Total
33456 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21057 | 1 Samsung | 2 Mobile Devices, Notes | 2025-10-20 | 4 Medium |
| Use of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notes. | ||||
| CVE-2022-38150 | 2 Fedoraproject, Varnish Cache Project | 2 Fedora, Varnish Cache | 2025-10-20 | 6.5 Medium |
| In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1. | ||||
| CVE-2022-37002 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2025-10-20 | 7.4 High |
| The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background. | ||||
| CVE-2025-58282 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 2.8 Low |
| Permission control vulnerability in the camera module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58285 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 5.3 Medium |
| Permission control vulnerability in the media module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58283 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 5.5 Medium |
| Permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-54654 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 6.2 Medium |
| Permission control vulnerability in the Gallery module. Successful exploitation of this vulnerability may affect service confidentiality | ||||
| CVE-2025-58284 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 5.9 Medium |
| Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58288 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 5.5 Medium |
| Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-58292 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 3.3 Low |
| Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-58291 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 3.3 Low |
| Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-58286 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 3.3 Low |
| Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-43280 | 1 Apple | 4 Ios, Ipad Os, Ipados and 1 more | 2025-10-20 | 4.7 Medium |
| The issue was resolved by not loading remote images This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode. | ||||
| CVE-2025-45156 | 1 Splashin | 1 Splashin | 2025-10-17 | 5.3 Medium |
| Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users. | ||||
| CVE-2023-24676 | 1 Processwire | 1 Processwire | 2025-10-17 | 7.2 High |
| An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a ProcessWire admin is intentionally allowed to install any module that contains any arbitrary code. | ||||
| CVE-2025-55293 | 1 Meshtastic | 2 Firmware, Meshtastic Firmware | 2025-10-17 | 9.4 Critical |
| Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if (p.public_key.size > 0) {', clearing the existing publicKey (and resetting the size to 0) for a known node. Then a new key bypasses 'if (info->user.public_key.size > 0) {', and this malicious key is stored in NodeDB. This vulnerability is fixed in 2.6.3. | ||||
| CVE-2024-57844 | 1 Linux | 1 Linux Kernel | 2025-10-17 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix fault on fd close after unbind If userspace holds an fd open, unbinds the device and then closes it, the driver shouldn't try to access the hardware. Protect it by using drm_dev_enter()/drm_dev_exit(). This fixes the following page fault: <6> [IGT] xe_wedged: exiting, ret=98 <1> BUG: unable to handle page fault for address: ffffc901bc5e508c <1> #PF: supervisor read access in kernel mode <1> #PF: error_code(0x0000) - not-present page ... <4> xe_lrc_update_timestamp+0x1c/0xd0 [xe] <4> xe_exec_queue_update_run_ticks+0x50/0xb0 [xe] <4> xe_exec_queue_fini+0x16/0xb0 [xe] <4> __guc_exec_queue_fini_async+0xc4/0x190 [xe] <4> guc_exec_queue_fini_async+0xa0/0xe0 [xe] <4> guc_exec_queue_fini+0x23/0x40 [xe] <4> xe_exec_queue_destroy+0xb3/0xf0 [xe] <4> xe_file_close+0xd4/0x1a0 [xe] <4> drm_file_free+0x210/0x280 [drm] <4> drm_close_helper.isra.0+0x6d/0x80 [drm] <4> drm_release_noglobal+0x20/0x90 [drm] (cherry picked from commit 4ca1fd418338d4d135428a0eb1e16e3b3ce17ee8) | ||||
| CVE-2024-57880 | 1 Linux | 1 Linux Kernel | 2025-10-17 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array The code uses the initialised member of the asoc_sdw_dailink struct to determine if a member of the array is in use. However in the case the array is completely full this will lead to an access 1 past the end of the array, expand the array by one entry to include a space for a terminator. | ||||
| CVE-2023-36405 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2025-10-17 | 7 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2025-55234 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-17 | 8.8 High |
| SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks: Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server Hardening—SMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures. | ||||