Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-20091 |
Description: in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
CVSS: LOW (3.8) EPSS Score: 0.01%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2025-20081 |
Description: in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
CVSS: LOW (3.8) EPSS Score: 0.01%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2025-20024 |
Description: in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only in restricted scenarios.
CVSS: LOW (3.8) EPSS Score: 0.01%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2025-20021 |
Description: in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVSS: LOW (3.3) EPSS Score: 0.01%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2025-20011 |
Description: in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.
CVSS: LOW (3.3) EPSS Score: 0.01%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2025-0587 |
Description: in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only in restricted scenarios.
CVSS: LOW (3.8) EPSS Score: 0.01%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2025-27221 |
Description: In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
CVSS: LOW (3.2) EPSS Score: 0.02%
March 4th, 2025 (about 2 months ago)
|
|
CVE-2025-1882 |
Description: A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been rated as critical. Affected by this issue is some unknown functionality of the component Device Setting Handler. The manipulation leads to improper access control for register interface. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life. Eine kritische Schwachstelle wurde in i-Drive i11 and i12 bis 20250227 ausgemacht. Es geht hierbei um eine nicht näher spezifizierte Funktion der Komponente Device Setting Handler. Durch Manipulieren mit unbekannten Daten kann eine improper access control for register interface-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk angegangen werden. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar.
CVSS: LOW (2.3) EPSS Score: 0.02%
March 3rd, 2025 (about 2 months ago)
|
|
CVE-2025-1880 |
Description: A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as problematic. Affected is an unknown function of the component Device Pairing. The manipulation leads to authentication bypass by primary weakness. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life. Es wurde eine problematische Schwachstelle in i-Drive i11 and i12 bis 20250227 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Komponente Device Pairing. Mittels Manipulieren mit unbekannten Daten kann eine authentication bypass by primary weakness-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen.
CVSS: LOW (1.0) EPSS Score: 0.02% SSVC Exploitation: none
March 3rd, 2025 (about 2 months ago)
|
|
CVE-2025-1879 |
Description: A vulnerability was found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This issue affects some unknown processing of the component APK. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life. Eine problematische Schwachstelle wurde in i-Drive i11 and i12 bis 20250227 gefunden. Betroffen davon ist ein unbekannter Prozess der Komponente APK. Mittels dem Manipulieren mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus.
CVSS: LOW (2.4) EPSS Score: 0.02%
March 3rd, 2025 (about 2 months ago)
|