CVE Brief Security Intelligence

In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass

In hasAccountsOnAnyUser of DevicePolicyManagerService

A vulnerability was found in code-projects Currency Exchange System 1

A vulnerability was determined in code-projects Currency Exchange System 1

A vulnerability was identified in code-projects Currency Exchange System 1

A security flaw has been discovered in code-projects Currency Exchange System 1

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack

A vulnerability was identified in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15

In grantAllowlistedPackagePermissions of SettingsSliceProvider

Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge

In startAlwaysOnVpn of Vpn

Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a reboot of the appliance, thus causing a DoS condition, via crafted XML payloads

Incorrect access control in the /api/v1/user endpoint of usememos memos v0

A vulnerability has been found in UTT 进取 512W up to 1

A weakness has been identified in H3C Magic B1 up to 100R004

A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session

Input verification vulnerability in the compression and decompression module

Multi-thread race condition vulnerability in the network management module

In multiple locations, there is a possible way to leak audio files across user profiles due to a confused deputy

In multiple functions of Session

In multiple functions of Session

In disassociate of DisassociationProcessor

In multiple functions of NotificationStation

In multiple locations, there is a possible way to bypass the cross profile intent filter due to a logic error in the code

In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation

In sendCommand of MediaSessionRecord

In multiple functions of CertInstaller

In connectInternal of MediaBrowser

In multiple functions of BaseBundle

In onActivityResult of EditFdnContactScreen

In multiple functions of HeaderPrivacyIconsController

In appendFrom of Parcel

In multiple locations, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack

In multiple functions of WifiScanModeActivity

In multiple locations, there is a possible way for an application on a work profile to set the main user's default NFC payment setting due to improper input validation

In getComponentName of MediaButtonReceiverHolder

In onSomePackagesChanged of VoiceInteractionManagerService

In init_pkvm_hyp_vcpu of pkvm

In multiple functions of arm-smmu-v3

In startNextMatchingActivity of ActivityTaskManagerService

In validateIconUserBoundary of PrintManagerService

In findAvailRecognizer of VoiceInteractionManagerService

In setDisplayName of AssociationRequest

In multiple functions of mem_protect

In __pkvm_load_tracing of trace

In preparePackage of InstallPackageHelper

In initDecoder of C2SoftDav1dDec

In onHeaderDecoded of LocalImageResolver

A vulnerability was detected in Chanjet CRM up to 20251121

A flaw has been found in Chanjet TPlus up to 20251121

A vulnerability was found in RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2

A weakness has been identified in Campcodes School File Management System 1

A security vulnerability has been detected in projectworlds Advanced Library Management System 1

A vulnerability was detected in projectworlds Advanced Library Management System 1

A flaw has been found in projectworlds Advanced Library Management System 1

A vulnerability has been found in code-projects Simple Leave Manager 1

A vulnerability was identified in itsourcecode Student Management System 1

A vulnerability has been found in IdeaCMS up to 1

A vulnerability was identified in code-projects Simple Shopping Cart 1

A security flaw has been discovered in code-projects Online Ordering System 1

A weakness has been identified in code-projects Online Ordering System 1

A security vulnerability has been detected in code-projects Online Ordering System 1

A vulnerability was detected in itsourcecode Student Management System 1

A flaw has been found in itsourcecode Student Management System 1

In onUidImportance of DisassociationProcessor

In DefaultTransitionHandler

In DefaultTransitionHandler

A vulnerability has been found in itsourcecode Student Management System 1

A weakness has been identified in UGREEN DH2100+ up to 5

A security vulnerability has been detected in UGREEN DH2100+ up to 5

Authenticated append-style command-injection Ruijie APs (AP_RGOS 11

Race condition vulnerability in the network module

In multiple locations, there is a possible intent filter bypass due to a race condition

In multiple locations of UsbDataAdvancedProtectionHook