3.3

CVSS3.1

CVE-2025-21077 -

Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege.

πŸ“… Published: Nov. 5, 2025, 5:40 a.m. πŸ”„ Last Modified: Nov. 6, 2025, 10:07 a.m.

5.5

CVSS3.1

CVE-2025-21076 -

Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for triggering this vulnerability.

πŸ“… Published: Nov. 5, 2025, 5:40 a.m. πŸ”„ Last Modified: Nov. 6, 2025, 10:07 a.m.

4.3

CVSS3.1

CVE-2025-21075 -

Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.

πŸ“… Published: Nov. 5, 2025, 5:40 a.m. πŸ”„ Last Modified: Nov. 6, 2025, 10:07 a.m.

4.3

CVSS3.1

CVE-2025-21074 -

Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.

πŸ“… Published: Nov. 5, 2025, 5:40 a.m. πŸ”„ Last Modified: Nov. 6, 2025, 10:07 a.m.

6.8

CVSS3.1

CVE-2025-21073 -

Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this vulnerability.

πŸ“… Published: Nov. 5, 2025, 5:40 a.m. πŸ”„ Last Modified: Nov. 6, 2025, 10:07 a.m.

5.7

CVSS3.1

CVE-2025-21071 -

Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

πŸ“… Published: Nov. 5, 2025, 5:40 a.m. πŸ”„ Last Modified: Nov. 6, 2025, 4:55 a.m.

9.8

CVSS3.1

CVE-2025-11749 - AI Engine <= 3.1.3 - Unauthenticated Sensitive Information Exposure to Privilege Escalation

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the /mcp/v1/ REST API endpoint that exposes the 'Bearer Token' value when 'No-Auth URL' is enabled. This makes it possible for unauthenticated attackers to extract the …

πŸ“… Published: Nov. 5, 2025, 5:31 a.m. πŸ”„ Last Modified: Nov. 5, 2025, 5:31 a.m.

7.5

CVSS3.1

CVE-2025-12197 - The Events Calendar 6.15.1.1 - 6.15.9 - Unauthenticated SQL Injection via s

The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticate…

πŸ“… Published: Nov. 5, 2025, 4:36 a.m. πŸ”„ Last Modified: Nov. 5, 2025, 4:36 a.m.

6.4

CVSS3.1

CVE-2025-11162 - Spectra <= 2.19.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom CSS

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2.19.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

πŸ“… Published: Nov. 5, 2025, 4:36 a.m. πŸ”„ Last Modified: Nov. 5, 2025, 6:47 p.m.

5.3

CVSS3.1

CVE-2025-11835 - Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <=…

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and validation check on the PMS_AJAX_Checkout_Handler::process_payment() function in all versions …

πŸ“… Published: Nov. 5, 2025, 3:27 a.m. πŸ”„ Last Modified: Nov. 5, 2025, 3:27 a.m.
Total resulsts: 317040
Page 10 of 31,704
Β« previous page Β» next page
Filters