Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-22438 2025-09-02 HIGH 7.8 In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…
CVE-2025-22437 2025-09-02 HIGH 7.8 In setMediaButtonReceiver of multiple files, there is a possible way to launch arbitrary activities from background due to a logic error in the code. This could lead to…
CVE-2025-22435 2025-09-02 CRITICAL 9.8 In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges…
CVE-2025-22434 2025-09-02 HIGH 7.8 In handleKeyGestureEvent of PhoneWindowManager.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to local escalation of privilege with…
CVE-2025-22433 2025-09-02 HIGH 7.8 In canForward of IntentForwarderActivity.java, there is a possible bypass of the cross profile intent filter most commonly used in Work Profile scenarios due to a logic error in…
CVE-2025-22431 2025-09-02 MEDIUM 5.5 In multiple locations, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to a logic error in the code.…
CVE-2025-22430 2025-09-02 MEDIUM 5.5 In isInSignificantPlace of multiple files, there is a possible way to access sensitive information due to a missing permission check. This could lead to local information disclosure with…
CVE-2025-22429 2025-09-02 CRITICAL 9.8 In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege…
CVE-2025-22428 2025-09-02 HIGH 7.8 In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible way to grant permissions to an app on the secondary user from the primary user due to a logic error…
CVE-2025-22427 2025-09-02 HIGH 7.3 In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead…
CVE-2025-22423 2025-09-02 HIGH 7.5 In ParseTag of dng_ifd.cpp, there is a possible way to crash the image renderer due to a missing bounds check. This could lead to remote denial of service…
CVE-2025-22422 2025-09-02 HIGH 7.8 In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another…
CVE-2025-22421 2025-09-02 MEDIUM 5.5 In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lockscreen due to a logic error in the code. This could lead to local information…
CVE-2025-22419 2025-09-02 HIGH 7.3 In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack. This could lead to local…
CVE-2025-22418 2025-09-02 HIGH 7.8 In multiple locations, there is a possible confused deputy due to Intent Redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User…
CVE-2025-21031 2025-09-03 MEDIUM 6.8 Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs.
CVE-2024-49730 2025-09-02 HIGH 7.8 In FuseDaemon.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed.…
CVE-2024-49728 2025-09-02 MEDIUM 5.5 In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution…
CVE-2024-43166 2025-09-03 CRITICAL 9.8 Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.
CVE-2024-43115 2025-09-03 HIGH 8.8 Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are…
CVE-2024-49722 2025-09-02 MEDIUM 5.5 In showAvatarPicker of EditUserPhotoController.java, there is a possible cross user image leak due to a confused deputy. This could lead to local information disclosure with no additional execution…
CVE-2024-49720 2025-09-02 HIGH 7.8 In multiple functions of Permissions.java, there is a possible way to override the state of the user's location permissions due to a logic error in the code. This…
CVE-2024-40653 2025-09-02 HIGH 7.3 In multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a logic error in the code. This could…
CVE-2023-21476 2025-09-03 HIGH 8.0 Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.
CVE-2023-21475 2025-09-03 HIGH 8.0 Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.
CVE-2023-21473 2025-09-03 MEDIUM 6.8 Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.
CVE-2023-21472 2025-09-03 MEDIUM 6.8 Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.
CVE-2023-21471 2025-09-03 MEDIUM 4.0 Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission.
CVE-2023-21467 2025-09-03 MEDIUM 4.6 Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message.
CVE-2023-21466 2025-09-03 MEDIUM 5.3 PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission.
CVE-2025-9824 2025-09-03 MEDIUM 5.9 ImpactThe attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker…
CVE-2025-9823 2025-09-03 N/A 0.0 SummaryA Cross-Site Scripting (XSS) vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in…
CVE-2025-58644 2025-09-03 HIGH 7.2 Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes - TQL Edition allows Object Injection. This issue affects LTL Freight Quotes - TQL Edition: from n/a through…
CVE-2025-58643 2025-09-03 HIGH 7.2 Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Daylight Edition allows Object Injection. This issue affects LTL Freight Quotes – Daylight Edition: from n/a through…
CVE-2025-58642 2025-09-03 HIGH 7.2 Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day & Ross Edition allows Object Injection. This issue affects LTL Freight Quotes – Day & Ross…
CVE-2025-58641 2025-09-03 MEDIUM 5.4 Server-Side Request Forgery (SSRF) vulnerability in kamleshyadav Exit Intent Popup allows Server Side Request Forgery. This issue affects Exit Intent Popup: from n/a through 1.0.1.
CVE-2025-58640 2025-09-03 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MatrixAddons Document Engine allows Stored XSS. This issue affects Document Engine: from n/a through 1.2.
CVE-2025-58639 2025-09-03 MEDIUM 5.4 Missing Authorization vulnerability in Ali Khallad Contact Form By Mega Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form By Mega Forms: from…
CVE-2025-58637 2025-09-03 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart allows PHP Local File Inclusion. This issue affects immonex…
CVE-2025-58635 2025-09-03 MEDIUM 5.3 Missing Authorization vulnerability in PalsCode Support Genix allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Support Genix: from n/a through 1.4.23.
CVE-2025-58634 2025-09-03 MEDIUM 5.3 Missing Authorization vulnerability in peachpay PeachPay Payments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PeachPay Payments: from n/a through 1.117.4.
CVE-2025-58633 2025-09-03 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro allows Stored XSS. This issue affects Booking Ultra Pro: from n/a through…
CVE-2025-58632 2025-09-03 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dadevarzan Dadevarzan WordPress Common allows Stored XSS. This issue affects Dadevarzan WordPress Common: from n/a through…
CVE-2025-58631 2025-09-03 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZEEN101 IssueM allows DOM-Based XSS. This issue affects IssueM: from n/a through 2.9.0.
CVE-2025-58630 2025-09-03 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rbaer Simple Matomo Tracking Code allows Stored XSS. This issue affects Simple Matomo Tracking Code: from…
CVE-2025-58626 2025-09-03 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RumbleTalk RumbleTalk Live Group Chat allows Stored XSS. This issue affects RumbleTalk Live Group Chat: from…
CVE-2025-58625 2025-09-03 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS. This issue affects WP Flow Plus: from n/a…
CVE-2025-58624 2025-09-03 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in falselight Exchange Rates allows Stored XSS. This issue affects Exchange Rates: from n/a through 1.2.5.
CVE-2025-58623 2025-09-03 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bohemia Plugins Event Feed for Eventbrite allows DOM-Based XSS. This issue affects Event Feed for Eventbrite:…
CVE-2025-58622 2025-09-03 MEDIUM 4.3 Missing Authorization vulnerability in yydevelopment Mobile Contact Line allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile Contact Line: from n/a through 2.4.0.
« Anterior Página 867 de 4304 Siguiente »