Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-41037
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[FileManager][search]'…
CVE-2025-41038
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Group][name]'…
CVE-2025-41039
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][admin_landing_page]',…
CVE-2025-41040
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]',…
CVE-2025-41041
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[code]',…
CVE-2025-41042
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Option][message]',…
CVE-2025-41043
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[AppReportCode][id]'…
CVE-2025-41044
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Page][name]'…
CVE-2025-41045
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][ethical_licensekey]'…
CVE-2025-41046
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-41047
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-41048
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-41049
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-41050
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-41051
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-9636
2025-09-04
HIGH
7.9
pgAdmin
CVE-2025-32312
2025-09-04
N/A
0.0
In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe…
CVE-2025-26463
2025-09-04
N/A
0.0
In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution…
CVE-2025-26462
2025-09-04
N/A
0.0
In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional…
CVE-2025-26458
2025-09-04
N/A
0.0
In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege…
CVE-2025-26456
2025-09-04
N/A
0.0
In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due to a logic error in the code. This could lead to local permanent…
CVE-2025-26455
2025-09-04
N/A
0.0
In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with…
CVE-2025-26453
2025-09-04
N/A
0.0
In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with…
CVE-2025-26452
2025-09-04
N/A
0.0
In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. This could lead to local escalation of…
CVE-2025-26450
2025-09-04
N/A
0.0
In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission…
CVE-2025-26449
2025-09-04
N/A
0.0
In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges…
CVE-2025-26448
2025-09-04
N/A
0.0
In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges…
CVE-2025-26445
2025-09-04
N/A
0.0
In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This could lead to local information disclosure with no additional…
CVE-2025-26444
2025-09-04
N/A
0.0
In onHandleForceStop of VoiceInteractionManagerService.java, there is a bug that could cause the system to incorrectly revert to the default assistant application when a user-selected assistant is forcibly stopped…
CVE-2025-26443
2025-09-04
N/A
0.0
In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could…
CVE-2025-26442
2025-09-04
N/A
0.0
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible incorrect verification of proper intent filters in NLS due to a logic error in the code. This could lead to…
CVE-2025-26441
2025-09-04
N/A
0.0
In add_attr of sdp_discovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional…
CVE-2025-26440
2025-09-04
N/A
0.0
In multiple functions of CameraService.cpp, there is a possible way to use the camera from the background due to a permissions bypass. This could lead to local escalation…
CVE-2025-26437
2025-09-04
N/A
0.0
In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no…
CVE-2025-26436
2025-09-04
N/A
0.0
In clearAllowBgActivityStarts of PendingIntentRecord.java, there is a possible way for an application to launch an activity from the background due to BAL Bypass. This could lead to local…
CVE-2025-26435
2025-09-04
N/A
0.0
In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in…
CVE-2025-26432
2025-09-04
N/A
0.0
In multiple locations, there is a possible way to persistently DoS the device due to a missing length check. This could lead to local denial of service with…
CVE-2025-26430
2025-09-04
N/A
0.0
In getDestinationForApp of SpaAppBridgeActivity, there is a possible cross-user file reveal due to a logic error in the code. This could lead to local escalation of privilege with…
CVE-2025-41054
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-9939
2025-09-04
LOW
3.5
A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /propertyview.php. Such manipulation of the…
CVE-2025-9940
2025-09-04
LOW
3.5
A vulnerability was detected in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /feature.php. Performing manipulation of the argument msg results in…
CVE-2025-9941
2025-09-04
MEDIUM
6.3
A flaw has been found in CodeAstro Real Estate Management System 1.0. This impacts an unknown function of the file /register.php. Executing manipulation of the argument uimage can…
CVE-2025-9942
2025-09-04
MEDIUM
6.3
A vulnerability has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /submitproperty.php. The manipulation leads to unrestricted upload. The…
CVE-2025-41052
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-41053
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-41055
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-41056
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-41057
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-41058
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
CVE-2025-41059
2025-09-04
MEDIUM
5.4
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Addon][layouts]'…
« Anterior
Página 862 de 4304
Siguiente »
Page load link
Go to Top
