Total
33892 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48627 | 1 Google | 1 Android | 2025-12-08 | N/A | 7.8 HIGH |
| In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48626 | 1 Google | 1 Android | 2025-12-08 | N/A | 9.8 CRITICAL |
| In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48620 | 1 Google | 1 Android | 2025-12-08 | N/A | 7.8 HIGH |
| In onSomePackagesChanged of VoiceInteractionManagerService.java, there is a possible way for a third party application's component name to persist even after uninstalling due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48610 | 1 Google | 1 Android | 2025-12-08 | N/A | 5.5 MEDIUM |
| In __pkvm_guest_relinquish_to_host of mem_protect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48607 | 1 Google | 1 Android | 2025-12-08 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible way to create a large amount of app ops due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48606 | 1 Google | 1 Android | 2025-12-08 | N/A | 7.8 HIGH |
| In preparePackage of InstallPackageHelper.java, there is a possible way for an app to appear hidden upon installation without a mechanism to uninstall it due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48639 | 1 Google | 1 Android | 2025-12-08 | N/A | 7.3 HIGH |
| In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-48632 | 1 Google | 1 Android | 2025-12-08 | N/A | 7.8 HIGH |
| In setDisplayName of AssociationRequest.java, there is a possible way to cause CDM associations to persist after the user has disassociated them due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-13639 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-12-08 | N/A | 8.1 HIGH |
| Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-66330 | 1 Huawei | 1 Harmonyos | 2025-12-08 | N/A | 4.9 MEDIUM |
| App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-66331 | 1 Huawei | 1 Harmonyos | 2025-12-08 | N/A | 3.3 LOW |
| Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-66332 | 1 Huawei | 1 Harmonyos | 2025-12-08 | N/A | 3.3 LOW |
| Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-66333 | 1 Huawei | 1 Harmonyos | 2025-12-08 | N/A | 3.3 LOW |
| Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-59704 | 1 Entrust | 10 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc Base and 7 more | 2025-12-08 | N/A | 4.6 MEDIUM |
| Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an attacker to gain access the the BIOS menu because is has no password. | |||||
| CVE-2025-66334 | 1 Huawei | 1 Harmonyos | 2025-12-08 | N/A | 3.3 LOW |
| Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-21022 | 1 Samsung | 1 Galaxy Wearable | 2025-12-08 | N/A | 3.3 LOW |
| Improper access control in Galaxy Wearable prior to version 2.2.63.25042861 allows local attackers to access sensitive information. | |||||
| CVE-2024-12426 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2025-12-08 | N/A | 6.5 MEDIUM |
| Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links. This issue affects LibreOffice: from 24.8 before < 24.8.4. | |||||
| CVE-2025-13032 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2025-12-08 | N/A | 9.9 CRITICAL |
| Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via pool overflow. | |||||
| CVE-2023-40130 | 1 Google | 1 Android | 2025-12-08 | N/A | 7.8 HIGH |
| In notifyTimeout of CallRedirectionProcessor, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-48194 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 9.8 CRITICAL |
| Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing set_client_qos, control over the gp register can be obtained. | |||||