CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-27242	Ssecurity_component_manager has an improper input vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. CVSS: LOW (3.3) EPSS Score: 0.02% Source: CVE June 8th, 2025 (20 days ago)
CVE-2025-27131	kernel_liteos_m has an improper input vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. CVSS: MEDIUM (6.1) EPSS Score: 0.02% Source: CVE June 8th, 2025 (20 days ago)
CVE-2025-26693	security_access_token has an improper preservation of permissions vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. CVSS: LOW (3.3) EPSS Score: 0.01% Source: CVE June 8th, 2025 (20 days ago)
CVE-2025-26691	telephony_call_manager has an improper preservation of permissions vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. CVSS: MEDIUM (5.5) EPSS Score: 0.01% Source: CVE June 8th, 2025 (20 days ago)
CVE-2025-25217	arkui_ace_enginehas a NULL pointer dereference vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. CVSS: LOW (3.3) EPSS Score: 0.01% Source: CVE June 8th, 2025 (20 days ago)
CVE-2025-24493	kernel_liteos_a has a race condition vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition. CVSS: MEDIUM (5.5) EPSS Score: 0.01% Source: CVE June 8th, 2025 (20 days ago)
CVE-2025-23235	arkcompiler_ets_runtime has an out-of-bounds write vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read. CVSS: LOW (3.3) EPSS Score: 0.01% Source: CVE June 8th, 2025 (20 days ago)
CVE-2025-21082	arkui_ace_engine has a type confusion vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion. CVSS: LOW (3.3) EPSS Score: 0.01% Source: CVE June 8th, 2025 (20 days ago)
CVE-2025-20063	arkui_ace_engine has a type confusion vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion. CVSS: LOW (3.3) EPSS Score: 0.01% Source: CVE June 8th, 2025 (20 days ago)
CVE-2025-38004	can: bcm: add locking for bcm_op runtime updates Description: In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at runtime where the 'currframe' counter is then set to zero. Although this appeared to be a safe operation the updates of 'currframe' can be triggered from user space and hrtimer context in bcm_can_tx(). Anderson Nascimento created a proof of concept that triggered a KASAN slab-out-of-bounds read access which can be prevented with a spin_lock_bh. At the rework of bcm_can_tx() the 'count' variable has been moved into the protected section as this variable can be modified from both contexts too. EPSS Score: 0.03% Source: CVE June 8th, 2025 (20 days ago)