Total
340 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10157 | 1 Mmaitre314 | 1 Picklescan | 2025-09-18 | N/A |
| A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via submodules of dangerous packages (e.g., 'asyncio.unix_events' instead of 'asyncio'). When the incorrectly considered safe file is loaded after scan, it can lead to the execution of malicious code. | ||||
| CVE-2025-37124 | 2 Arubanetworks, Hp | 2 Edgeconnect Enterprise, Arubaos | 2025-09-17 | 8.6 High |
| A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Successful exploitation could allow an attacker to route potentially harmful traffic through the internal network, leading to unauthorized access or disruption of services. | ||||
| CVE-2025-43330 | 1 Apple | 3 Macos, Macos Sequoia, Macos Tahoe | 2025-09-17 | 8.2 High |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to break out of its sandbox. | ||||
| CVE-2025-54917 | 1 Microsoft | 5 Windows, Windows 10, Windows 11 and 2 more | 2025-09-16 | 4.3 Medium |
| Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-43273 | 1 Apple | 2 Macos, Macos Sequoia | 2025-09-15 | 9.1 Critical |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14.8. A sandboxed process may be able to circumvent sandbox restrictions. | ||||
| CVE-2025-21276 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-09 | 7.5 High |
| Windows MapUrlToZone Denial of Service Vulnerability | ||||
| CVE-2025-21211 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-09-09 | 6.8 Medium |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2025-21217 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-09 | 6.5 Medium |
| Windows NTLM Spoofing Vulnerability | ||||
| CVE-2025-21346 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-09-09 | 7.1 High |
| Microsoft Office Security Feature Bypass Vulnerability | ||||
| CVE-2025-59033 | 1 Microsoft | 7 Windows, Windows 10, Windows 11 and 4 more | 2025-09-09 | 9.8 Critical |
| The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. On systems that do not have hypervisor-protected code integrity (HVCI) enabled, entries that specify only the to-be-signed (TBS) part of the code signer certificate are properly blocked, but entries that specify the signing certificate’s TBS hash along with a 'FileAttribRef' qualifier (such as file name or version) will not be blocked. This vulnerability affects any Windows system that does not have HVCI enabled or supported (HVCI is available in Windows 10, Windows 11, and Windows Server 2016 and later). NOTE: The vendor states that the driver blocklist is intended for use with HVCI, while systems without HVCI should use App Control, and any custom blocklist entries require a granular approach for proper enforcement. | ||||
| CVE-2025-26431 | 1 Google | 1 Android | 2025-09-09 | 7.8 High |
| In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-0089 | 1 Google | 1 Android | 2025-09-08 | 7.8 High |
| In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48522 | 1 Google | 1 Android | 2025-09-08 | 7.8 High |
| In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48546 | 1 Google | 1 Android | 2025-09-08 | 7.8 High |
| In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-20347 | 1 Cisco | 2 Nexus Dashboard, Nexus Dashboard Fabric Controller | 2025-09-08 | 5.4 Medium |
| A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit th vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions, such as accessing sensitive information regarding HTTP Proxy and NTP configurations, uploading images, and damaging image files on an affected device. | ||||
| CVE-2025-26443 | 1 Google | 1 Android | 2025-09-08 | 7.3 High |
| In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-26444 | 1 Google | 1 Android | 2025-09-08 | 7.8 High |
| In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is forcibly stopped due to a logic error in the code. This could lead to local escalation of privilege where the default assistant app is automatically granted ROLE_ASSISTANT with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-26458 | 1 Google | 1 Android | 2025-09-08 | 7.8 High |
| In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-26464 | 1 Google | 1 Android | 2025-09-08 | 7.8 High |
| In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-32331 | 1 Google | 1 Android | 2025-09-08 | 7.8 High |
| In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||