| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Read/Write vulnerability in the image decoding module
Impact: Successful exploitation of this vulnerability will affect availability. |
| Read/Write vulnerability in the image decoding module
Impact: Successful exploitation of this vulnerability will affect availability. |
| Read/Write vulnerability in the image decoding module
Impact: Successful exploitation of this vulnerability will affect availability. |
| Vulnerability of improper access control in the album module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| File replacement vulnerability on some devices
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. |
| Permission control vulnerability in the clipboard module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in the ability module
Impact: Successful exploitation of this vulnerability may cause features to function abnormally. |
| Vulnerability of processes not being fully terminated in the VPN module
Impact: Successful exploitation of this vulnerability will affect power consumption. |
| Page table protection configuration vulnerability in the trusted firmware module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Access control vulnerability in the SystemUI module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Vulnerability of PIN enhancement failures in the screen lock module
Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. |
| Access permission verification vulnerability in the Notepad module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission control vulnerability in the App Multiplier module
Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality. |
| Access control vulnerability in the security verification module
mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality. |
| Access permission verification vulnerability in the Contacts module
Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization bypass.
Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature.
You are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces.
This CVE is published in conjunction with CVE-2025-41249 https://spring.io/security/cve-2025-41249 . |
| The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog. |
| The WP Hotel Booking WordPress plugin before 2.2.3 lacks proper server-side validation for review ratings, allowing an attacker to manipulate the rating value (e.g., sending negative or out-of-range values) by intercepting and modifying requests. |
| The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers. |
