Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-32349 2025-09-04 HIGH 7.8 In multiple locations, there is a possible privilege escalation due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed.…
CVE-2025-32347 2025-09-04 HIGH 7.8 In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. This could lead to local escalation of privilege with…
CVE-2025-32346 2025-09-04 HIGH 7.8 In onActivityResult of VoicemailSettingsActivity.java, there is a possible work profile contact number leak due to a confused deputy. This could lead to local escalation of privilege with no…
CVE-2025-32332 2025-09-04 HIGH 7.8 In multiple locations, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges…
CVE-2025-32330 2025-09-04 MEDIUM 5.7 In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote (proximal/adjacent) information…
CVE-2025-32327 2025-09-04 HIGH 7.8 In multiple functions of PickerDbFacade.java, there is a possible unauthorized data access due to SQL injection. This could lead to local escalation of privilege with no additional execution…
CVE-2025-32326 2025-09-04 HIGH 7.8 In multiple functions of AppRestrictionsFragment.java, there is a possible way to bypass intent security check due to a confused deputy. This could lead to local escalation of privilege…
CVE-2025-32325 2025-09-04 HIGH 7.8 In appendFrom of Parcel.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no…
CVE-2025-32324 2025-09-04 HIGH 7.8 In onCommand of ActivityManagerShellCommand.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution…
CVE-2025-32323 2025-09-04 HIGH 7.8 In getCallingAppName of Shared.java, there is a possible way to trick users into granting file access via deceptive text in a permission popup due to improper input validation.…
CVE-2025-30200 2025-09-05 MEDIUM 6.3 ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived.
CVE-2025-30199 2025-09-05 HIGH 7.2 ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.
CVE-2025-30198 2025-09-05 MEDIUM 6.3 ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived.
CVE-2025-32321 2025-09-04 HIGH 7.8 In isSafeIntent of AccountTypePreferenceLoader.java, there is a possible way to bypass an intent type check due to a confused deputy. This could lead to local escalation of privilege…
CVE-2025-26454 2025-09-04 HIGH 7.8 In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. This could lead to local escalation of…
CVE-2025-10014 2025-09-05 LOW 3.1 A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation…
CVE-2025-48528 2025-09-04 MEDIUM 4.0 In multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution…
CVE-2025-48527 2025-09-04 MEDIUM 6.2 In multiple locations, there is a possible way to leak hidden work profile notifications due to a logic error in the code. This could lead to local information…
CVE-2025-48526 2025-09-04 MEDIUM 4.0 In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profile due to improper input validation. This could lead…
CVE-2025-48523 2025-09-04 HIGH 7.8 In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. This could lead to local escalation…
CVE-2025-48522 2025-09-04 N/A 0.0 In setDisplayName of AssociationRequest.java, there is a possible way for an app to retain CDM association due to a logic error in the code. This could lead to…
CVE-2025-32345 2025-09-04 N/A 0.0 In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in…
CVE-2025-32333 2025-09-04 N/A 0.0 In startSpaActivityForApp of SpaActivity.kt, there is a possible cross-user permission bypass due to a logic error in the code. This could lead to local escalation of privilege with…
CVE-2025-32331 2025-09-04 N/A 0.0 In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code. This could lead to local escalation of…
CVE-2025-26464 2025-09-04 N/A 0.0 In executeAppFunction of AppSearchManagerService.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with…
CVE-2025-22441 2025-09-04 HIGH 7.3 In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local…
CVE-2025-0089 2025-09-04 N/A 0.0 In multiple locations, there is a possible way to hijack the Launcher app due to a logic error in the code. This could lead to local escalation of…
CVE-2025-0076 2025-09-04 LOW 3.3 In multiple locations, there is a possible way to view icons belonging to another user due to a missing permission check. This could lead to local information disclosure…
CVE-2024-49714 2025-09-04 HIGH 7.8 In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with…
CVE-2025-9999 2025-09-05 N/A 0.0 Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized…
CVE-2025-9998 2025-09-05 N/A 0.0 The sequence of packets received by a Networking server are not correctly checked. An attacker could exploit this vulnerability to send specially crafted messages to force the application…
CVE-2025-58628 2025-09-05 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous allows Blind SQL Injection. This issue affects Miraculous: from n/a through n/a.
CVE-2025-58214 2025-09-05 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Indutri allows PHP Local File Inclusion. This issue affects Indutri: from…
CVE-2025-58206 2025-09-05 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MaxCoach allows PHP Local File Inclusion. This issue affects MaxCoach: from…
CVE-2025-57889 2025-09-05 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 InPost Gallery allows PHP Local File Inclusion. This issue affects InPost…
CVE-2025-54744 2025-09-05 MEDIUM 6.5 Missing Authorization vulnerability in Stylemix MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MasterStudy LMS: from n/a through 3.6.15.
CVE-2025-53571 2025-09-05 MEDIUM 6.5 Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.6.
CVE-2025-53307 2025-09-05 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brent Jett Assistant allows Reflected XSS. This issue affects Assistant: from n/a through 1.5.2.
CVE-2025-49401 2025-09-05 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in ExpressTech Systems Quiz And Survey Master allows Object Injection. This issue affects Quiz And Survey Master: from n/a through 10.2.5.
CVE-2025-48317 2025-09-05 HIGH 7.5 Path Traversal vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay allows Path Traversal. This issue affects WooCommerce Payment Gateway for Saferpay: from n/a through 0.4.9.
CVE-2025-48105 2025-09-05 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vincent Boiardt Easy Flash Embed allows Stored XSS. This issue affects Easy Flash Embed: from n/a…
CVE-2025-48104 2025-09-05 HIGH 7.1 Cross-Site Request Forgery (CSRF) vulnerability in ericzane Floating Window Music Player allows Stored XSS. This issue affects Floating Window Music Player: from n/a through 3.4.2.
CVE-2025-48103 2025-09-05 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mulscully Today's Date Inserter allows Stored XSS. This issue affects Today's Date Inserter: from n/a through…
CVE-2025-48102 2025-09-05 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gourl GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership allows Stored XSS. This issue affects…
CVE-2025-32320 2025-09-05 HIGH 7.8 In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no…
CVE-2025-32318 2025-09-05 HIGH 8.8 In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution…
CVE-2025-32317 2025-09-05 MEDIUM 5.5 In App Widget, there is a possible Information Disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User…
CVE-2025-32316 2025-09-05 MEDIUM 5.5 In gralloc4, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges…
CVE-2025-27003 2025-09-05 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in fullworks Quick Paypal Payments allows Cross Site Request Forgery. This issue affects Quick Paypal Payments: from n/a through 5.7.46.
CVE-2025-26461 2025-09-05 LOW 3.3 In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a…
« Anterior Página 857 de 4304 Siguiente »