Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-26428
2025-09-04
LOW
3.2
In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to physical escalation of privilege with…
CVE-2025-36890
2025-09-04
CRITICAL
9.8
Elevation of Privilege
CVE-2025-26427
2025-09-04
MEDIUM
4.4
In multiple locations, there is a possible Android/data access due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges…
CVE-2025-26426
2025-09-04
MEDIUM
5.1
In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "android" package due to improper input validation. This could lead to local escalation…
CVE-2025-26425
2025-09-04
MEDIUM
4.0
In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege…
CVE-2025-26424
2025-09-04
MEDIUM
4.0
In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with…
CVE-2025-26423
2025-09-04
MEDIUM
6.2
In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a permanent DoS due to a missing bounds check. This could lead to local escalation of privilege…
CVE-2025-26422
2025-09-04
MEDIUM
4.0
In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. This could lead to local escalation…
CVE-2025-26421
2025-09-04
MEDIUM
4.0
In multiple locations, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no…
CVE-2025-26420
2025-09-04
MEDIUM
4.4
In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to…
CVE-2025-22425
2025-09-04
MEDIUM
5.1
In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges…
CVE-2025-0087
2025-09-04
MEDIUM
5.1
In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. This could lead to local escalation of…
CVE-2025-0077
2025-09-04
MEDIUM
4.0
In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with no additional…
CVE-2024-49739
2025-09-04
MEDIUM
4.0
In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional…
CVE-2023-35657
2025-09-04
MEDIUM
4.0
In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion. This could lead to local information disclosure with no additional execution privileges…
CVE-2025-41032
2025-09-04
CRITICAL
9.8
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in…
CVE-2025-41033
2025-09-04
CRITICAL
9.8
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in…
CVE-2025-41034
2025-09-04
CRITICAL
9.8
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in…
CVE-2025-41035
2025-09-04
MEDIUM
6.5
A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any…
CVE-2025-41036
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the …
CVE-2025-41037
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[FileManager][search]'…
CVE-2025-41038
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Group][name]'…
CVE-2025-41039
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][admin_landing_page]',…
CVE-2025-41040
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]',…
CVE-2025-41041
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]',…
CVE-2025-41042
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Option][message]',…
CVE-2025-41043
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[AppReportCode][id]'…
CVE-2025-41044
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Page][name]'…
CVE-2025-41045
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][ethical_licensekey]'…
CVE-2025-41046
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-41047
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-41048
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-41049
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-41050
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-41051
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-9636
2025-09-04
HIGH
7.9
pgAdmin
CVE-2025-32312
2025-09-04
N/A
0.0
In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe…
CVE-2025-26463
2025-09-04
N/A
0.0
In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution…
CVE-2025-26462
2025-09-04
N/A
0.0
In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional…
CVE-2025-26458
2025-09-04
N/A
0.0
In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege…
CVE-2025-26456
2025-09-04
N/A
0.0
In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due to a logic error in the code. This could lead to local permanent…
CVE-2025-26455
2025-09-04
N/A
0.0
In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with…
CVE-2025-26453
2025-09-04
N/A
0.0
In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with…
CVE-2025-26452
2025-09-04
N/A
0.0
In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. This could lead to local escalation of…
CVE-2025-26450
2025-09-04
N/A
0.0
In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission…
CVE-2025-26449
2025-09-04
N/A
0.0
In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges…
CVE-2025-26448
2025-09-04
N/A
0.0
In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges…
CVE-2025-26445
2025-09-04
N/A
0.0
In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This could lead to local information disclosure with no additional…
CVE-2025-26444
2025-09-04
N/A
0.0
In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is forcibly stopped…
CVE-2025-26443
2025-09-04
N/A
0.0
In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could…
« Anterior
Página 496 de 3939
Siguiente »
Page load link
Go to Top
