Total
33519 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8348 | 1 Kehua | 1 Charging Pile Cloud Platform | 2025-09-12 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in Kehua Charging Pile Cloud Platform 1.0 and classified as critical. This vulnerability affects unknown code of the file /home. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9134 | 1 Aftership | 1 Aftership Package Tracker | 2025-09-12 | 4.3 MEDIUM | 5.3 MEDIUM |
| A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure and replied: "After reviewing your report, we have confirmed that this vulnerability does indeed exist and we are actively working to fix it." | |||||
| CVE-2025-21033 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 4.0 MEDIUM |
| Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information. | |||||
| CVE-2025-21032 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 5.9 MEDIUM |
| Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions. | |||||
| CVE-2025-21029 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 4.0 MEDIUM |
| Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display. | |||||
| CVE-2025-21028 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 5.5 MEDIUM |
| Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items. | |||||
| CVE-2025-21026 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 4.0 MEDIUM |
| Improper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the call. | |||||
| CVE-2025-21025 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 5.1 MEDIUM |
| Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background execution management. | |||||
| CVE-2025-5387 | 1 Huayi-tec | 1 Jeewms | 2025-09-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in JeeWMS up to 20250504. Affected is the function dogenerate of the file /generateController.do?dogenerate of the component File Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | |||||
| CVE-2025-5389 | 1 Huayi-tec | 1 Jeewms | 2025-09-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the file /generateController.do?dogenerateOne2Many of the component File Handler. The manipulation leads to improper access controls. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | |||||
| CVE-2025-5390 | 1 Huayi-tec | 1 Jeewms | 2025-09-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedeal of the file /systemController/filedeal.do of the component File Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | |||||
| CVE-2025-9093 | 1 Buzzfeed | 1 Buzzfeed | 2025-09-11 | 4.3 MEDIUM | 5.3 MEDIUM |
| A security vulnerability has been detected in BuzzFeed App 2024.9 on Android. This affects an unknown part of the file AndroidManifest.xml of the component com.buzzfeed.android. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9102 | 1 Mail | 1 Mail.com | 2025-09-11 | 4.3 MEDIUM | 5.3 MEDIUM |
| A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9139 | 1 Scada-lts | 1 Scada-lts | 2025-09-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor explains: "[T]he risks of indicated vulnerabilities seem to be minimal as all scenarios likely require admin permissions. Moreover, regardless our team fixes those vulnerabilities - the overall risk change to the user due to malicious admin actions will not be lower." | |||||
| CVE-2025-58276 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-11 | N/A | 6.8 MEDIUM |
| Permission verification vulnerability in the home screen module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-58445 | 1 Runatlantis | 1 Atlantis | 2025-09-10 | N/A | 7.5 HIGH |
| Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix. | |||||
| CVE-2025-57808 | 1 Esphome | 1 Esphome Firmware | 2025-09-10 | N/A | 8.1 HIGH |
| ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's web_server authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value. This allows access to web_server functionality (including OTA, if enabled) without knowing any information about the correct username or password. This issue has been patched in version 2025.8.1. | |||||
| CVE-2025-55238 | 1 Microsoft | 1 Dynamics 365 | 2025-09-10 | N/A | 7.5 HIGH |
| Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability | |||||
| CVE-2025-53791 | 1 Microsoft | 1 Edge Chromium | 2025-09-10 | N/A | 4.7 MEDIUM |
| Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | |||||
| CVE-2025-53781 | 1 Microsoft | 22 Dcadsv5-series Azure Vm, Dcadsv5-series Azure Vm Firmware, Dcasv5-series Azure Vm and 19 more | 2025-09-10 | N/A | 7.7 HIGH |
| Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. | |||||