Total
399 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48531 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
|
In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-26439 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
|
In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-48534 | 1 Google | 1 Android | 2025-09-05 | N/A | 8.8 HIGH |
|
In getDefaultCBRPackageName of CellBroadcastHandler.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-48554 | 1 Google | 1 Android | 2025-09-05 | N/A | 6.1 MEDIUM |
|
In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
|
|||||
| CVE-2025-26431 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
|
In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-36898 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
|
There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-36905 | 1 Google | 1 Android | 2025-09-05 | N/A | 7.8 HIGH |
|
In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-49720 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.8 HIGH |
|
In multiple functions of Permissions.java, there is a possible way to override the state of the user's location permissions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-22427 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.3 HIGH |
|
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
|
|||||
| CVE-2025-22429 | 1 Google | 1 Android | 2025-09-04 | N/A | 9.8 CRITICAL |
|
In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-22431 | 1 Google | 1 Android | 2025-09-04 | N/A | 5.5 MEDIUM |
|
In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. This could lead to local denial of service until the phone reboots with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-22433 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.8 HIGH |
|
In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-22434 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.8 HIGH |
|
In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-22437 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.8 HIGH |
|
In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-9866 | 1 Google | 1 Chrome | 2025-09-04 | N/A | 8.8 HIGH |
|
Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2018-10631 | 1 Medtronic | 4 N\'vision 8840, N\'vision 8840 Firmware, N\'vision 8870 and 1 more | 2025-08-26 | 4.6 MEDIUM | 6.3 MEDIUM |
|
The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer.
|
|||||
| CVE-2025-54143 | 1 Mozilla | 1 Firefox | 2025-08-21 | N/A | 9.8 CRITICAL |
|
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS < 141.
|
|||||
| CVE-2025-24835 | 2025-08-13 | N/A | 6.5 MEDIUM | ||
|
Protection mechanism failure in the Intel(R) Graphics Driver for the Intel(R) Arc(TM) B-Series graphics before version 32.0.101.6737 may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2025-24523 | 2025-08-13 | N/A | 3.5 LOW | ||
|
Protection mechanism failure for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access.
|
|||||
| CVE-2025-3770 | 2025-08-07 | N/A | 7.0 HIGH | ||
|
EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.
|
|||||
| CVE-2025-8656 | 1 Jvckenwood | 2 Dmx958xr, Dmx958xr Firmware | 2025-08-07 | N/A | 6.8 MEDIUM |
|
Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows physically present attackers to downgrade software on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the libSystemLib library. The issue results from the lack of proper validation of version information before performing an update. An attacker can leverage this in conjunction with other vulner ...
Show More |
|||||
| CVE-2024-24562 | 1 Vantage6 | 1 Vantage6-ui | 2025-08-06 | N/A | 5.4 MEDIUM |
|
vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx.
|
|||||
| CVE-2025-27700 | 1 Google | 1 Android | 2025-07-24 | N/A | 8.4 HIGH |
|
There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2017-3893 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-07-22 | 6.4 MEDIUM | 1.9 LOW |
|
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks.
|
|||||
| CVE-2025-49740 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-17 | N/A | 8.8 HIGH |
|
Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.
|
|||||
| CVE-2025-48800 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-15 | N/A | 6.8 MEDIUM |
|
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
|
|||||
| CVE-2025-48003 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-15 | N/A | 6.8 MEDIUM |
|
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
|
|||||
| CVE-2025-46358 | 2025-07-15 | N/A | 7.7 HIGH | ||
|
Emerson ValveLink products
do not use or incorrectly uses a protection mechanism that provides
sufficient defense against directed attacks against the product.
|
|||||
| CVE-2025-6427 | 1 Mozilla | 1 Firefox | 2025-07-14 | N/A | 9.1 CRITICAL |
|
An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird < 140.
|
|||||
| CVE-2025-47984 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-14 | N/A | 7.5 HIGH |
|
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
|
|||||
| CVE-2025-47159 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-14 | N/A | 7.8 HIGH |
|
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-32725 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-07-10 | N/A | 7.5 HIGH |
|
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
|
|||||
| CVE-2025-33050 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-07-10 | N/A | 7.5 HIGH |
|
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
|
|||||
| CVE-2025-47160 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-09 | N/A | 5.4 MEDIUM |
|
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
|
|||||
| CVE-2025-27472 | 1 Microsoft | 2 Windows 10 1507, Windows Server 2012 | 2025-07-08 | N/A | 5.4 MEDIUM |
|
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.
|
|||||
| CVE-2025-21384 | 1 Microsoft | 1 Azure Health Bot | 2025-07-08 | N/A | 8.3 HIGH |
|
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
|
|||||
| CVE-2025-41224 | 2025-07-08 | N/A | 8.8 HIGH | ||
|
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.10.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.10.0 ...
Show More |
|||||
| CVE-2025-24061 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-03 | N/A | 7.8 HIGH |
|
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.
|
|||||
| CVE-2025-21346 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-01 | N/A | 7.1 HIGH |
|
Microsoft Office Security Feature Bypass Vulnerability
|
|||||
| CVE-2024-30370 | 1 Rarlab | 1 Winrar | 2025-06-20 | N/A | 4.3 MEDIUM |
|
RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action on a malicious page.
The specific flaw exists within the archive extraction functionality. A crafted archive entry can cause the creation of an arbitrary file without the Mark-Of-The-Web. An attacker ...
Show More |
|||||