Vulnerabilities (CVE)

Total 306607 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-58272 2025-09-03 N/A 3.7 LOW
Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page created by an attacker, the settings of the product may be unintentionally changed.
CVE-2025-21041 2025-09-03 N/A 6.2 MEDIUM
Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.
CVE-2025-21040 2025-09-03 N/A 5.1 MEDIUM
Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
CVE-2025-21039 2025-09-03 N/A 5.1 MEDIUM
Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
CVE-2025-21038 2025-09-03 N/A 5.1 MEDIUM
Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
CVE-2025-21037 2025-09-03 N/A 4.1 MEDIUM
Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. User interaction is required for triggering this vulnerability.
CVE-2025-21036 2025-09-03 N/A 5.0 MEDIUM
Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability.
CVE-2025-21035 2025-09-03 N/A 4.6 MEDIUM
Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles.
CVE-2025-21034 2025-09-03 N/A 4.0 MEDIUM
Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code.
CVE-2025-21033 2025-09-03 N/A 4.0 MEDIUM
Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information.
CVE-2025-21032 2025-09-03 N/A 5.9 MEDIUM
Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions.
CVE-2025-21031 2025-09-03 N/A 6.8 MEDIUM
Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs.
CVE-2025-21030 2025-09-03 N/A 4.3 MEDIUM
Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background.
CVE-2025-21029 2025-09-03 N/A 4.0 MEDIUM
Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display.
CVE-2025-21028 2025-09-03 N/A 5.5 MEDIUM
Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items.
CVE-2025-21027 2025-09-03 N/A 5.1 MEDIUM
Improper verification of intent by broadcast receiver in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to temporarily disable the SIM.
CVE-2025-21026 2025-09-03 N/A 4.0 MEDIUM
Improper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the call.
CVE-2025-21025 2025-09-03 N/A 5.1 MEDIUM
Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background execution management.
CVE-2023-3666 2025-09-03 N/A N/A
The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2023-21483 2025-09-03 N/A 6.4 MEDIUM
Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service.