Discover Vulnerabilities Now!

Vulnerabilities

---

Vendors

---

Products

---

Vulnerability Media Exposure

These listed vulnerabilities have been referenced across multiple public sources, indicating high media attention and potential significance.

CVE-2025-21043

Severity

HIGH

Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.

[ENGLISH] Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks
Samsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has been exploited in zero-day attacks. The vulnerability, CVE-2025-21043 (CVSS score: 8.8), concerns an out-of-bounds write that could result in arbitrary code execution. "Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to
[GERMAN] Samsung Android: Mehrere Schwachstellen
Ein lokaler Angreifer der ein Angreifer mit physischem Zugriff kann mehrere Schwachstellen in Samsung Android ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen oder Daten zu manipulieren.
[GERMAN] Jetzt patchen! Attacken auf Android-Smartphones von Samsung beobachtet
Samsung hat eine Schadcode-Lücke in diversen Android-Versionen geschlossen. Es ist bereits Exploitcode in Umlauf.
[ENGLISH] ⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More
In a world where threats are persistent, the modern CISO’s real job isn't just to secure technology—it's to preserve institutional trust and ensure business continuity. This week, we saw a clear pattern: adversaries are targeting the complex relationships that hold businesses together, from supply chains to strategic partnerships. With new regulations and the rise of AI-driven attacks, the
[GERMAN] Samsung behebt Zero-Day-Sicherheitslücke
Samsung schließt im September-SMR mehrere Sicherheitslücken, darunter die Zero-Day-Schwachstelle CVE-2025-21043. Der aktiv ausgenutzte out-of-bounds-write in einer Bildbibliothek erlaubt Schadcode-Ausführung.

CVE-2025-54236

Severity

CRITICAL

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.

adobe:commerce

adobe:commerce_b2b

adobe:magento

CVE-2025-43272

Severity

MEDIUM

The issue was addressed with improved memory handling. This issue is fixed in Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.

apple:safari

apple:ipados

apple:iphone_os

apple:macos

apple:visionos

apple:watchos

CVE-2025-10200

Severity

HIGH

Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CVE-2025-31255

Severity

CRITICAL

An authorization issue was addressed with improved state management. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to access sensitive user data.

apple:ipados

apple:iphone_os

apple:macos

apple:tvos

apple:watchos

CVE-2025-0168
Severity
MEDIUM
A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. This affects an unknown part of the file /_parse/_feedback_system.php. The manipulation of the argument person leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
anisha:job_recruitment
CVE-2025-22214
Severity
MEDIUM
Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection.
CVE-2025-0171
Severity
MEDIUM
A vulnerability, which was classified as critical, was found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/deleteuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
code-projects:chat_system
CVE-2025-0172
Severity
MEDIUM
A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/deleteroom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
code-projects:chat_system
CVE-2025-0173
Severity
MEDIUM
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /orders/view_order.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
oretnom23:online_eyewear_shop
CVE-2025-0174
Severity
MEDIUM
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It has been classified as critical. This affects an unknown part of the file /user/search_result2.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
code-projects:point_of_sales_and_inventory_management_system
CVE-2025-0175
Severity
LOW
A vulnerability was found in code-projects Online Shop 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view.php. The manipulation of the argument name/details leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
anisha:online_shop
CVE-2025-0176
Severity
MEDIUM
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /user/add_cart.php. The manipulation of the argument id/qty leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
code-projects:point_of_sales_and_inventory_management_system
CVE-2025-22275
Severity
CRITICAL
iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.
iterm2:iterm2
CVE-2025-21609
Severity
CRITICAL
SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint. An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server. Commit d9887aeec1b27073bec66299a9a4181dc42969f3 fixes this vulnerability and is expected to be available in version 3.1.19.
b3log:siyuan