Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-58695 2025-09-04 N/A 0.0 Rejected reason: Not used
CVE-2025-58694 2025-09-04 N/A 0.0 Rejected reason: Not used
CVE-2025-58171 2025-09-04 N/A 0.0 Rejected reason: This CVE is a duplicate of another CVE.
CVE-2025-57146 2025-09-03 LOW 3.8 phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter.
CVE-2025-56608 2025-09-03 MEDIUM 4.2 The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. The `handleDigest()` function employs `MessageDigest.getInstance("MD5")` to hash credentials. MD5 is a…
CVE-2023-3666 2025-09-03 LOW 3.3 The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2025-57148 2025-09-03 CRITICAL 9.1 phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation.
CVE-2025-57147 2025-09-03 HIGH 7.5 A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including fullname, email, and…
CVE-2025-57052 2025-09-03 CRITICAL 9.8 cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON…
CVE-2025-22417 2025-09-02 HIGH 7.3 In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with…
CVE-2025-22416 2025-09-02 HIGH 7.8 In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege…
CVE-2025-9845 2025-09-03 LOW 3.5 A vulnerability has been found in code-projects Fruit Shop Management System 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. Such manipulation of the…
CVE-2025-9835 2025-09-02 MEDIUM 4.3 A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to…
CVE-2025-9834 2025-09-02 LOW 3.5 A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /registration.php. Executing manipulation of the argument Username…
CVE-2025-9833 2025-09-02 HIGH 7.3 A vulnerability was detected in SourceCodester Online Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/login.php. Performing manipulation of the argument…
CVE-2025-9830 2025-09-02 HIGH 7.3 A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/add-customer-services.php. The manipulation of the argument sids[]…
CVE-2025-58460 2025-09-03 MEDIUM 4.2 A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through…
CVE-2025-58459 2025-09-03 MEDIUM 4.3 Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs.
CVE-2025-58458 2025-09-03 MEDIUM 4.3 In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying…
CVE-2025-58176 2025-09-03 HIGH 8.8 Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered…
CVE-2025-48876 2025-09-03 N/A 0.0 Rejected reason: This CVE is a duplicate of another CVE.
CVE-2025-26416 2025-09-02 CRITICAL 9.8 In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no…
CVE-2025-22442 2025-09-02 HIGH 7.0 In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead…
CVE-2025-22439 2025-09-02 HIGH 7.3 In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation…
CVE-2025-22438 2025-09-02 HIGH 7.8 In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…
CVE-2025-22437 2025-09-02 HIGH 7.8 In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to…
CVE-2025-22435 2025-09-02 CRITICAL 9.8 In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges…
CVE-2025-22434 2025-09-02 HIGH 7.8 In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with…
CVE-2025-22433 2025-09-02 HIGH 7.8 In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in…
CVE-2025-22431 2025-09-02 MEDIUM 5.5 In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code.…
CVE-2025-22430 2025-09-02 MEDIUM 5.5 In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. This could lead to local information disclosure with…
CVE-2025-22429 2025-09-02 CRITICAL 9.8 In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege…
CVE-2025-22428 2025-09-02 HIGH 7.8 In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error…
CVE-2025-22427 2025-09-02 HIGH 7.3 In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead…
CVE-2025-22423 2025-09-02 HIGH 7.5 In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service…
CVE-2025-22422 2025-09-02 HIGH 7.8 In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another…
CVE-2025-22421 2025-09-02 MEDIUM 5.5 In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lockscreen due to a logic error in the code. This could lead to local information…
CVE-2025-22419 2025-09-02 HIGH 7.3 In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack. This could lead to local…
CVE-2025-22418 2025-09-02 HIGH 7.8 In multiple locations, there is a possible confused deputy due to Intent Redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User…
CVE-2025-21031 2025-09-03 MEDIUM 6.8 Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs.
CVE-2024-49730 2025-09-02 HIGH 7.8 In FuseDaemon.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed.…
CVE-2024-49728 2025-09-02 MEDIUM 5.5 In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution…
CVE-2024-43166 2025-09-03 CRITICAL 9.8 Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.
CVE-2024-43115 2025-09-03 HIGH 8.8 Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are…
CVE-2024-49722 2025-09-02 MEDIUM 5.5 In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. This could lead to local information disclosure with no additional execution…
CVE-2024-49720 2025-09-02 HIGH 7.8 In multiple functions of Permissions.java, there is a possible way to override the state of the user's location permissions due to a logic error in the code. This…
CVE-2024-40653 2025-09-02 HIGH 7.3 In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could…
CVE-2023-21476 2025-09-03 HIGH 8.0 Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.
CVE-2023-21475 2025-09-03 HIGH 8.0 Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.
CVE-2023-21473 2025-09-03 MEDIUM 6.8 Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.
« Anterior Página 501 de 3939 Siguiente »