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-40664
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-49731 - Google Pixel Watch Local Privilege Escalation
CVE ID : CVE-2024-49731
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-49731
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22414 - FrpBypassAlertActivity Local Privilege Escalation
CVE ID : CVE-2025-22414
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22414
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22415 - Android RCE: Android System Activity Launcher
CVE ID : CVE-2025-22415
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22415
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26419 - Samsung Android FRP Bypass Vulnerability
CVE ID : CVE-2025-26419
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26419
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26431 - Android Accessibility Services Local Privilege Escalation
CVE ID : CVE-2025-26431
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26431
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26439 - Google Talkback Local Privilege Escalation
CVE ID : CVE-2025-26439
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26439
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32322 - Android MediaProjection Permission Activity Token Grant Vulnerability
CVE ID : CVE-2025-32322
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32322
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58353 - Promptcraft Forge Studio: Complete Sanitizer Bypass Enables XSS via Overlapping Patterns
CVE ID : CVE-2025-58353
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as r`eplace(/javascript:/gi, '')`. Because the package uses multi-character tokens and each replacement is applied only once, removing one occurrence can create a new dangerous token due to overlap. The “sanitized” value may still contain an executable payload when used in href/src (or injected into the DOM). There is currently no fix for this issue.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58353
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as r`eplace(/javascript:/gi, '')`. Because the package uses multi-character tokens and each replacement is applied only once, removing one occurrence can create a new dangerous token due to overlap. The “sanitized” value may still contain an executable payload when used in href/src (or injected into the DOM). There is currently no fix for this issue.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58361 - Promptcraft Forge Studio's incomplete URL check is vulnerable to XSS via SVG
CVE ID : CVE-2025-58361
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled URLs pass through src/utils/validation.ts, but the check only strips `javascript:` and a few patterns. `data:` URLs (for example data:image/svg+xml,…) still pass. If a sanitized value is used in href/src, an attacker can execute a script. There is currently no fix for this issue.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58361
Published : Sept. 4, 2025, 8:15 p.m. | 2 hours, 51 minutes ago
Description : Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled URLs pass through src/utils/validation.ts, but the check only strips `javascript:` and a few patterns. `data:` URLs (for example data:image/svg+xml,…) still pass. If a sanitized value is used in href/src, an attacker can execute a script. There is currently no fix for this issue.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55190 - Argo CD: Project API Token Exposes Repository Credentials
CVE ID : CVE-2025-55190
Published : Sept. 4, 2025, 10:37 p.m. | 29 minutes ago
Description : Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability does not only affect project-level permissions. Any token with project get permissions is also vulnerable, including global permissions such as: `p, role/user, projects, get, *, allow`. This issue is fixed in versions 2.13.9, 2.14.16, 3.0.14 and 3.1.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55190
Published : Sept. 4, 2025, 10:37 p.m. | 29 minutes ago
Description : Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability does not only affect project-level permissions. Any token with project get permissions is also vulnerable, including global permissions such as: `p, role/user, projects, get, *, allow`. This issue is fixed in versions 2.13.9, 2.14.16, 3.0.14 and 3.1.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55209 - FreePBX UCP is Vulnerable to Stored XSS Through its User Control Panel
CVE ID : CVE-2025-55209
Published : Sept. 4, 2025, 10:50 p.m. | 15 minutes ago
Description : contactmanager is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions 15.0.14 and below, 16.0.0 through 16.0.26.4 and 17.0.0 through 17.0.5, a stored cross-site scripting (XSS) vulnerability in FreePBX allows a low-privileged User Control Panel (UCP) user to inject malicious JavaScript into the system. The malicious code executes in the context of an administrator when they interact with the affected component, leading to session hijacking and potential privilege escalation. This issue is fixed in versions 15.0.14, 16.0.27 and 17.0.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55209
Published : Sept. 4, 2025, 10:50 p.m. | 15 minutes ago
Description : contactmanager is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions 15.0.14 and below, 16.0.0 through 16.0.26.4 and 17.0.0 through 17.0.5, a stored cross-site scripting (XSS) vulnerability in FreePBX allows a low-privileged User Control Panel (UCP) user to inject malicious JavaScript into the system. The malicious code executes in the context of an administrator when they interact with the affected component, leading to session hijacking and potential privilege escalation. This issue is fixed in versions 15.0.14, 16.0.27 and 17.0.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54914 - Azure Networking Elevation of Privilege Vulnerability
CVE ID : CVE-2025-54914
Published : Sept. 4, 2025, 11:15 p.m. | 3 hours, 51 minutes ago
Description : Azure Networking Elevation of Privilege Vulnerability
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54914
Published : Sept. 4, 2025, 11:15 p.m. | 3 hours, 51 minutes ago
Description : Azure Networking Elevation of Privilege Vulnerability
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55238 - Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
CVE ID : CVE-2025-55238
Published : Sept. 4, 2025, 11:15 p.m. | 3 hours, 51 minutes ago
Description : Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55238
Published : Sept. 4, 2025, 11:15 p.m. | 3 hours, 51 minutes ago
Description : Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55241 - Azure Entra Elevation of Privilege Vulnerability
CVE ID : CVE-2025-55241
Published : Sept. 4, 2025, 11:15 p.m. | 3 hours, 51 minutes ago
Description : Azure Entra Elevation of Privilege Vulnerability
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55241
Published : Sept. 4, 2025, 11:15 p.m. | 3 hours, 51 minutes ago
Description : Azure Entra Elevation of Privilege Vulnerability
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55242 - Xbox Certification Bug Copilot Djando Information Disclosure Vulnerability
CVE ID : CVE-2025-55242
Published : Sept. 4, 2025, 11:15 p.m. | 3 hours, 51 minutes ago
Description : Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55242
Published : Sept. 4, 2025, 11:15 p.m. | 3 hours, 51 minutes ago
Description : Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55244 - Azure Bot Service Elevation of Privilege Vulnerability
CVE ID : CVE-2025-55244
Published : Sept. 4, 2025, 11:15 p.m. | 3 hours, 51 minutes ago
Description : Azure Bot Service Elevation of Privilege Vulnerability
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55244
Published : Sept. 4, 2025, 11:15 p.m. | 3 hours, 51 minutes ago
Description : Azure Bot Service Elevation of Privilege Vulnerability
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55305 - Electron is vulnerable to Code Injection via resource modification
CVE ID : CVE-2025-55305
Published : Sept. 4, 2025, 11:15 p.m. | 3 hours, 51 minutes ago
Description : Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions below 35.7.5, 36.0.0-alpha.1 through 36.8.0, 37.0.0-alpha.1 through 37.3.1 and 38.0.0-alpha.1 through 38.0.0-beta.6, ASAR Integrity Bypass via resource modification. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is fixed in versions 35.7.5, 36.8.1, 37.3.1 and 38.0.0-beta.6.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55305
Published : Sept. 4, 2025, 11:15 p.m. | 3 hours, 51 minutes ago
Description : Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions below 35.7.5, 36.0.0-alpha.1 through 36.8.0, 37.0.0-alpha.1 through 37.3.1 and 38.0.0-alpha.1 through 38.0.0-beta.6, ASAR Integrity Bypass via resource modification. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is fixed in versions 35.7.5, 36.8.1, 37.3.1 and 38.0.0-beta.6.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55739 - api: Shared OAuth Signing Key Between Different Instances
CVE ID : CVE-2025-55739
Published : Sept. 5, 2025, 12:15 a.m. | 2 hours, 51 minutes ago
Description : api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that installed the same FreePBX RPM or DEB package. An attacker with access to the shared OAuth private key could forge JWT tokens, bypass authentication, and potentially gain full access to both REST and GraphQL APIs. Systems with the "api" module enabled, configured and previously activated by an administrator for remote inbound connections may be affected. This issue is fixed in versions 15.0.13, 16.0.15 and 17.0.3.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55739
Published : Sept. 5, 2025, 12:15 a.m. | 2 hours, 51 minutes ago
Description : api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that installed the same FreePBX RPM or DEB package. An attacker with access to the shared OAuth private key could forge JWT tokens, bypass authentication, and potentially gain full access to both REST and GraphQL APIs. Systems with the "api" module enabled, configured and previously activated by an administrator for remote inbound connections may be affected. This issue is fixed in versions 15.0.13, 16.0.15 and 17.0.3.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...