Security Vulnerabilities
Out-of-bounds read in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-10-10
Use of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notes.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-10-10
Copilot Spoofing Vulnerability
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-09
BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's `Choices` response type. By submitting a malicious payload with a massive array in the `answerIds` field, the attacker can cause the current meeting — and potentially all meetings on the server — to become unresponsive. Version 3.0.13 contains a patch. No known workarounds are available.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-09
BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed `reactionEmojiId` in the GraphQL mutation `chatSendMessageReaction`. Version 3.0.13 contains a patch. No known workarounds are available.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-09
Azure Entra ID Elevation of Privilege Vulnerability
CVSS Score
9.6
EPSS Score
0.001
Published
2025-10-09
Azure Entra ID Elevation of Privilege Vulnerability
CVSS Score
9.8
EPSS Score
0.001
Published
2025-10-09
Azure PlayFab Elevation of Privilege Vulnerability
CVSS Score
8.8
EPSS Score
0.001
Published
2025-10-09
M365 Copilot Spoofing Vulnerability
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-09
Redis Enterprise Elevation of Privilege Vulnerability
CVSS Score
8.7
EPSS Score
0.001
Published
2025-10-09