Total
306607 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58272 | 2025-09-03 | N/A | 3.7 LOW | ||
| Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page created by an attacker, the settings of the product may be unintentionally changed. | |||||
| CVE-2025-21041 | 2025-09-03 | N/A | 6.2 MEDIUM | ||
| Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information. | |||||
| CVE-2025-21040 | 2025-09-03 | N/A | 5.1 MEDIUM | ||
| Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | |||||
| CVE-2025-21039 | 2025-09-03 | N/A | 5.1 MEDIUM | ||
| Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | |||||
| CVE-2025-21038 | 2025-09-03 | N/A | 5.1 MEDIUM | ||
| Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | |||||
| CVE-2025-21037 | 2025-09-03 | N/A | 4.1 MEDIUM | ||
| Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. User interaction is required for triggering this vulnerability. | |||||
| CVE-2025-21036 | 2025-09-03 | N/A | 5.0 MEDIUM | ||
| Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability. | |||||
| CVE-2025-21035 | 2025-09-03 | N/A | 4.6 MEDIUM | ||
| Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles. | |||||
| CVE-2025-21034 | 2025-09-03 | N/A | 4.0 MEDIUM | ||
| Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code. | |||||
| CVE-2025-21033 | 2025-09-03 | N/A | 4.0 MEDIUM | ||
| Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information. | |||||
| CVE-2025-21032 | 2025-09-03 | N/A | 5.9 MEDIUM | ||
| Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions. | |||||
| CVE-2025-21031 | 2025-09-03 | N/A | 6.8 MEDIUM | ||
| Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs. | |||||
| CVE-2025-21030 | 2025-09-03 | N/A | 4.3 MEDIUM | ||
| Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background. | |||||
| CVE-2025-21029 | 2025-09-03 | N/A | 4.0 MEDIUM | ||
| Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display. | |||||
| CVE-2025-21028 | 2025-09-03 | N/A | 5.5 MEDIUM | ||
| Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items. | |||||
| CVE-2025-21027 | 2025-09-03 | N/A | 5.1 MEDIUM | ||
| Improper verification of intent by broadcast receiver in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to temporarily disable the SIM. | |||||
| CVE-2025-21026 | 2025-09-03 | N/A | 4.0 MEDIUM | ||
| Improper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the call. | |||||
| CVE-2025-21025 | 2025-09-03 | N/A | 5.1 MEDIUM | ||
| Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background execution management. | |||||
| CVE-2023-3666 | 2025-09-03 | N/A | N/A | ||
| The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2023-21483 | 2025-09-03 | N/A | 6.4 MEDIUM | ||
| Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service. | |||||