Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-54914
2025-09-04
CRITICAL
10.0
Azure Networking Elevation of Privilege Vulnerability
CVE-2025-58361
2025-09-04
CRITICAL
9.3
Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled…
CVE-2025-58353
2025-09-04
HIGH
8.2
Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as r`eplace(/javascript:/gi,…
CVE-2025-32322
2025-09-04
HIGH
7.8
In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. This…
CVE-2025-26439
2025-09-04
HIGH
7.8
In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error…
CVE-2025-22415
2025-09-04
MEDIUM
4.0
In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional…
CVE-2025-22414
2025-09-04
HIGH
7.8
In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of privilege with no…
CVE-2024-49731
2025-09-04
MEDIUM
4.0
In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the…
CVE-2024-40664
2025-09-04
MEDIUM
6.2
In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to…
CVE-2025-48581
2025-09-04
CRITICAL
9.8
In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates through mainline installations due to a logic error in the code. This could lead to…
CVE-2025-48563
2025-09-04
HIGH
7.8
In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional…
CVE-2025-48562
2025-09-04
N/A
0.0
In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed.…
CVE-2025-48561
2025-09-04
N/A
0.0
In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure…
CVE-2025-48560
2025-09-04
MEDIUM
5.5
In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no…
CVE-2025-48559
2025-09-04
MEDIUM
5.5
In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of…
CVE-2025-48558
2025-09-04
HIGH
7.8
In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. This could lead to local…
CVE-2025-48556
2025-09-04
HIGH
7.3
In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to local escalation of privilege with no additional…
CVE-2025-48554
2025-09-04
MEDIUM
6.1
In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service…
CVE-2025-48553
2025-09-04
N/A
0.0
In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. This could lead to local escalation of…
CVE-2025-48552
2025-09-04
N/A
0.0
In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to local escalation of…
CVE-2025-48551
2025-09-04
MEDIUM
5.0
In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information…
CVE-2025-48550
2025-09-04
MEDIUM
5.5
In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. This could lead to local denial of service with no…
CVE-2025-48549
2025-09-04
HIGH
7.8
In multiple locations, there is a possible way to record audio via a background app due to a missing permission check. This could lead to local escalation of…
CVE-2025-48548
2025-09-04
HIGH
7.3
In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. This could lead to local…
CVE-2025-48547
2025-09-04
N/A
0.0
In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no…
CVE-2025-48546
2025-09-04
N/A
0.0
In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with…
CVE-2025-48545
2025-09-04
MEDIUM
5.5
In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation…
CVE-2025-48544
2025-09-04
HIGH
7.8
In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with…
CVE-2025-48542
2025-09-04
MEDIUM
5.5
In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional…
CVE-2025-48541
2025-09-04
HIGH
7.8
In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user profiles due to improper input validation. This could lead to local escalation of…
CVE-2025-48540
2025-09-04
HIGH
7.8
In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a logic error in the code. This could lead to local escalation of…
CVE-2025-48539
2025-09-04
HIGH
8.0
In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote (proximal/adjacent) code execution with no…
CVE-2025-48538
2025-09-04
MEDIUM
5.5
In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service…
CVE-2025-48537
2025-09-04
HIGH
7.1
In multiple locations, there is a possible way to persistently DoS the device due to improper input validation. This could lead to local information disclosure with no additional…
CVE-2025-48535
2025-09-04
HIGH
7.8
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java , there is a possible way to exploit a parcel mismatch resulting in a launch anywhere vulnerability due to unsafe deserialization. This could lead…
CVE-2025-48534
2025-09-04
HIGH
8.8
In getDefaultCBRPackageName of CellBroadcastHandler.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local denial of service with…
CVE-2025-48533
2025-09-04
HIGH
7.0
In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. This could lead…
CVE-2025-48532
2025-09-04
HIGH
7.3
In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a confused deputy. This could lead to local escalation of privilege with…
CVE-2025-48531
2025-09-04
HIGH
7.8
In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no…
CVE-2025-48530
2025-09-04
HIGH
8.1
In multiple locations, there is a possible condition that results in OOB accesses due to an incorrect bounds check. This could lead to remote code execution in combination…
CVE-2025-48529
2025-09-04
MEDIUM
5.5
In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. This could lead to local information disclosure with no additional…
CVE-2025-58440
2025-09-05
N/A
0.0
Rejected reason: The unisharp/laravel-filemanager is a separate project, unrelated to laravel-filemanager.
CVE-2025-48543
2025-09-04
HIGH
8.8
In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation…
CVE-2025-26438
2025-09-04
HIGH
8.8
In smp_process_secure_connection_oob_data of smp_act.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege…
CVE-2025-26429
2025-09-04
MEDIUM
5.5
In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper input validation. This could lead to local denial of service with no…
CVE-2025-57576
2025-09-04
MEDIUM
5.4
PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) in /admin/updateorder.php.
CVE-2025-36909
2025-09-04
MEDIUM
5.3
Information disclosure
CVE-2025-26428
2025-09-04
LOW
3.2
In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to physical escalation of privilege with…
CVE-2025-36890
2025-09-04
CRITICAL
9.8
Elevation of Privilege
CVE-2025-26427
2025-09-04
MEDIUM
4.4
In multiple locations, there is a possible Android/data access due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges…
« Anterior
Página 495 de 3939
Siguiente »
Page load link
Go to Top
