Search
Search Results (314791 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11645 | 2025-10-18 | 2.4 Low | ||
| A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical device. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11644 | 2025-10-18 | 2 Low | ||
| A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can be targeted for the attack. This attack is characterized by high complexity. The exploitation is known to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11643 | 2025-10-18 | 3.7 Low | ||
| A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furbo_img of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11642 | 2025-10-18 | 4 Medium | ||
| A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected is an unknown function of the component Registration Handler. Such manipulation leads to denial of service. The attack can be executed directly on the physical device. The attack requires a high level of complexity. The exploitability is told to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-21044 | 2025-10-18 | 5.7 Medium | ||
| Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2025-59286 | 1 Microsoft | 3 365, 365 Copilot, 365 Copilot Chat | 2025-10-18 | 6.5 Medium |
| Copilot Spoofing Vulnerability | ||||
| CVE-2025-59272 | 1 Microsoft | 3 365, 365 Copilot, 365 Copilot Chat | 2025-10-18 | 6.5 Medium |
| Copilot Spoofing Vulnerability | ||||
| CVE-2025-59252 | 1 Microsoft | 3 365, 365 Copilot, 365 Word Copilot | 2025-10-18 | 6.5 Medium |
| M365 Copilot Spoofing Vulnerability | ||||
| CVE-2025-48813 | 2025-10-18 | 6.3 Medium | ||
| Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally. | ||||
| CVE-2025-59193 | 2025-10-18 | 7 High | ||
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59192 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-18 | 7.8 High |
| Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59241 | 1 Microsoft | 2 Windows 11 24h2, Windows 11 25h2 | 2025-10-18 | 7.8 High |
| Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59199 | 2025-10-18 | 7.8 High | ||
| Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55695 | 2025-10-18 | 5.5 Medium | ||
| Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-55339 | 2025-10-18 | 7.8 High | ||
| Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-50175 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-10-18 | 7.8 High |
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58720 | 2025-10-18 | 7.8 High | ||
| Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-53139 | 2025-10-18 | 7.7 High | ||
| Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-62640 | 2025-10-18 | N/A | ||
| Not used | ||||
| CVE-2025-62639 | 2025-10-18 | N/A | ||
| Not used | ||||