CVE Feeds
Latest CVEs
Updates on the latest vulnerabilities detected.
-
CVE-2025-14259 - Jihai Jshop MiniProgram Mall System api.html sql injection
CVE ID :CVE-2025-14259
Published : Dec. 8, 2025, 6:02 p.m. | 21 minutes ago
Description :A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument cat_id results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14258 - itsourcecode Student Management System newsubject.php sql injection
CVE ID :CVE-2025-14258
Published : Dec. 8, 2025, 5:32 p.m. | 51 minutes ago
Description :A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /newsubject.php. The manipulation of the argument sub leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-48625 - "Logitech USBDataAdvancedProtectionHook Local Privilege Escalation"
CVE ID :CVE-2025-48625
Published : Dec. 8, 2025, 5:27 p.m. | 56 minutes ago
Description :In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-48608 - Google SettingsProvider Cross-User Media Read Vulnerability
CVE ID :CVE-2025-48608
Published : Dec. 8, 2025, 5:27 p.m. | 56 minutes ago
Description :In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-48606 - Apache InstallPackageHelper Local Privilege Escalation
CVE ID :CVE-2025-48606
Published : Dec. 8, 2025, 5:27 p.m. | 56 minutes ago
Description :In preparePackage of InstallPackageHelper.java, there is a possible way for an app to appear hidden upon installation without a mechanism to uninstall it due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-48569 - Adobe Flash Denial of Service Vulnerability
CVE ID :CVE-2025-48569
Published : Dec. 8, 2025, 5:27 p.m. | 56 minutes ago
Description :In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-65799 - Usememos Memos Path Traversal Vulnerability
CVE ID :CVE-2025-65799
Published : Dec. 8, 2025, 5:16 p.m. | 1 hour, 7 minutes ago
Description :A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-65797 - Usememos Memos Identity Provider Access Control Vulnerability
CVE ID :CVE-2025-65797
Published : Dec. 8, 2025, 5:16 p.m. | 1 hour, 7 minutes ago
Description :Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-65795 - Usememos Memos Unauthenticated Account Creation Vulnerability
CVE ID :CVE-2025-65795
Published : Dec. 8, 2025, 5:16 p.m. | 1 hour, 7 minutes ago
Description :Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-65363 - Ruijie APs Command Injection Vulnerability
CVE ID :CVE-2025-65363
Published : Dec. 8, 2025, 5:16 p.m. | 1 hour, 7 minutes ago
Description :Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1.x) allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the web_action.do endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-63721 - Apache Snakeyaml Deserialization Remote Code Execution
CVE ID :CVE-2025-63721
Published : Dec. 8, 2025, 5:16 p.m. | 1 hour, 7 minutes ago
Description :HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component allowing attackers to achieve RCE and take over the server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-59391 - Apache libcoap Memory Disclosure Vulnerability
CVE ID :CVE-2025-59391
Published : Dec. 8, 2025, 5:16 p.m. | 1 hour, 7 minutes ago
Description :A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This could potentially lead to information disclosure or denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-48639 - Android Android DefaultTransitionHandler Tapjacking Vulnerability
CVE ID :CVE-2025-48639
Published : Dec. 8, 2025, 5:16 p.m. | 1 hour, 7 minutes ago
Description :In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-48638 - Apache Pkvm Out-of-Bounds Write Privilege Escalation
CVE ID :CVE-2025-48638
Published : Dec. 8, 2025, 5:16 p.m. | 1 hour, 7 minutes ago
Description :In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-48637 - Apache Memcached Out-of-Bounds Write Vulnerability
CVE ID :CVE-2025-48637
Published : Dec. 8, 2025, 5:16 p.m. | 1 hour, 7 minutes ago
Description :In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-48633 - Android Framework Information Disclosure Vulnerability - [Actively Exploited]
CVE ID :CVE-2025-48633
Published : Dec. 8, 2025, 5:16 p.m. | 1 hour, 7 minutes ago
Description :In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-48632 - Google CDM Association Privilege Escalation Vulnerability
CVE ID :CVE-2025-48632
Published : Dec. 8, 2025, 5:16 p.m. | 1 hour, 7 minutes ago
Description :In setDisplayName of AssociationRequest.java, there is a possible way to cause CDM associations to persist after the user has disassociated them due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-48631 - Apache Commons Fileupload Remote Denial of Service
CVE ID :CVE-2025-48631
Published : Dec. 8, 2025, 5:16 p.m. | 1 hour, 7 minutes ago
Description :In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-48629 - Apache VoiceInteractionManagerService Default Speech Recognizer Privilege Escalation Vulnerability
CVE ID :CVE-2025-48629
Published : Dec. 8, 2025, 5:16 p.m. | 1 hour, 7 minutes ago
Description :In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-48628 - Apache PrintManagerService Confused Deputy Cross-User Image Leak Vulnerability
CVE ID :CVE-2025-48628
Published : Dec. 8, 2025, 5:16 p.m. | 1 hour, 7 minutes ago
Description :In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Information
Vortech Consulting is a network security and design consulting firm originally founded in 1997. Over our nearly 30 year history we have provided security services and products for a wide variety of companies around the globe.
Company
Who's Online
We have 612 guests and no members online