Total
34460 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36127 | 1 Apache | 1 Skywalking Nodejs Agent | 2025-12-10 | N/A | 7.5 HIGH |
| A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection. | |||||
| CVE-2025-48633 | 1 Google | 1 Android | 2025-12-10 | N/A | 5.5 MEDIUM |
| In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32328 | 1 Google | 1 Android | 2025-12-09 | N/A | 7.8 HIGH |
| In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32329 | 1 Google | 1 Android | 2025-12-09 | N/A | 7.8 HIGH |
| In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48565 | 1 Google | 1 Android | 2025-12-09 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to bypass the cross profile intent filter due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48588 | 1 Google | 1 Android | 2025-12-09 | N/A | 7.8 HIGH |
| In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-66324 | 1 Huawei | 1 Harmonyos | 2025-12-09 | N/A | 8.4 HIGH |
| Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity. | |||||
| CVE-2025-58279 | 1 Huawei | 1 Harmonyos | 2025-12-09 | N/A | 4.4 MEDIUM |
| Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-66325 | 1 Huawei | 2 Emui, Harmonyos | 2025-12-09 | N/A | 6.2 MEDIUM |
| Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-66329 | 1 Huawei | 2 Emui, Harmonyos | 2025-12-09 | N/A | 4.0 MEDIUM |
| Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-66557 | 1 Nextcloud | 1 Deck | 2025-12-09 | N/A | 5.4 MEDIUM |
| Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This vulnerability is fixed in 1.14.6 and 1.15.2. | |||||
| CVE-2025-48627 | 1 Google | 1 Android | 2025-12-08 | N/A | 7.8 HIGH |
| In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48626 | 1 Google | 1 Android | 2025-12-08 | N/A | 9.8 CRITICAL |
| In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48620 | 1 Google | 1 Android | 2025-12-08 | N/A | 7.8 HIGH |
| In onSomePackagesChanged of VoiceInteractionManagerService.java, there is a possible way for a third party application's component name to persist even after uninstalling due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48610 | 1 Google | 1 Android | 2025-12-08 | N/A | 5.5 MEDIUM |
| In __pkvm_guest_relinquish_to_host of mem_protect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48607 | 1 Google | 1 Android | 2025-12-08 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible way to create a large amount of app ops due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48606 | 1 Google | 1 Android | 2025-12-08 | N/A | 7.8 HIGH |
| In preparePackage of InstallPackageHelper.java, there is a possible way for an app to appear hidden upon installation without a mechanism to uninstall it due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48639 | 1 Google | 1 Android | 2025-12-08 | N/A | 7.3 HIGH |
| In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-48632 | 1 Google | 1 Android | 2025-12-08 | N/A | 7.8 HIGH |
| In setDisplayName of AssociationRequest.java, there is a possible way to cause CDM associations to persist after the user has disassociated them due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-13639 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-12-08 | N/A | 8.1 HIGH |
| Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low) | |||||