| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Permission verification vulnerability in the home screen module
Impact: Successful exploitation of this vulnerability may affect availability. |
| Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint. This information disclosure could allow attackers to identify and target known vulnerabilities associated with the specific versions, potentially compromising the service's security posture. This issue does not currently have a fix. |
| ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's web_server authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value. This allows access to web_server functionality (including OTA, if enabled) without knowing any information about the correct username or password. This issue has been patched in version 2025.8.1. |
| A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.thinkyeah.galleryvault. The manipulation leads to improper export of android application components. The attack can only be performed from a local environment. The exploit is publicly available and might be used. |
| Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. |
| Microsoft Dataverse Remote Code Execution Vulnerability |
| Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally. |
| Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally. |
| Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally. |
| Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network. |
| Active Directory Domain Services Elevation of Privilege Vulnerability |
| Windows Cryptographic Information Disclosure Vulnerability |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| Visual Studio Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
