5.2

CVSS3.1

CVE-2025-21047 -

Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs.

πŸ“… Published: Oct. 10, 2025, 6:33 a.m. πŸ”„ Last Modified: Oct. 10, 2025, 7:08 p.m.

2.4

CVSS3.1

CVE-2025-21046 -

Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows physical attackers to temporarily access to recent app list.

πŸ“… Published: Oct. 10, 2025, 6:33 a.m. πŸ”„ Last Modified: Oct. 10, 2025, 7:08 p.m.

4

CVSS3.1

CVE-2025-21045 -

Insecure storage of sensitive information in Galaxy Watch prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information.

πŸ“… Published: Oct. 10, 2025, 6:33 a.m. πŸ”„ Last Modified: Oct. 10, 2025, 7:08 p.m.

5.7

CVSS3.1

CVE-2025-21044 -

Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

πŸ“… Published: Oct. 10, 2025, 6:33 a.m. πŸ”„ Last Modified: Oct. 10, 2025, 7:07 p.m.

6.5

CVSS3.1

CVE-2025-10124 - Booking Manager < 2.1.15 - Contributor+ Booking Deletion

The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted.

πŸ“… Published: Oct. 10, 2025, 6 a.m. πŸ”„ Last Modified: Oct. 10, 2025, 7:04 p.m.

4.8

CVSS4.0

CVE-2025-11570 -

Versions of the package drupal-pattern-lab/unified-twig-extensions from 0.0.0 are vulnerable to Cross-site Scripting (XSS) due to insufficient filtering of data. **Note:** This is exploitable only if the code is executed outside of Drupal; the function is intended to be shared between Drupal and P…

πŸ“… Published: Oct. 10, 2025, 5 a.m. πŸ”„ Last Modified: Oct. 10, 2025, 6:19 p.m.

8.7

CVSS4.0

CVE-2025-11569 -

All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync() and unzipSync () functions that allow arguments such as __dirname. An attacker can access system files by selectively doing zip/unzip operations.

πŸ“… Published: Oct. 10, 2025, 5 a.m. πŸ”„ Last Modified: Oct. 10, 2025, 6:32 p.m.

8.4

CVSS4.0

CVE-2025-61871 -

NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

πŸ“… Published: Oct. 10, 2025, 4:52 a.m. πŸ”„ Last Modified: Oct. 10, 2025, 6:32 p.m.

5.3

CVSS4.0

CVE-2025-11449 - Reflected Cross Site Scripting in ServiceNow AI Platform

ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link.Β Β Β  ServiceNow has addressed…

πŸ“… Published: Oct. 10, 2025, 1:15 a.m. πŸ”„ Last Modified: Oct. 10, 2025, 6:35 p.m.

5.3

CVSS4.0

CVE-2025-11450 - Reflected Cross Site Scripting in ServiceNow AI Platform

ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this…

πŸ“… Published: Oct. 10, 2025, 1:09 a.m. πŸ”„ Last Modified: Oct. 10, 2025, 1:09 a.m.
Total resulsts: 313685
Page 13 of 31,369
Β« previous page Β» next page
Filters