Tagged: Cybersecurity Alert

Incorrect default permissions in Samsung Cloud Assistant prior to version 8.0.03.8 allows local attacker to access partial data in sandbox. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=12

Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=12

Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=12

Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12

Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12

Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12

Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12

Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12

Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12

Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service. More information : https://security.samsungmobile.com/serviceWeb.smsb?year=2025&month=12

Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12

Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen’s privilege. More information : https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=12

HackerOne community member Kassem S.(kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation has been independently...

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model...