Total
289036 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20951 | 2025-04-08 | 5.1 Medium | ||
| Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store. | ||||
| CVE-2025-20950 | 2025-04-08 | 4 Medium | ||
| Use of implicit intent for sensitive communication in SamsungNotes prior to version 4.4.26.45 allows local attackers to access sensitive information. | ||||
| CVE-2025-20948 | 2025-04-08 | 5.5 Medium | ||
| Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to read out-of-bounds memory. | ||||
| CVE-2025-20947 | 2025-04-08 | 5.5 Medium | ||
| Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access image files across multiple users. User interaction is required for triggering this vulnerability. | ||||
| CVE-2025-20946 | 2025-04-08 | 8.8 High | ||
| Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bluetooth pairing prior to SMR Apr-2025 Release 1 allows local attackers to pair with specific bluetooth devices without user interaction. | ||||
| CVE-2025-20945 | 2025-04-08 | 4 Medium | ||
| Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch. | ||||
| CVE-2025-20944 | 2025-04-08 | 6.2 Medium | ||
| Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memory. | ||||
| CVE-2025-20943 | 2025-04-08 | 6.4 Medium | ||
| Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption. | ||||
| CVE-2025-20942 | 2025-04-08 | 4.4 Medium | ||
| Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID. | ||||
| CVE-2025-20941 | 2025-04-08 | 6.2 Medium | ||
| Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device. | ||||
| CVE-2025-20940 | 2025-04-08 | 4 Medium | ||
| Improper handling of insufficient permission in Samsung Device Health Manager Service prior to SMR Apr-2025 Release 1 allows local attackers to access provider in SDMHS. | ||||
| CVE-2025-20939 | 2025-04-08 | 5.4 Medium | ||
| Improper authorization in wireless download protocol in Galaxy Watch prior to SMR Apr-2025 Release 1 allows physical attackers to update device unique identifier of Watch devices. | ||||
| CVE-2025-20938 | 2025-04-08 | 5.5 Medium | ||
| Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts. | ||||
| CVE-2025-20936 | 2025-04-08 | 8.8 High | ||
| Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root. | ||||
| CVE-2025-20935 | 2025-04-08 | 5.5 Medium | ||
| Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access files with system privilege. User interaction is required for triggering this vulnerability. | ||||
| CVE-2025-20934 | 2025-04-08 | 5.5 Medium | ||
| Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege. | ||||
| CVE-2024-36246 | 1 Yokogawa Rental Lease Corporation | 2 Unifier, Unifier Cast | 2025-04-08 | 9.8 Critical |
| Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted. | ||||
| CVE-2024-23847 | 1 Yokogawa Rental Lease Corporation | 1 Unifier | 2025-04-08 | 5.9 Medium |
| Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted. | ||||
| CVE-2024-13820 | 2025-04-08 | 5.3 Medium | ||
| The Melhor Envio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.15.9 via the 'run' function, which uses a hardcoded hash. This makes it possible for unauthenticated attackers to extract sensitive data including environment information, plugin tokens, shipping configurations, and limited vendor information. | ||||
| CVE-2024-13130 | 2025-04-08 | 4.3 Medium | ||
| A vulnerability was found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||