Security Vulnerabilities
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673749; Issue ID: MSV-4643.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-12-02
IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-12-02
Improper access control in MPLocalService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-12-02
Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-12-02
Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-12-02
Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-12-02
Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-12-02
Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-12-02
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. This vulnerability is fixed in 0.11.1.
CVSS Score
7.1
EPSS Score
0.002
Published
2025-12-01
ChurchCRM is an open-source church management system. In ChurchCRM 6.2.0 and earlier, there is a time-based blind SQL injection in the handling of the 1FieldSec parameter. Injecting SLEEP() causes deterministic server-side delays, proving the value is incorporated into a SQL query without proper parameterization. The issue allows data exfiltration and modification via blind techniques.
CVSS Score
7.2
EPSS Score
0.0
Published
2025-12-01