Latest CVE Feed
-
6.4
MEDIUMCVE-2025-9378
The Vayu Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attributes in the Lottie block in all versions up to, and including, 1.3.9 due to insufficient input sanitization and out... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-8663
Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.0.0 before 5.2.12.... Read more
Affected Products : upkeeper_manager- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-58210
Missing Authorization vulnerability in ThemeMove Makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through 1.8.5.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2024-32444
Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation.This issue affects RealHomes: from n/a through 4.3.6.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
3.7
LOWCVE-2025-58272
Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page created by an attacker, the settings of the product may be unintentionally changed.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.2
MEDIUMCVE-2025-21041
Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Information Disclosure
-
5.1
MEDIUMCVE-2025-21040
Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.... Read more
Affected Products : s_assistant- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authentication
-
5.1
MEDIUMCVE-2025-21039
Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.... Read more
Affected Products : s_assistant- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
5.1
MEDIUMCVE-2025-21038
Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.... Read more
Affected Products : s_assistant- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
4.1
MEDIUMCVE-2025-21037
Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. User interaction is required for triggering this vulnerability.... Read more
Affected Products : notes- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
5.0
MEDIUMCVE-2025-21036
Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability.... Read more
Affected Products : notes- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
4.6
MEDIUMCVE-2025-21035
Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles.... Read more
Affected Products : calendar- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
4.0
MEDIUMCVE-2025-21034
Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Memory Corruption
-
4.0
MEDIUMCVE-2025-21033
Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-21032
Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
6.8
MEDIUMCVE-2025-21031
Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-21030
Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
4.0
MEDIUMCVE-2025-21029
Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-21028
Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
5.1
MEDIUMCVE-2025-21027
Improper verification of intent by broadcast receiver in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to temporarily disable the SIM.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Misconfiguration