CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-20958 |
Description: Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors.
CVSS: MEDIUM (4.4) EPSS Score: 0.02%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-20956 |
Description: Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-20955 |
Description: Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-20954 |
Description: Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-20953 |
Description: Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN.
CVSS: MEDIUM (5.1) EPSS Score: 0.02%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-20949 |
Description: Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members.
CVSS: MEDIUM (5.1) EPSS Score: 0.02%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-20937 |
Description: Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVSS: MEDIUM (6.7) EPSS Score: 0.02%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-4171 |
Description: The WZ Followed Posts – Display what visitors are reading plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wfp' shortcode in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-32404 |
Description: An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to corrupt the memory of IO devices that use the library by sending a malicious RPC packet.
CVSS: MEDIUM (4.8) EPSS Score: 0.06%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-32403 |
Description: An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to corrupt the memory of IO devices that use the library by sending a malicious RPC packet.
CVSS: MEDIUM (4.8) EPSS Score: 0.06%
May 7th, 2025 (about 2 months ago)
|