Common Vulnerabilities and Exposures (CVE)

CVE-2025-58113

Dec 2, 2025 17:05:38 UTC

An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.7.3.401. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read,...

CVE-2025-65236

Dec 2, 2025 16:58:11 UTC

OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint.

CVE-2025-55469

Dec 2, 2025 16:58:03 UTC

Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend.

CVE-2025-26155

Dec 2, 2025 16:57:56 UTC

NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability.

CVE-2025-65675

Dec 2, 2025 16:57:49 UTC

Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures.

CVE-2025-65676

Dec 2, 2025 16:57:41 UTC

Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images.

CVE-2025-21072

Dec 2, 2025 16:57:33 UTC

Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

CVE-2025-21080

Dec 2, 2025 16:57:27 UTC

Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege.

CVE-2025-58475

Dec 2, 2025 16:57:19 UTC

Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

CVE-2025-58476

Dec 2, 2025 16:57:12 UTC

Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.

CVE-2025-58477

Dec 2, 2025 16:57:04 UTC

Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

CVE-2025-58478

Dec 2, 2025 16:56:56 UTC

Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

CVE-2025-58479

Dec 2, 2025 16:56:48 UTC

Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

CVE-2025-58480

Dec 2, 2025 16:56:41 UTC

Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

CVE-2025-58481

Dec 2, 2025 16:56:33 UTC

Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service.