Total
324 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22429 | 1 Google | 1 Android | 2025-09-04 | N/A | 9.8 CRITICAL |
| In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22431 | 1 Google | 1 Android | 2025-09-04 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code. This could lead to local denial of service until the phone reboots with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22433 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.8 HIGH |
| In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22434 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.8 HIGH |
| In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22437 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.8 HIGH |
| In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-9866 | 1 Google | 1 Chrome | 2025-09-04 | N/A | 8.8 HIGH |
| Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-46553 | 1 Misskey | 1 Misskey | 2025-09-03 | N/A | 6.1 MEDIUM |
| @misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue. | |||||
| CVE-2025-43728 | 2025-08-29 | N/A | 9.6 CRITICAL | ||
| Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. | |||||
| CVE-2018-10631 | 1 Medtronic | 4 N\'vision 8840, N\'vision 8840 Firmware, N\'vision 8870 and 1 more | 2025-08-26 | 4.6 MEDIUM | 6.3 MEDIUM |
| The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer. | |||||
| CVE-2025-54143 | 1 Mozilla | 1 Firefox | 2025-08-21 | N/A | 9.8 CRITICAL |
| Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS < 141. | |||||
| CVE-2025-50897 | 2025-08-20 | N/A | 4.3 MEDIUM | ||
| A vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, where valid virtual-to-physical address translations configured with write permissions (PTE_W) in SV39 mode may incorrectly trigger a Store/AMO access fault during store instructions (sd). This occurs despite the presence of proper page table entries and valid memory access modes. The fault is reproducible when transitioning into virtual memory and attempting store operations in mapped kernel memory, indicating a potential flaw in the MMU, PMP, or memory access enforcement logic. This may cause unexpected kernel panics or denial of service in systems using BOOMv1.2. | |||||
| CVE-2025-24523 | 2025-08-13 | N/A | 3.5 LOW | ||
| Protection mechanism failure for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2025-24835 | 2025-08-13 | N/A | 6.5 MEDIUM | ||
| Protection mechanism failure in the Intel(R) Graphics Driver for the Intel(R) Arc(TM) B-Series graphics before version 32.0.101.6737 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2025-3770 | 2025-08-07 | N/A | 7.0 HIGH | ||
| EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability. | |||||
| CVE-2025-8656 | 1 Jvckenwood | 2 Dmx958xr, Dmx958xr Firmware | 2025-08-07 | N/A | 6.8 MEDIUM |
| Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows physically present attackers to downgrade software on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the libSystemLib library. The issue results from the lack of proper validation of version information before performing an update. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-26355. | |||||
| CVE-2024-24562 | 1 Vantage6 | 1 Vantage6-ui | 2025-08-06 | N/A | 5.4 MEDIUM |
| vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx. | |||||
| CVE-2025-43261 | 1 Apple | 1 Macos | 2025-08-01 | N/A | 9.8 CRITICAL |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox. | |||||
| CVE-2025-43273 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 9.1 CRITICAL |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.6. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2025-8032 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-07-28 | N/A | 8.1 HIGH |
| XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. | |||||
| CVE-2025-27700 | 1 Google | 1 Android | 2025-07-24 | N/A | 8.4 HIGH |
| There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||