Total
1333 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-45467 | 2025-07-25 | N/A | 7.1 HIGH | ||
| Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as the firmware update functionality (via Wi-Fi/Ethernet) implements an insecure verification mechanism that solely relies on MD5 checksums for firmware integrity validation. | |||||
| CVE-2025-8031 | 2025-07-25 | N/A | 9.8 CRITICAL | ||
| The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. | |||||
| CVE-2025-8069 | 2025-07-25 | N/A | 7.8 HIGH | ||
| During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If an admin user starts the AWS Client VPN client installation process, that code could be executed with root-level privileges. This issue does not affect Linux or Mac devices. We recommend users discontinue any new installations of AWS Client VPN on Windows prior to version 5.2.2. | |||||
| CVE-2024-47013 | 1 Google | 1 Android | 2025-07-24 | N/A | 7.8 HIGH |
| In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-47014 | 1 Google | 1 Android | 2025-07-24 | N/A | 8.8 HIGH |
| Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292. | |||||
| CVE-2024-47016 | 1 Google | 1 Android | 2025-07-24 | N/A | 7.8 HIGH |
| there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-11624 | 1 Google | 1 Android | 2025-07-24 | N/A | 7.8 HIGH |
| there is a possible to add apps to bypass VPN due to Undeclared Permission . This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-53835 | 1 Google | 1 Android | 2025-07-24 | N/A | 7.8 HIGH |
| there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-53840 | 1 Google | 1 Android | 2025-07-24 | N/A | 7.8 HIGH |
| there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-53841 | 1 Google | 1 Android | 2025-07-24 | N/A | 7.8 HIGH |
| In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-54059 | 2025-07-22 | N/A | 4.4 MEDIUM | ||
| melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM files generated by melange in apks had file system permissions mode 666. This potentially allows an unprivileged user to tamper with apk SBOMs on a running image, potentially confusing security scanners. An attacker could also perform a DoS under special circumstances. Version 0.29.5 fixes the issue. | |||||
| CVE-2025-53945 | 2025-07-22 | N/A | 7.0 HIGH | ||
| apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue. | |||||
| CVE-2024-13972 | 2025-07-17 | N/A | 8.8 HIGH | ||
| A vulnerability related to registry permissions in the Intercept X for Windows updater prior to version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade. | |||||
| CVE-2025-0886 | 2025-07-17 | N/A | 7.8 HIGH | ||
| An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges. | |||||
| CVE-2024-38459 | 1 Langchain | 1 Langchain-experimental | 2025-07-16 | N/A | 7.8 HIGH |
| langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444. | |||||
| CVE-2025-5199 | 2025-07-15 | N/A | 7.3 HIGH | ||
| In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup. | |||||
| CVE-2025-7672 | 2025-07-15 | N/A | 4.3 MEDIUM | ||
| The improper default setting in JiranSoft CrossEditor4 on Windows, Linux, Unix (API modules) potentaily allows Stored XSS. This issue affects CrossEditor4: from 4.0.0.01 before 4.6.0.23. | |||||
| CVE-2025-3617 | 1 Rockwellautomation | 1 Thinmanager | 2025-07-14 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent directory. If exploited, a threat actor could inherit elevated privileges. | |||||
| CVE-2018-9434 | 1 Google | 1 Android | 2025-07-10 | N/A | 7.8 HIGH |
| In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2018-9401 | 1 Google | 1 Android | 2025-07-10 | N/A | 7.8 HIGH |
| In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||