5.5
CVE-2025-20938 -
Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts.
8.8
CVE-2025-20936 -
Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root.
5.5
CVE-2025-20935 -
Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access files with system privilege. User interaction is required for triggering this vulnerability.
5.5
CVE-2025-20934 -
Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.
5.3
CVE-2025-3409 - Nothings stb stb_include_string stack-based overflow
A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects the function stb_include_string. The manipulation of the argument path_to_includes leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This product does not use versioβ¦
9.1
CVE-2025-2004 - Simple WP Events <= 1.8.17 - Unauthenticated Arbitrary File Deletion
The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action in all versions up to, and including, 1.8.17. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, β¦
5.3
CVE-2024-13820 - Melhor Envio <= 2.15.11 - Unauthenticated Sensitive Information Exposure via Hardcoded Hash
The Melhor Envio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.15.11 via the 'run' function, which uses a hardcoded hash. This makes it possible for unauthenticated attackers to extract sensitive data including environment information, β¦
5.3
CVE-2025-3408 - Nothings stb stb_dupreplace integer overflow
A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stb_dupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Thereforβ¦
5.3
CVE-2025-3407 - Nothings stb stbhw_build_tileset_from_image out-of-bounds
A vulnerability was found in Nothings stb up to f056911. It has been declared as critical. Affected by this vulnerability is the function stbhw_build_tileset_from_image. The manipulation of the argument h_count/v_count leads to out-of-bounds read. The attack can be launched remotely. This product tβ¦
5.3
CVE-2025-3406 - Nothings stb Header Array stbhw_build_tileset_from_image out-of-bounds
A vulnerability was found in Nothings stb up to f056911. It has been classified as problematic. Affected is the function stbhw_build_tileset_from_image of the component Header Array Handler. The manipulation of the argument w leads to out-of-bounds read. It is possible to launch the attack remotelyβ¦