Security Vulnerabilities
An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. An attacker can achieve Elevation of Privileges to SYSTEM by exploiting insecure file delete operations during the update process.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-09-02
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A programming mistake for buffer copy leads to out-of-bounds writes via malformed ROHC packets.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-09-02
Many Notes 0.10.1 is vulnerable to Cross Site Scripting (XSS), which allows malicious Markdown files to execute JavaScript when viewed.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-09-02
Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_cmd function via the command parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
6.5
EPSS Score
0.127
Published
2025-09-02
Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the username parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
6.5
EPSS Score
0.127
Published
2025-09-02
Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "set_sys_adm" function of the "adm.cgi" binary, and is due to improper santization of the user provided "newpass" field
CVSS Score
6.5
EPSS Score
0.089
Published
2025-09-02
A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-09-02
PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-09-02
rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/DatasetService path.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-09-02
A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument samba_userNameSda leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-09-02