NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2022-50357 - In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: fix some leaks in probe The dwc3_get_properties() function calls: dwc->usb_psy = power_supply_get_by_name(usb_psy_name); so there is some additional clean up... read CVE-2022-50357
Published: September 17, 2025; 11:15:34 AM -0400

V3.1: 5.5 MEDIUM
CVE-2022-50359 - In the Linux kernel, the following vulnerability has been resolved: media: cx88: Fix a null-ptr-deref bug in buffer_prepare() When the driver calls cx88_risc_buffer() to prepare the buffer, the function call may fail, resulting in a empty buffer... read CVE-2022-50359
Published: September 17, 2025; 11:15:34 AM -0400

V3.1: 5.5 MEDIUM
CVE-2022-50361 - In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: add missing unregister_netdev() in wilc_netdev_ifc_init() Fault injection test reports this issue: kernel BUG at net/core/dev.c:10731! invalid opcode: 0000 [#1]... read CVE-2022-50361
Published: September 17, 2025; 11:15:34 AM -0400

V3.1: 5.5 MEDIUM
CVE-2025-32319 - In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a permissions bypass. This could lead to local escalation of privilege with user execution privileges needed. User intera... read CVE-2025-32319
Published: December 08, 2025; 12:16:13 PM -0500
CVE-2025-32328 - In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges ne... read CVE-2025-32328
Published: December 08, 2025; 12:16:14 PM -0500
CVE-2025-32329 - In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges ne... read CVE-2025-32329
Published: December 08, 2025; 12:16:14 PM -0500
CVE-2025-48525 - In disassociate of DisassociationProcessor.java, there is a possible way for an app to continue reading notifications when not associated to a companion device due to improper input validation. This could lead to local escalation of privilege with... read CVE-2025-48525
Published: December 08, 2025; 12:16:14 PM -0500
CVE-2025-12916 - A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portal_login of the component Frontend. This manipulation of the argument loginUrl causes command... read CVE-2025-12916
Published: November 08, 2025; 7:15:40 PM -0500

V3.1: 9.8 CRITICAL
CVE-2025-48536 - In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could lead to local escalation of privilege with no additional execution pr... read CVE-2025-48536
Published: December 08, 2025; 12:16:14 PM -0500
CVE-2025-48555 - In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... read CVE-2025-48555
Published: December 08, 2025; 12:16:14 PM -0500
CVE-2025-48564 - In multiple locations, there is a possible intent filter bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: December 08, 2025; 12:16:14 PM -0500
CVE-2025-48565 - In multiple locations, there is a possible way to bypass the cross profile intent filter due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not nee... read CVE-2025-48565
Published: December 08, 2025; 12:16:14 PM -0500
CVE-2025-48586 - In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User intera... read CVE-2025-48586
Published: December 08, 2025; 12:16:15 PM -0500
CVE-2025-48588 - In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for... read CVE-2025-48588
Published: December 08, 2025; 12:16:15 PM -0500
CVE-2025-48591 - In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for ex... read CVE-2025-48591
Published: December 08, 2025; 12:16:16 PM -0500
CVE-2025-34397 - MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a ... read CVE-2025-34397
Published: December 09, 2025; 1:15:49 PM -0500

V3.1: 6.1 MEDIUM
CVE-2025-34398 - MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized when processed via a GET requ... read CVE-2025-34398
Published: December 09, 2025; 1:15:50 PM -0500

V3.1: 6.1 MEDIUM
CVE-2025-34399 - MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized when processed via a GET reques... read CVE-2025-34399
Published: December 09, 2025; 1:15:50 PM -0500

V3.1: 6.1 MEDIUM
CVE-2025-34400 - MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET reques... read CVE-2025-34400
Published: December 09, 2025; 1:15:50 PM -0500

V3.1: 6.1 MEDIUM
CVE-2025-34401 - MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly sanitized when processed via a GET request and ... read CVE-2025-34401
Published: December 09, 2025; 1:15:50 PM -0500

V3.1: 6.1 MEDIUM

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: