CVE Notify
19.1K subscribers
4 photos
182K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2025-31013
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS.

This issue affects Themify Folo: from n/a through 1.9.6.

🎖@cveNotify
🚨 CVE-2025-48571
In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

🎖@cveNotify
🚨 CVE-2025-48617
In overrideConfig of CarrierConfigLoader.java, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

🎖@cveNotify
🚨 CVE-2025-48640
In multiple locations, there is a possible 3rd party passkey entry pairing approval due to a missing permission check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

🎖@cveNotify
🚨 CVE-2025-48643
In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

🎖@cveNotify