7.8
CVE-2025-47322 - Use After Free in Automotive Linux OS
Memory corruption while handling IOCTL calls to set mode.
7.8
CVE-2025-47321 - Buffer Copy Without Checking Size of Input in Core Services
Memory corruption while copying packets received from unix clients.
7.8
CVE-2025-47320 - Out-of-bounds Write in Audio
Memory corruption while processing MFC channel configuration during music playback.
6.7
CVE-2025-47319 - Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS
Information disclosure while exposing internal TA-to-TA communication APIs to HLOS
7.8
CVE-2025-27063 - Use After Free in Video
Memory corruption during video playback when video session open fails with time out error.
3.2
CVE-2025-68462 -
Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases.
7.2
CVE-2025-68461 -
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.
7.2
CVE-2025-68460 -
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.
6.4
CVE-2025-12885 - Embed Any Document <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Embed Any Document β Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitize_pdf_src function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes iβ¦
5.3
CVE-2025-14856 - y_project RuoYi getnames code injection
A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment leads to code injection. The attack can be executed remotely. The exploit has been disclosed publiclβ¦