The Post SMTP plugin for WordPress has a vulnerability that allows authenticated users with Subscriber-level access or higher to modify data without proper authorization, specifically enabling pro extensions.
This vulnerability is a problem because it allows low-privilege users to access and enable features that should only be available to administrators, potentially leading to unauthorized changes and security breaches.
The CVE-2025-2415 vulnerability allows an attacker to bypass authentication in Akinsoft MyRezzta due to improper restrictions on excessive authentication attempts, potentially granting unauthorized access to the system.
This vulnerability is a problem because it enables attackers to gain access to the system without a valid username and password, which can lead to unauthorized data access, modification, or deletion, and potentially compromise the security and integrity of the system.
The CVE-2025-1740 vulnerability allows attackers to bypass authentication, recover passwords, and perform brute force attacks on Akinsoft MyRezzta due to improper restrictions on excessive authentication attempts.
This vulnerability is a problem because it enables unauthorized access to sensitive information and systems, potentially leading to data breaches, system compromise, and other malicious activities, especially given its high severity score of 9.8.
The CVE-2024-43115 vulnerability allows an authenticated user to execute any shell script on the server by exploiting an improper input validation flaw in Apache DolphinScheduler.
This vulnerability is a problem because it enables malicious users who have authentication credentials to run arbitrary shell scripts, potentially leading to unauthorized access, data breaches, or disruption of services.
The CVE-2024-13065 vulnerability allows an attacker to manipulate input data in Akinsoft MyRezzta, causing uncontrolled resource consumption due to improper enforcement of behavioral workflow, which can lead to a flooding attack.
This vulnerability is a problem because it enables an attacker to overwhelm the system with excessive requests or data, potentially causing it to become unresponsive, crash, or exhaust its resources, ultimately disrupting the service and causing downtime.
The CVE-2024-13064 vulnerability allows an attacker to inject malicious code into web pages generated by Akinsoft MyRezzta, enabling Cross-Site Scripting (XSS) attacks. This occurs due to the improper neutralization of input during web page generation.
This vulnerability is a problem because it enables attackers to execute malicious scripts on users' browsers, potentially leading to unauthorized access, data theft, or other malicious activities. It affects versions of MyRezzta from s2.02.02 before v2.05.01, putting users of these versions at risk.
The CVE-2024-13063 vulnerability allows unauthorized access to sensitive information in Akinsoft MyRezzta by bypassing authorization controls through a user-controlled key, enabling forceful browsing of restricted areas.
This vulnerability is a problem because it permits unauthorized users to access and potentially manipulate sensitive data, which could lead to security breaches, data loss, or other malicious activities, compromising the confidentiality and integrity of the system.
The mikecao/flight PHP framework (versions prior to v1.2) automatically reads the entire request body for every HTTP request, making it vulnerable to Denial of Service (DoS) attacks where an attacker can send large payloads to consume excessive server memory.
This vulnerability is a problem because it allows attackers to exhaust the server's memory by sending requests with large payloads, potentially causing the application to crash or become unavailable, disrupting service and impacting users.
The CVE-2025-9817 vulnerability causes the SSH dissector in Wireshark versions 4.4.0 to 4.4.8 to crash, leading to a denial of service.
This vulnerability is a problem because it allows an attacker to intentionally crash the SSH dissector, disrupting the normal functioning of Wireshark and potentially causing network analysis and troubleshooting issues, which can lead to downtime and security risks.
The Vayu Blocks WordPress plugin has a vulnerability that allows attackers to inject malicious scripts into website pages through the Lottie block, which can then execute when a user visits the page.
This vulnerability is a problem because it enables authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts, potentially leading to unauthorized actions, data theft, or other malicious activities on the website.
The CVE-2025-8663 vulnerability allows sensitive information to be inserted into log files in upKeeper Manager, specifically enabling the use of known domain credentials.
This vulnerability is a problem because it potentially exposes sensitive information, including domain credentials, which could be used by unauthorized parties to gain access to the system, compromising its security and integrity.
The CVE-2025-58210 vulnerability allows unauthorized access to the ThemeMove Makeaholic system due to missing authorization, enabling exploitation of incorrectly configured access control security levels in versions 1.8.5 and below.
This vulnerability is a problem because it can allow malicious users to bypass security controls and access sensitive areas of the system, potentially leading to data breaches, unauthorized modifications, or other harmful activities.
The CVE-2024-32444 vulnerability allows an attacker to escalate their privileges in the InspiryThemes RealHomes platform due to an incorrect assignment of privileges, potentially giving them unauthorized access to sensitive features and data.
This vulnerability is a significant problem because it enables attackers to gain higher levels of access than they should have, which can lead to unauthorized data modification, deletion, or theft, compromising the security and integrity of the system and its users.
This vulnerability allows an attacker to trick a logged-in user into unintentionally changing the settings of Web Caster V130 versions 1.08 and earlier by viewing a malicious webpage.
This is a problem because it enables attackers to modify the product's settings without the user's knowledge or consent, potentially leading to unauthorized access or disruptions to the system.
The CVE-2025-21041 vulnerability allows local attackers to access sensitive information stored in the Secure Folder on Android devices prior to version 16, due to insecure storage practices.
This vulnerability is a problem because it enables unauthorized access to sensitive information, which can lead to data breaches, identity theft, and other malicious activities, compromising the confidentiality and security of the affected device and its user.
This vulnerability allows a local attacker to modify itinerary information in the S Assistant app due to improper verification of intent by the ExternalBroadcastReceiver, affecting versions prior to 9.3.2.
This vulnerability is a problem because it enables unauthorized changes to sensitive information, potentially leading to disruptions or misuse of personal data, which can cause inconvenience, financial loss, or compromise personal security.
The CVE-2025-21039 vulnerability allows a local attacker to modify itinerary information in the S Assistant due to improper verification of intent by the SystemExceptionalBroadcastReceiver, but only in versions prior to 9.3.2.
This vulnerability is a problem because it enables unauthorized changes to sensitive itinerary information, potentially leading to disruptions, privacy issues, or other malicious activities.
This vulnerability allows a local attacker to modify itinerary information on a device by exploiting a flaw in the Samsung S Assistant's broadcast receiver, which fails to properly verify the intent of incoming requests, but only affects versions prior to 9.3.2.
This vulnerability is a problem because it enables unauthorized changes to sensitive personal data, such as travel plans, which could lead to privacy breaches, confusion, or even financial losses if the modified information is relied upon for important decisions.
This vulnerability allows an attacker with physical access to a device to access data from multiple user profiles in Samsung Notes, but only if the user interacts with the device in a specific way, and it affects versions prior to 4.4.30.63.
This is a problem because it compromises the privacy and security of user data, especially in shared devices or devices used by multiple individuals, as it enables unauthorized access to sensitive information across different profiles.
The CVE-2025-21036 vulnerability allows attackers with local privileged access to improperly access note files that have been exported from Samsung Notes, but only if the user interacts with the system in a specific way, and this issue exists in Samsung Notes versions prior to 4.4.30.63.
This vulnerability is a problem because it compromises the privacy and security of sensitive information stored in note files, potentially leading to unauthorized access or data theft, especially since it can be exploited by local attackers who already have some level of access to the system.
The Samsung Calendar app has a vulnerability that allows someone with physical access to a device to access calendar data from multiple user profiles, even if they shouldn't have permission to do so.
This vulnerability is a problem because it could allow someone to access sensitive information, such as appointments, meetings, and personal notes, without the owner's knowledge or consent, potentially leading to privacy violations or other security issues.
The CVE-2025-21034 vulnerability allows a local attacker to write data outside the intended boundaries of the libsavsvc.so library, potentially enabling them to execute arbitrary code on the system.
This vulnerability is a problem because it could allow an attacker to gain control of a system, leading to unauthorized access, data theft, or other malicious activities, by exploiting the out-of-bounds write capability to execute malicious code.
This vulnerability allows local attackers to bypass access controls in the ContactProvider, giving them unauthorized access to sensitive information on devices running versions prior to the SMR Sep-2025 Release 1.
This is a problem because it enables attackers with local access to the device to view or exploit sensitive data that should be restricted, potentially leading to privacy violations or further malicious activities.
This vulnerability allows physical attackers to bypass Kiosk mode on devices running One UI Home, under specific limited conditions, due to improper access control.
This is a problem because Kiosk mode is a security feature designed to restrict access to certain functions or apps on a device, and bypassing it could give an attacker unauthorized access to sensitive information or allow them to perform malicious actions.
The CVE-2025-21031 vulnerability allows local attackers to access and use privileged APIs in the ImsService due to improper access control, but only in versions prior to the SMR Sep-2025 Release 1.
This vulnerability is a problem because it enables local attackers to gain unauthorized access to sensitive features and data, potentially leading to malicious activities such as data theft, tampering, or disruption of services.
This vulnerability allows a local attacker to execute any application in the background without proper permission checks, due to improper handling of insufficient permissions in the AppPrelaunchManagerService on certain Chinese Android 15 devices.
This vulnerability is a problem because it enables unauthorized execution of applications, potentially leading to malicious activities such as data theft, unauthorized access, or other harmful actions, all without the user's knowledge or consent.
This vulnerability allows a local attacker to send arbitrary replies to messages displayed on the cover screen of a device, due to the System UI's improper handling of insufficient permissions.
This vulnerability is a problem because it enables unauthorized access and manipulation of personal messages, potentially leading to privacy breaches, misinformation, or unwanted interactions.
The CVE-2025-21028 vulnerability allows local attackers with privileged access to reuse trial items in the ThemeManager due to improper privilege management, affecting versions prior to the SMR Sep-2025 Release 1.
This vulnerability is a problem because it enables attackers to exploit trial items beyond their intended usage period, potentially leading to unauthorized access to premium features or data, which could compromise system security and integrity.
This vulnerability allows a local attacker to temporarily disable the SIM card in a device by exploiting a flaw in the ImsService broadcast receiver, which fails to properly verify intent.
This vulnerability is a problem because it enables an attacker with local access to the device to disrupt cellular service, potentially causing loss of connectivity and communication capabilities, which could have significant consequences for both personal and professional activities.
This vulnerability allows a local attacker to interrupt an ongoing call due to improper handling of insufficient permissions in the ImsService.
This vulnerability is a problem because it enables unauthorized individuals to disrupt phone calls, potentially causing inconvenience, data loss, or security breaches, especially in sensitive or high-stakes communications.
The CVE-2025-21025 vulnerability allows local attackers to bypass restrictions on background execution management due to improper access control in the MARsExemptionManager, affecting systems prior to the SMR Sep-2025 Release 1.
This vulnerability is a problem because it enables malicious actors to execute background tasks without being detected or managed, potentially leading to unauthorized access, data breaches, or other malicious activities.
The Sticky Side Buttons WordPress plugin has a vulnerability that allows high-privilege users, such as admins, to inject malicious code into the website's settings, potentially leading to Stored Cross-Site Scripting (XSS) attacks.
This vulnerability is a problem because it enables attackers to inject malicious scripts into the website, which can then be executed by other users, potentially stealing their data, taking control of their accounts, or performing other malicious actions, even in environments where such capabilities are supposed to be restricted.
The CVE-2023-21483 vulnerability allows a local attacker to access protected data in the Galaxy Store due to improper access control, by utilizing an exported service in versions prior to 4.5.53.6.
This vulnerability is a problem because it enables unauthorized access to sensitive information, potentially leading to data breaches or other malicious activities, which can compromise user privacy and security.
This vulnerability allows an attacker with physical access to a device to install packages from the Galaxy store before the device's setup process is complete, bypassing normal security measures.
This is a problem because it enables unauthorized access and potential malware installation on a device, even before the owner has a chance to secure it, potentially leading to data breaches, spyware, or other malicious activities.
The CVE-2023-21481 vulnerability allows remote attackers to exploit improper URL input validation in the Samsung Account application, potentially giving them access to sensitive information.
This vulnerability is a problem because it enables unauthorized access to sensitive information, which could lead to data breaches, identity theft, or other malicious activities, compromising user privacy and security.
This vulnerability allows local attackers to perform privileged activities on systems running CertByte prior to the SMR Apr-2023 Release 1, due to improper input validation.
This vulnerability is a problem because it enables attackers with local access to gain elevated privileges, potentially leading to unauthorized access, data tampering, or system compromise, which can have severe security consequences.
This vulnerability allows unauthorized access to the "Smart suggestions" feature in Android 12 and 13, enabling remote attackers to register a schedule without proper authorization.
This vulnerability is a problem because it enables remote attackers to potentially disrupt or manipulate scheduled tasks, which could lead to unauthorized access or malicious activities on affected devices.
The CVE-2023-21478 vulnerability allows local attackers to access protected data due to improper input validation in the TIGERF trustlet, affecting versions prior to the SMR Apr-2023 Release 1.
This vulnerability is a problem because it enables unauthorized access to sensitive information, which could lead to data breaches, theft, or manipulation, potentially causing significant harm to individuals or organizations relying on the affected system.
This vulnerability allows a local attacker to access protected data by accessing a memory location after the end of a buffer in the TIGERF trustlet.
This is a problem because it enables unauthorized access to sensitive information, which could lead to data breaches, theft of confidential data, or other malicious activities, compromising the security and integrity of the system.
This vulnerability allows a local attacker to write data outside the boundaries of a specific library, potentially enabling them to execute arbitrary code on the affected system.
This is a problem because it could give an attacker the ability to run malicious code, leading to a takeover of the system, data theft, or other harmful activities, all originating from a local attack vector.
This vulnerability allows a local attacker to write data outside the boundaries of a buffer in the libaudiosaplus_sec.so library, which can lead to the execution of arbitrary code.
This is a problem because it enables an attacker to potentially gain control of a system, allowing them to install malware, steal sensitive information, or disrupt system operations, which can have serious security and privacy implications.
This vulnerability allows attackers to redirect intents in SecSettings, which can be used to access arbitrary files on the system with elevated privileges.
This is a problem because it enables attackers to gain unauthorized access to sensitive system files, potentially leading to data theft, modification, or other malicious activities, all while bypassing normal security restrictions.
This vulnerability allows an attacker with physical access to execute arbitrary code in the bootloader of a device using the Exynos Fastboot USB Interface, due to improper input validation.
This is a problem because it enables an attacker to gain control over the device's bootloader, potentially leading to unauthorized access, data theft, or installation of malicious software, which can compromise the security and integrity of the device.
This vulnerability allows an attacker with physical access to a device to execute arbitrary code in the bootloader through the Exynos Fastboot USB Interface, due to improper input validation.
This is a problem because it enables an attacker to potentially gain control over the device's bootloader, which could lead to unauthorized access, data theft, or the installation of malicious software, compromising the device's security and integrity.
The CVE-2023-21471 vulnerability allows attackers to access and read arbitrary files on a system using the SemClipboard feature, prior to the SMR Apr-2023 Release 1, due to improper access control.
This vulnerability is a problem because it enables unauthorized access to sensitive system files, potentially exposing confidential information and allowing malicious activities with system-level permissions.
This vulnerability allows a local attacker to access a device's location information by exploiting an improper access control flaw in SLocation, using a specific Samsung WiFi action.
This vulnerability is a problem because it enables unauthorized access to sensitive device location data, which could be used for malicious purposes such as tracking or stalking, compromising the user's privacy and security.
This vulnerability allows local attackers to access device location information on affected Samsung devices by exploiting an improper access control flaw in the SLocation feature, specifically using the com.samsung.android.wifi.GEOFENCE action.
This vulnerability is a problem because it enables unauthorized access to sensitive device location data, potentially compromising user privacy and security.
This vulnerability allows attackers to access files with higher permissions than they should have, due to a flaw in access control within the Telephony system.
This is a problem because it enables unauthorized users to view, modify, or delete sensitive files, potentially leading to data breaches, system compromise, or other malicious activities.
This vulnerability allows for the incorrect handling of unencrypted messages in Exynos baseband due to an error in the implementation of the 3GPP specification, affecting versions prior to the SMR Apr-2023 Release 1.
This vulnerability is a problem because it can potentially expose sensitive information that is supposed to be encrypted, allowing unauthorized access to confidential data, which could lead to security breaches and data theft.
This vulnerability allows a local attacker to hijack a PendingIntent in the CertificatePolicy component of the framework, enabling them to access a content provider without having the necessary permissions.
This is a problem because it allows unauthorized access to sensitive data and functionality, potentially leading to data breaches, privilege escalation, or other malicious activities, all of which can compromise the security and integrity of the affected system.
The PaperCut Print Deploy component has a vulnerability that occurs when a self-signed certificate is used without properly configuring the trust database on client devices, allowing for potential man-in-the-middle attacks during communication between clients and the server.
This vulnerability is a problem because it exposes the communication between clients and the server to interception and alteration by an attacker, potentially leading to unauthorized access or data theft.
The CVE-2025-58351 vulnerability allows a malicious payload to be uploaded as a file attachment in Outline versions 0.72.0 through 0.83.0, bypassing Content Security Policy (CSP) restrictions and enabling script execution within the context of another user when using local file system storage on the same domain.
This vulnerability is a problem because it enables attackers to execute malicious scripts within the context of another user, potentially leading to unauthorized access, data theft, or other malicious activities, especially in self-hosted environments where Outline is used with local file storage.
The CVE-2025-58176 vulnerability allows an attacker to execute arbitrary code on a victim's machine through a one-click Remote Code Execution exploit. This is triggered by a custom URL value in a JSON object, which launches the Dive application and processes the crafted URL when a victim visits a malicious website or clicks on a crafted link.
This vulnerability is a problem because it enables attackers to gain control over a victim's machine, potentially leading to data theft, malware installation, or other malicious activities, simply by tricking the victim into visiting a malicious website or clicking on a crafted link.
This CVE is a duplicate of another existing CVE and has been rejected.
It's not a problem as it doesn't introduce a new vulnerability, but rather is a redundant entry that can cause confusion in vulnerability tracking and management.
This CVE is a duplicate of another existing CVE, meaning it describes the same vulnerability as a previously reported one.
It's not a problem in itself since it's a duplicate, but it can cause confusion and redundancy in vulnerability tracking and management.
This CVE is a duplicate of another existing CVE and has been rejected.
It's not a problem as it doesn't introduce a new vulnerability, but rather is a redundant entry that can cause confusion in vulnerability tracking and management.
This CVE is a duplicate of another existing CVE, meaning it describes the same vulnerability as a previously reported one.
It's not a problem in itself since it's a duplicate, but it can cause confusion and inefficiency in vulnerability tracking and management.
This CVE is a duplicate of another existing CVE and does not represent a unique vulnerability.
It can cause confusion and unnecessary effort in tracking and addressing vulnerabilities, potentially leading to inefficiencies in cybersecurity management.
This CVE is a duplicate of another existing vulnerability, CVE-2025-58163, and does not represent a unique security issue.
It can cause confusion and unnecessary effort in tracking and addressing vulnerabilities, potentially leading to inefficiencies in cybersecurity management.
This CVE is a duplicate of another existing vulnerability, CVE-2025-58163, and does not represent a unique security issue.
It can cause confusion and unnecessary work in tracking and addressing vulnerabilities, potentially diverting attention from actual, distinct security threats.
This vulnerability allows an attacker to manipulate the ScriptAndTools Real Estate Management System, specifically the /admin/userlist.php file, which can lead to the execution of malicious code after a redirect, and can be done remotely.
This vulnerability is a problem because it enables remote attackers to potentially gain control of the system, execute arbitrary code, and access sensitive data, which can compromise the security and integrity of the system and its data.
The CVE-2025-9847 vulnerability allows an attacker to upload files without restrictions to the ScriptAndTools Real Estate Management System 1.0 by manipulating the "uimage" argument in the register.php file, which can be exploited remotely.
This vulnerability is a problem because it enables attackers to upload malicious files, such as viruses, malware, or backdoors, to the system, potentially leading to unauthorized access, data breaches, or disruption of services.
This vulnerability allows an attacker to manipulate file paths and access unauthorized data by exploiting an integer overflow during temporary file creation in the glib library, potentially enabling path traversal or access to private temporary file content.
This vulnerability is a problem because it enables a local attacker to access data they shouldn't have access to, which could lead to sensitive information disclosure or further exploitation of the system, highlighting the importance of proper input validation and secure temporary file handling.
The CVE-2025-58163 vulnerability in FreeScout, a help desk and shared inbox application, allows authenticated attackers to achieve remote code execution by deserializing malicious data. This is possible due to the lack of proper validation in the decryption process of certain parameters in the application's endpoint.
This vulnerability is a problem because it enables attackers with knowledge of the application's APP_KEY to execute arbitrary code on the server, potentially leading to unauthorized access, data breaches, and other malicious activities.
This vulnerability allows an attacker to manipulate specific arguments in the Fruit Shop Management System, such as product_code, gen_name, and product_name, which can lead to cross-site scripting (XSS) attacks, enabling the execution of malicious code on the system.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to inject malicious scripts into the system, potentially stealing user data, taking control of user sessions, or performing other malicious activities, which can compromise the security and integrity of the system.
The CVE-2025-9843 vulnerability allows an attacker to exploit a flaw in the Das Parking Management System, specifically in the /Operator/FindAll function, which can lead to the disclosure of sensitive information. This attack can be initiated remotely.
This vulnerability is a problem because it enables unauthorized access to potentially sensitive information, which could compromise the security and privacy of the parking management system's data. The fact that the exploit has been published increases the risk of attack, as malicious actors may use it to target vulnerable systems.
The Local Deep Research AI-powered research assistant stores sensitive information, such as API keys, in a local SQLite database without encrypting it, allowing unauthorized access to the data if the database file is accessed.
This vulnerability is a problem because it exposes confidential information to anyone with access to the container or host filesystem, potentially leading to data breaches and unauthorized use of sensitive data.
This vulnerability allows an attacker to disclose sensitive information in the Das Parking Management System version 6.2.0 by manipulating an unknown function in the /Operator/Search file, and this can be done remotely.
This vulnerability is a problem because it enables unauthorized access to potentially sensitive information, which could compromise the security and privacy of the parking management system's data, and since the exploit is public, attackers can easily use it to exploit the system.
This vulnerability allows an attacker to upload files without restrictions to the Mobile Shop Management System 1.0 by manipulating the ProductImage argument in the AddNewProduct.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to upload malicious files, such as backdoors or viruses, to the system, potentially leading to unauthorized access, data breaches, or disruption of service.
The Fluent Forms WordPress plugin has a vulnerability that allows attackers with Subscriber-level access or higher to inject malicious PHP objects into the system, potentially leading to the reading of arbitrary files or even remote code execution if certain server settings are enabled.
This vulnerability is a problem because it can be exploited by relatively low-privileged users to gain unauthorized access to sensitive files or execute malicious code, potentially leading to a full compromise of the WordPress installation and underlying server.
The CVE-2025-54588 vulnerability is a use-after-free (UAF) issue in Envoy's DNS cache, specifically in the Dynamic Forward Proxy implementation, which can cause abnormal process termination when a completion callback for a DNS resolution triggers new DNS resolutions or removes existing pending resolutions.
This vulnerability is a problem because it can lead to unexpected crashes and disruptions in service, potentially causing downtime and impacting the reliability of applications that rely on Envoy as a proxy and communication bus, especially in large, modern service-oriented architectures.
This vulnerability allows an attacker to inject malicious SQL code into the itsourcecode Sports Management System 1.0 by manipulating the "code" argument in the /Admin/gametype.php file, potentially giving them unauthorized access to sensitive database information.
This vulnerability is a problem because it can be exploited remotely, meaning an attacker doesn't need direct access to the system to carry out the attack. This could lead to unauthorized data access, modification, or deletion, compromising the security and integrity of the system.
The CVE-2025-9839 vulnerability allows an attacker to manipulate the "ID" argument in the /admin/modules/course/index.php file of the itsourcecode Student Information Management System 1.0, resulting in a SQL injection attack that can be exploited remotely.
This vulnerability is a problem because it enables attackers to inject malicious SQL code into the system, potentially allowing them to access, modify, or delete sensitive student information, disrupt system operations, or gain unauthorized access to the system.
The CVE-2025-9838 vulnerability allows an attacker to manipulate the "ID" argument in the /admin/modules/subject/index.php file of the itsourcecode Student Information Management System 1.0, leading to a SQL injection attack that can be launched remotely.
This vulnerability is a problem because it enables attackers to inject malicious SQL code into the system, potentially allowing them to access, modify, or delete sensitive student information, disrupt system operations, or gain unauthorized access to the system.
The CVE-2025-26416 vulnerability allows for a heap buffer overflow in the SkBmpStandardCodec.cpp file, which can lead to an out of bounds write, potentially enabling remote escalation of privilege without requiring any additional execution privileges or user interaction.
This vulnerability is a problem because it can be exploited remotely without needing user interaction, allowing an attacker to potentially gain elevated privileges and access sensitive information or take control of a system.
This vulnerability allows an attacker to install unauthorized applications into a newly created work profile on a device due to a race condition in the DevicePolicyManagerService, potentially leading to local escalation of privilege.
This is a problem because it enables an attacker to gain elevated privileges on a device without needing any additional execution privileges or user interaction, which could result in unauthorized access to sensitive data or system control.
This vulnerability allows an attacker to bypass storage restrictions between apps due to a missing permission check, potentially leading to local escalation of privilege without needing additional execution privileges, but requires user interaction to exploit.
This vulnerability is a problem because it could allow malicious apps to access sensitive data or perform actions that they should not be allowed to, potentially compromising the security and privacy of the user's device.
This vulnerability allows an attacker to potentially use freed memory, which can lead to local escalation of privilege, giving them elevated access to the system without needing any additional execution privileges.
This is a problem because it could allow an attacker to gain increased control over the system, potentially leading to unauthorized access, data theft, or other malicious activities, all without requiring any user interaction.
This vulnerability allows an attacker to launch arbitrary activities from the background due to a logic error in the code, potentially leading to local escalation of privilege without needing additional execution privileges.
This is a problem because it enables unauthorized access and control over a device, allowing malicious activities to be performed without the user's knowledge or interaction, which can lead to sensitive data exposure, unauthorized changes, or other harmful actions.
This vulnerability causes memory corruption due to type confusion in the avdt_msg_ind function, which can lead to privilege escalation on paired devices without requiring any additional execution privileges or user interaction.
This vulnerability is a problem because it allows attackers to gain elevated privileges on paired devices, potentially giving them access to sensitive information or allowing them to perform malicious actions without needing any further exploitation or user input.
This vulnerability allows an attacker to bypass the lock screen on a device due to a logic error in the code, potentially leading to local escalation of privilege without needing any additional execution privileges.
This vulnerability is a problem because it could allow unauthorized access to a device, even if the screen is locked, which can lead to sensitive information being compromised or malicious activities being performed without the user's knowledge.
This vulnerability allows an attacker to bypass the cross-profile intent filter, which is commonly used in Work Profile scenarios, due to a logic error in the code, potentially leading to local escalation of privilege.
This is a problem because it could allow an attacker to gain elevated privileges on a device without needing any additional execution privileges, and it can be exploited without requiring any user interaction, making it a significant security risk.
This vulnerability allows a malicious app to prevent a phone from dialing emergency services under certain conditions due to a logic error in the code, leading to a local denial of service that persists until the phone is rebooted.
This vulnerability is a problem because it could prevent users from calling emergency services in critical situations, potentially putting them at risk, and the issue can be triggered without any user interaction, making it a significant concern for phone security.
This vulnerability allows access to sensitive information due to a missing permission check in the isInSignificantPlace function of multiple files, potentially leading to local information disclosure without requiring additional execution privileges or user interaction.
This vulnerability is a problem because it could allow unauthorized access to sensitive information, which could compromise user privacy and security, potentially leading to further exploits or data breaches.
This vulnerability allows an attacker to execute arbitrary code due to a logic error in the code, potentially leading to local escalation of privilege without needing any additional execution privileges, and it does not require user interaction to be exploited.
This vulnerability is a problem because it could enable an attacker to gain elevated access and control over a system, allowing them to perform malicious actions without being detected, which could lead to data breaches, system compromises, and other security threats.
The CVE-2025-22428 vulnerability allows an app to be granted permissions on a secondary user account from a primary user account due to a logic error in the code, potentially leading to local escalation of privilege.
This vulnerability is a problem because it enables unauthorized access and elevation of privileges on a device without requiring additional execution privileges or user interaction, which could result in sensitive data exposure or malicious activities.
This vulnerability allows an attacker to bypass the lock screen and gain access to notifications, potentially leading to a local escalation of privilege, due to a logic error in the NotificationAccessConfirmationActivity.java code.
This vulnerability is a problem because it could allow an unauthorized user to access sensitive information, such as notifications, even when the device is locked, potentially leading to data theft or other malicious activities, all without needing any additional execution privileges.
The CVE-2025-22423 vulnerability allows an attacker to crash the image renderer due to a missing bounds check in the ParseTag function of dng_ifd.cpp, potentially leading to a remote denial of service.
This vulnerability is a problem because it enables an attacker to disrupt the service of the image renderer without needing any additional execution privileges or user interaction, which could lead to system unavailability and potential data loss.
This vulnerability allows an attacker to trick a user into approving an authentication request for one application, but the approved access is actually used by another application, due to a logic error in the code, potentially leading to local escalation of privilege.
This vulnerability is a problem because it could allow an attacker to gain elevated privileges on a system without needing any additional execution privileges, and it does not require any interaction from the user to be exploited, making it a significant security risk.
This vulnerability allows sensitive information to be leaked through the lockscreen due to a logic error in the notification content description code, potentially disclosing local information without requiring any additional execution privileges or user interaction.
This vulnerability is a problem because it could allow unauthorized access to sensitive information on a device, even when the device is locked, which can compromise user privacy and security.
This vulnerability allows an attacker to trick a user into enabling malicious phone call forwarding through a tapjacking or overlay attack, potentially leading to local escalation of privilege.
This vulnerability is a problem because it can be used to deceive users into unknowingly granting attackers access to their phone's calling functionality, which could result in unauthorized calls, eavesdropping, or other malicious activities, all of which require only basic user execution privileges and user interaction to exploit.
This vulnerability allows an attacker to exploit a confused deputy issue due to Intent Redirect in multiple locations, potentially leading to local escalation of privilege without requiring any additional execution privileges or user interaction.
This vulnerability is a problem because it enables an attacker to gain elevated privileges on a local system, potentially allowing them to access sensitive data, install malware, or take control of the system, all without needing any additional permissions or user involvement.
This vulnerability allows an attacker to bypass touch filtering restrictions on a device, potentially leading to a tapjacking or overlay attack, where a malicious app can intercept and manipulate user interactions.
This vulnerability is a problem because it could enable an attacker to gain elevated privileges on a device without needing any additional execution privileges, simply by tricking a user into interacting with a malicious overlay. This could compromise the security and integrity of the device.
This vulnerability allows an attacker to view other users' private images without permission due to a flaw in the ChooserActivity.java file, potentially leading to local escalation of privilege.
This vulnerability is a problem because it compromises user privacy and could allow an attacker to gain unauthorized access to sensitive information, all without requiring any additional execution privileges or user interaction.
This vulnerability allows for a possible out of bounds write due to memory corruption in FuseDaemon.cpp, which could lead to local escalation of privilege, giving an attacker higher-level access to the system without needing any additional execution privileges.
This vulnerability is a problem because it can be exploited without requiring any user interaction, allowing an attacker to potentially gain elevated privileges on the system, which could lead to unauthorized access, data theft, or other malicious activities.
This vulnerability allows an attacker to access media files that belong to other users on the same device, without needing any additional permissions or user interaction, due to a flaw in the Bluetooth file sharing functionality.
This is a problem because it can lead to the unauthorized disclosure of sensitive information, such as personal photos, videos, or documents, which could be embarrassing, damaging, or exploitable if they fall into the wrong hands.
This vulnerability allows an attacker to access images of other users without permission, due to a flaw in the image picker feature of the EditUserPhotoController.
This is a problem because it can lead to the unauthorized disclosure of sensitive information, such as personal photos, without the need for additional privileges or user interaction.
This vulnerability allows an attacker to override a user's location permissions due to a logic error in the code, potentially leading to local escalation of privilege without needing additional execution privileges or user interaction.
This vulnerability is a problem because it could allow an attacker to gain elevated access to a user's device or system, potentially leading to unauthorized data access, modification, or other malicious activities, all without the user's knowledge or intervention.
This vulnerability allows a permission to be retained indefinitely in the background due to a logic error in the ConnectionServiceWrapper.java code, potentially leading to local escalation of privilege without requiring additional execution privileges.
This is a problem because it could enable an attacker to gain elevated access to a system or its components, allowing them to perform unauthorized actions, all without needing special execution privileges, but user interaction is required for exploitation.
This vulnerability allows an attacker to inject malicious SQL code into the Student Information Management System by manipulating the "studentId" argument in the /admin/modules/student/index.php file, potentially giving them unauthorized access to sensitive student data.
This vulnerability is a problem because it enables remote attackers to exploit the system, potentially leading to unauthorized data access, modification, or deletion, which can have serious consequences for the confidentiality, integrity, and availability of student information.