CVE Brief Security Intelligence

A memory corruption vulnerability exists in memory allocation processes when handling specific alignments, potentially leading to arbitrary code execution or system instability.

The Master Addons for Elementor Premium plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2

Microsoft Exchange Server (through 2019) ActiveSync configurations may transmit sensitive user data, including passwords and bearer tokens, in cleartext when communicating with Samsung devices.

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 5

The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1

A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLostPasswordEmail’ and the ’cgl_mail’ parameter in all versions up to, and including, 28

NocoDB is affected by a high-severity vulnerability that could compromise the security of database-driven spreadsheets and the underlying platform.

AFFiNE is an open-source, all-in-one workspace and an operating system

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2

Dell Command | Intel vPro Out of Band versions prior to 4 contain a high-severity vulnerability that could permit unauthorized management operations.

Textream for macOS is affected by a security vulnerability that could allow for unauthorized interactions with the teleprompter application environment.

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7

The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpb_user_name' and 'wpb_user_email' parameters in all versions up to, and including, 1

Dell Optimizer, versions prior to 6

Chamilo is a learning management system

Chamilo is a learning management system

Chamilo is a learning management system

Chamilo is a learning management system

Chamilo is a learning management system

Chamilo is a learning management system

sourcecodester Personnel Property Equipment System v1

Chamilo is a learning management system

Chamilo is a learning management system

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards

In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file

An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2

Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer

Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes

Tenda AX3 firmware v16

An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2

A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os

In multiple locations, there is a possible information disclosure due to SQL injection

In multiple locations, there is a possible privilege escalation due to a confused deputy

Chamilo is a learning management system

In broadcastIntentLockedTraced of BroadcastController

A security vulnerability has been detected in LLM-Claw 0

In writeToParcel of WindowInfo

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI

In UsageEvents of UsageEvents

In validateAddingWindowLw of DisplayPolicy

In multiple functions of MediaProvider

In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect

In multiple functions of KeyguardViewMediator

In multiple functions of ContentProvider

In openFile of BugreportContentProvider

In onTransact of IDrmManagerService

In enableSystemPackageLPw of Settings

In setupLayout of PickActivity

In parsePermissionGroup of ParsedPermissionUtils

In hasInteractAcrossUsersFullPermission of AppInfoBase

In hasImage of Notification

In __pkvm_host_share_guest of mem_protect

In __pkvm_init_vm of pkvm

In __host_check_page_state_range of mem_protect

In multiple functions of mem_protect

In setPackageOrComponentEnabled of ManagedServices

In createRequest of MediaProvider

In multiple functions of ffa

In multiple functions of mem_protect

In dumpBitmapsProto of ActivityManagerService

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands

Chamilo is a learning management system

Memory Corruption when accessing buffers with invalid length during TA invocation

Memory corruption while handling different IOCTL calls from the user-space simultaneously

Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls

Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources

Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs

Memory Corruption when accessing trusted execution environment without proper privilege check

Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs

Memory Corruption when adding user-supplied data without checking available buffer space

Memory Corruption when processing invalid user address with nonstandard buffer address

In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization

In multiple functions of MediaProvider

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key

In loadDescription of DeviceAdminInfo

In executeRequest of ActivityStarter

In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code

In onStart of CompanionDeviceManagerService

In createSessionInternal of PackageInstallerService

In removePermission of PermissionManagerServiceImpl

In multiple functions of mem_protect

OpenViking versions 0

In multiple functions of TaskFragmentOrganizerController

In onChange of BiometricService

An issue was discovered in 6

In multiple locations, there is a possible lockscreen bypass due to a race condition

In multiple functions of KeyguardViewMediator

In drawLayersInternal of SkiaRenderEngine

HomeBox is a home inventory and organization system

In relayoutWindow of WindowManagerService

Chamilo is a learning management system

Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE

Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4

Cohesity TranZman Migration Appliance Release 4

Multiple authenticated OS command injection vulnerabilities exist in the Cohesity (formerly Stone Ram) TranZman 4