CVE Brief Security Intelligence

The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2

Microsoft Exchange Server (through 2019) ActiveSync configurations may transmit sensitive user data, including passwords and bearer tokens, in cleartext when communicating with Samsung devices.

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLostPasswordEmail’ and the ’cgl_mail’ parameter in all versions up to, and including, 28

AFFiNE is an open-source, all-in-one workspace and an operating system

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2

Textream is a free macOS teleprompter app

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7

A vulnerability in projectworlds Online Art Gallery Shop version 1 could allow attackers to compromise the e-commerce platform's security.

sourcecodester Personnel Property Equipment System v1

A security flaw in MaxSite CMS up to version 109 presents a high-severity risk to the integrity of the content management system.

A security weakness has been identified in itsourcecode Society Management System version 1, potentially allowing for unauthorized data access.

A security vulnerability in itsourcecode University Management System version 1 could lead to unauthorized access to academic and administrative records.

A flaw in itsourcecode University Management System version 1 presents a high-severity security risk to the application's environment.

A high-severity vulnerability has been determined in the Tenda F453 router, which could lead to unauthorized administrative access or system failure.

A vulnerability was identified in Tenda F453 1

A security flaw has been discovered in Tenda AC15 up to 15

Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer

Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes

In multiple locations, there is a possible information disclosure due to SQL injection

In multiple locations, there is a possible privilege escalation due to a confused deputy

In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check

Chamilo is a learning management system

In broadcastIntentLockedTraced of BroadcastController

A security vulnerability has been detected in LLM-Claw 0

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI

In UsageEvents of UsageEvents

In validateAddingWindowLw of DisplayPolicy

In multiple functions of MediaProvider

In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect

In openFile of BugreportContentProvider

In setupLayout of PickActivity

In parsePermissionGroup of ParsedPermissionUtils

In hasInteractAcrossUsersFullPermission of AppInfoBase

In __pkvm_host_share_guest of mem_protect

In __host_check_page_state_range of mem_protect

In multiple functions of mem_protect

In setPackageOrComponentEnabled of ManagedServices

In createRequest of MediaProvider

In multiple functions of ffa

In multiple functions of mem_protect

In dumpBitmapsProto of ActivityManagerService

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands

Chamilo is a learning management system

Memory Corruption when accessing buffers with invalid length during TA invocation

Memory corruption while handling different IOCTL calls from the user-space simultaneously

Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls

Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources

Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs

Memory Corruption when accessing trusted execution environment without proper privilege check

Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs

Memory Corruption when adding user-supplied data without checking available buffer space

Memory Corruption when processing invalid user address with nonstandard buffer address

Memory corruption while using alignments for memory allocation

In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization

In multiple functions of MediaProvider

In executeRequest of ActivityStarter

In removePermission of PermissionManagerServiceImpl

In Modem, there is a possible out of bounds write due to a missing bounds check

In multiple locations, there is a possible lockscreen bypass due to a race condition

In multiple functions of KeyguardViewMediator

A security vulnerability has been identified in eosphoros-ai db-gpt version 0, potentially impacting the security of AI-driven database interactions.

In pcie, there is a possible out of bounds write due to a missing bounds check

Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE

In wlan STA driver, there is a possible out of bounds write due to a missing bounds check

Chamilo is a learning management system

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI