Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-48554
2025-09-04
MEDIUM
6.1
In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service…
CVE-2025-48553
2025-09-04
N/A
0.0
In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible DoS of a device admin due to a logic error in the code. This could lead to local escalation of…
CVE-2025-48552
2025-09-04
N/A
0.0
In saveGlobalProxyLocked of DevicePolicyManagerService.java, there is a possible way to desync from persistence due to a logic error in the code. This could lead to local escalation of…
CVE-2025-48551
2025-09-04
MEDIUM
5.0
In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information…
CVE-2025-48550
2025-09-04
MEDIUM
5.5
In testGrantSlicePermission of SliceManagerTest.java, there is a possible permanent denial of service due to a path traversal error. This could lead to local denial of service with no…
CVE-2025-48549
2025-09-04
HIGH
7.8
In multiple locations, there is a possible way to record audio via a background app due to a missing permission check. This could lead to local escalation of…
CVE-2025-48548
2025-09-04
HIGH
7.3
In multiple functions of AppOpsControllerImpl.java, there is a possible way to record audio without displaying the privacy indicator due to a race condition. This could lead to local…
CVE-2025-48547
2025-09-04
N/A
0.0
In multiple locations, there is a possible one-time permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no…
CVE-2025-48546
2025-09-04
N/A
0.0
In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with…
CVE-2025-48545
2025-09-04
MEDIUM
5.5
In isSystemUid of AccountManagerService.java, there is a possible way for an app to access privileged APIs due to a confused deputy. This could lead to local privilege escalation…
CVE-2025-48544
2025-09-04
HIGH
7.8
In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with…
CVE-2025-48542
2025-09-04
MEDIUM
5.5
In multiple functions of AccountManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional…
CVE-2025-48541
2025-09-04
HIGH
7.8
In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user profiles due to improper input validation. This could lead to local escalation of…
CVE-2025-48540
2025-09-04
HIGH
7.8
In processTransactInternal of RpcState.cpp, there is a possible local out of memory write due to a logic error in the code. This could lead to local escalation of…
CVE-2025-48539
2025-09-04
HIGH
8.0
In SendPacketToPeer of acl_arbiter.cc, there is a possible out of bounds read due to a use after free. This could lead to remote (proximal/adjacent) code execution with no…
CVE-2025-48538
2025-09-04
MEDIUM
5.5
In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service…
CVE-2025-48537
2025-09-04
HIGH
7.1
In multiple locations, there is a possible way to persistently DoS the device due to improper input validation. This could lead to local information disclosure with no additional…
CVE-2025-48535
2025-09-04
HIGH
7.8
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java , there is a possible way to exploit a parcel mismatch resulting in a launch anywhere vulnerability due to unsafe deserialization. This could lead…
CVE-2025-48534
2025-09-04
HIGH
8.8
In getDefaultCBRPackageName of CellBroadcastHandler.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local denial of service with…
CVE-2025-48533
2025-09-04
HIGH
7.0
In multiple locations, there is a possible way to use apps linked from a context menu of a lockscreen app due to a race condition. This could lead…
CVE-2025-48532
2025-09-04
HIGH
7.3
In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a confused deputy. This could lead to local escalation of privilege with…
CVE-2025-48531
2025-09-04
HIGH
7.8
In getCallingPackageName of CredentialStorage, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no…
CVE-2025-48530
2025-09-04
HIGH
8.1
In multiple locations, there is a possible condition that results in OOB accesses due to an incorrect bounds check. This could lead to remote code execution in combination…
CVE-2025-48529
2025-09-04
MEDIUM
5.5
In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. This could lead to local information disclosure with no additional…
CVE-2025-58440
2025-09-05
N/A
0.0
Rejected reason: The unisharp/laravel-filemanager is a separate project, unrelated to laravel-filemanager.
CVE-2025-48543
2025-09-04
HIGH
8.8
In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation…
CVE-2025-26438
2025-09-04
HIGH
8.8
In smp_process_secure_connection_oob_data of smp_act.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege…
CVE-2025-26429
2025-09-04
MEDIUM
5.5
In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper input validation. This could lead to local denial of service with no…
CVE-2025-57576
2025-09-04
MEDIUM
5.4
PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) in /admin/updateorder.php.
CVE-2025-36909
2025-09-04
MEDIUM
5.3
Information disclosure
CVE-2025-26428
2025-09-04
LOW
3.2
In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to physical escalation of privilege with…
CVE-2025-36890
2025-09-04
CRITICAL
9.8
Elevation of Privilege
CVE-2025-26427
2025-09-04
MEDIUM
4.4
In multiple locations, there is a possible Android/data access due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges…
CVE-2025-26426
2025-09-04
MEDIUM
5.1
In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "android" package due to improper input validation. This could lead to local escalation…
CVE-2025-26425
2025-09-04
MEDIUM
4.0
In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege…
CVE-2025-26424
2025-09-04
MEDIUM
4.0
In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with…
CVE-2025-26423
2025-09-04
MEDIUM
6.2
In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a permanent DoS due to a missing bounds check. This could lead to local escalation of privilege…
CVE-2025-26422
2025-09-04
MEDIUM
4.0
In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. This could lead to local escalation…
CVE-2025-26421
2025-09-04
MEDIUM
4.0
In multiple locations, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with no…
CVE-2025-26420
2025-09-04
MEDIUM
4.4
In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to…
CVE-2025-22425
2025-09-04
MEDIUM
5.1
In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges…
CVE-2025-0087
2025-09-04
MEDIUM
5.1
In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. This could lead to local escalation of…
CVE-2025-0077
2025-09-04
MEDIUM
4.0
In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with no additional…
CVE-2024-49739
2025-09-04
MEDIUM
4.0
In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional…
CVE-2023-35657
2025-09-04
MEDIUM
4.0
In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion. This could lead to local information disclosure with no additional execution privileges…
CVE-2025-41032
2025-09-04
CRITICAL
9.8
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in…
CVE-2025-41033
2025-09-04
CRITICAL
9.8
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in…
CVE-2025-41034
2025-09-04
CRITICAL
9.8
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in…
CVE-2025-41035
2025-09-04
MEDIUM
6.5
A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any…
CVE-2025-41036
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the …
« Anterior
Página 861 de 4304
Siguiente »
Page load link
Go to Top
