3.8
CVE-2025-20081 - Communication Dsoftbus has an UAF vulnerability
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios.
5.5
CVE-2025-20042 - Liteos-A has an out of bounds read vulnerability
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read.
3.8
CVE-2025-20024 - Arkcompiler Ets Runtime has an integer overflow vulnerability
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only in restricted scenarios.
3.3
CVE-2025-20021 - Arkcompiler Ets Runtime has an out-of-bounds read vulnerability
in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read.
3.3
CVE-2025-20011 - Communication Dsoftbus has a memory leak vulnerability
in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory.
3.8
CVE-2025-0587 - Arkcompiler Ets Runtime has an integer overflow vulnerability
in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only in restricted scenarios.
8.8
CVE-2025-1639 - Animation Addons for Elementor Pro <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Arβ¦
The Animation Addons for Elementor Pro plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_elementor_plugin_handler() function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers,β¦
6.5
CVE-2025-1321 - teachPress <= 9.0.7 - Authenticated (Contributor+) SQL Injection
The teachPress plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tpsearch' shortcode in all versions up to, and including, 9.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes β¦
9.8
CVE-2025-0912 - GiveWP β Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object Injection
The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted input from the Donation Form through the 'card_address' parameter. This makes it possible for unauthenticated attackers to inject a PHP Objecβ¦
4.3
CVE-2024-13686 - VW Storefront <= 0.9.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset
The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vw_storefront_reset_all_settings() function in all versions up to, and including, 0.9.9. This makes it possible for authenticated attackers, with Subscriber-level accessβ¦