Full List

Search

Recent Vulnerabilities

• CVE-2025-20664 • published on April 7, 2025 In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406217; Issue ID: MSV-2773.
• CVE-2025-20663 • published on April 7, 2025 In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00408868; Issue ID: MSV-3031.
• CVE-2025-20662 • published on April 7, 2025 In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04428276; Issue ID: MSV-3184.
• CVE-2025-20661 • published on April 7, 2025 In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3185.
• CVE-2025-20660 • published on April 7, 2025 In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3186.
• CVE-2025-20659 • published on April 7, 2025 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01519028; Issue ID: MSV-2768.
• CVE-2025-20658 • published on April 7, 2025 In DA, there is a possible permission bypass due to a logic error. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09474894; Issue ID: MSV-2597.
• CVE-2025-20657 • published on April 7, 2025 In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09486425; Issue ID: MSV-2609.
• CVE-2025-20656 • published on April 7, 2025 In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033.
• CVE-2025-20655 • published on April 7, 2025 In keymaster, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04427687; Issue ID: MSV-3183.
• CVE-2025-20654 • published on April 7, 2025 In wlan service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406897; Issue ID: MSV-2875.
• CVE-2025-3333 • published on April 7, 2025 A vulnerability has been found in codeprojects Online Restaurant Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/menu_update.php. The manipulation of the argument menu leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
• CVE-2025-27534 • published on April 7, 2025 in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.
• CVE-2025-25057 • published on April 7, 2025 in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.
• CVE-2025-24304 • published on April 7, 2025 in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds write.
• CVE-2025-22851 • published on April 7, 2025 in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow.
• CVE-2025-22842 • published on April 7, 2025 in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
• CVE-2025-22452 • published on April 7, 2025 in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
• CVE-2025-20102 • published on April 7, 2025 in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
• CVE-2025-3332 • published on April 7, 2025 A vulnerability, which was classified as critical, was found in codeprojects Online Restaurant Management System 1.0. Affected is an unknown function of the file /admin/menu_save.php. The manipulation of the argument menu leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.