Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-67521
2025-12-09
N/A
0.0
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Select Core select-core allows PHP Local File Inclusion.This issue affects Select…
CVE-2025-67520
2025-12-09
N/A
0.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tiny Solutions Media Library Tools media-library-tools allows SQL Injection.This issue affects Media Library Tools:…
CVE-2025-67519
2025-12-09
N/A
0.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows SQL Injection.This issue affects Ninja Tables: from n/a…
CVE-2025-66649
2025-12-09
N/A
0.0
Rejected reason: Further research determined the issue is not a vulnerability.
CVE-2023-53835
2025-12-09
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-53805
2025-12-09
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-14258
2025-12-08
HIGH
7.3
A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /newsubject.php. The manipulation of the argument…
CVE-2025-65229
2025-12-08
MEDIUM
4.6
A stored cross-site scripting (XSS) vulnerability exists in the web interface of Lyrion Music Server
CVE-2025-65797
2025-12-08
MEDIUM
6.5
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an…
CVE-2025-65363
2025-12-08
HIGH
7.2
Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1.x) allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting…
CVE-2025-64081
2025-12-08
CRITICAL
9.8
SQL injection vulnerability in /php/api_patient_schedule.php in SourceCodester Patients Waiting Area Queue Management System v1 allows attackers to execute arbitrary SQL commands via the appointmentID parameter.
CVE-2025-48583
2025-12-08
HIGH
7.8
In multiple functions of BaseBundle.java, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation…
CVE-2025-48580
2025-12-08
HIGH
7.8
In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the…
CVE-2025-61318
2025-12-08
MEDIUM
5.3
Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous…
CVE-2025-48573
2025-12-08
HIGH
7.8
In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could…
CVE-2025-48631
2025-12-08
HIGH
7.5
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution…
CVE-2025-48629
2025-12-08
HIGH
7.8
In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app due to an insecure default value. This could lead to local escalation…
CVE-2025-48628
2025-12-08
HIGH
7.8
In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution…
CVE-2025-48627
2025-12-08
HIGH
7.8
In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to…
CVE-2025-48626
2025-12-08
CRITICAL
9.8
In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of…
CVE-2025-48620
2025-12-08
HIGH
7.8
In onSomePackagesChanged of VoiceInteractionManagerService.java, there is a possible way for a third party application's component name to persist even after uninstalling due to a logic error in the…
CVE-2025-48614
2025-12-08
MEDIUM
4.6
In rebootWipeUserData of RecoverySystem.java, there is a possible way to factory reset the device while in DSU mode due to a missing permission check. This could lead to…
CVE-2025-48610
2025-12-08
MEDIUM
5.5
In __pkvm_guest_relinquish_to_host of mem_protect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information disclosure with no…
CVE-2025-48607
2025-12-08
MEDIUM
5.5
In multiple locations, there is a possible way to create a large amount of app ops due to a logic error in the code. This could lead to…
CVE-2025-48606
2025-12-08
HIGH
7.8
In preparePackage of InstallPackageHelper.java, there is a possible way for an app to appear hidden upon installation without a mechanism to uninstall it due to a logic error…
CVE-2025-48604
2025-12-08
MEDIUM
5.5
In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with…
CVE-2025-48603
2025-12-08
MEDIUM
5.5
In InputMethodInfo of InputMethodInfo.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution…
CVE-2025-48600
2025-12-08
MEDIUM
5.5
In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no…
CVE-2025-48599
2025-12-08
HIGH
7.8
In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation…
CVE-2025-48592
2025-12-08
HIGH
7.5
In initDecoder of C2SoftDav1dDec.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional…
CVE-2025-48591
2025-12-08
MEDIUM
5.5
In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with…
CVE-2025-48590
2025-12-08
MEDIUM
5.5
In verifyAndGetBypass of AppOpsService.java, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to resource exhaustion. This could lead…
CVE-2025-48589
2025-12-08
HIGH
7.8
In multiple functions of HeaderPrivacyIconsController.kt, there is a possible way to grand permissions across user due to a logic error in the code. This could lead to local…
CVE-2025-48588
2025-12-08
HIGH
7.8
In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic error in the code. This could lead to local escalation of…
CVE-2025-48586
2025-12-08
HIGH
7.8
In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to local escalation of…
CVE-2025-48584
2025-12-08
MEDIUM
5.5
In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial of service with…
CVE-2025-48576
2025-12-08
MEDIUM
5.5
In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution…
CVE-2025-48575
2025-12-08
HIGH
7.8
In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of privilege with no…
CVE-2025-48566
2025-12-08
HIGH
7.8
In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation. This could lead to local escalation of…
CVE-2025-48565
2025-12-08
HIGH
7.8
In multiple locations, there is a possible way to bypass the cross profile intent filter due to a logic error in the code. This could lead to local…
CVE-2025-48564
2025-12-08
HIGH
7.0
In multiple locations, there is a possible intent filter bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges…
CVE-2025-48555
2025-12-08
HIGH
7.8
In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege with no additional…
CVE-2025-48536
2025-12-08
HIGH
7.8
In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could lead to local…
CVE-2025-48525
2025-12-08
HIGH
7.8
In disassociate of DisassociationProcessor.java, there is a possible way for an app to continue reading notifications when not associated to a companion device due to improper input validation.…
CVE-2025-32329
2025-12-08
HIGH
7.8
In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the…
CVE-2025-32328
2025-12-08
HIGH
7.8
In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the…
CVE-2025-32319
2025-12-08
MEDIUM
6.7
In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a permissions bypass. This could lead to local escalation…
CVE-2025-22432
2025-12-08
MEDIUM
6.7
In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with…
CVE-2025-22420
2025-12-08
HIGH
7.8
In multiple locations, there is a possible way to leak audio files across user profiles due to a confused deputy. This could lead to local escalation of privilege…
CVE-2025-65230
2025-12-08
N/A
0.0
Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting (XSS) vulnerability in the Web UI Configuration Streaming Destination input.
« Anterior
Página 242 de 3933
Siguiente »
Page load link
Go to Top
