CVE Notify
19.1K subscribers
4 photos
182K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2024-35648
Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery.

This issue affects Emergency Password Reset: from n/a through 8.0.

🎖@cveNotify
🚨 CVE-2024-37210
Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects AliNext: from n/a through 3.3.5.

🎖@cveNotify
🚨 CVE-2024-37496
Missing Authorization vulnerability in Rara Themes Metro Magazine allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Metro Magazine: from n/a through 1.3.7.

🎖@cveNotify
🚨 CVE-2025-31013
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS.

This issue affects Themify Folo: from n/a through 1.9.6.

🎖@cveNotify
🚨 CVE-2025-48571
In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

🎖@cveNotify
🚨 CVE-2025-48617
In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

🎖@cveNotify
🚨 CVE-2025-48640
In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

🎖@cveNotify
🚨 CVE-2025-48643
In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

🎖@cveNotify