CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-52482 Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious ... | 8.3 | HIGH | — | 0 |
| CVE-2025-58107 In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-m... | 7.5 | HIGH | — | 0 |
| CVE-2026-23600 A remote authentication bypass vulnerability exists in HPE AutoPass License Server (APLS). | N/A | NONE | — | 0 |
| CVE-2026-26884 Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view_appointment.php. | 2.7 | LOW | — | 0 |
| CVE-2025-50193 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. This is... | 7.2 | HIGH | — | 0 |
| CVE-2025-50194 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. This issue has been patched in version 1.11.3... | 7.2 | HIGH | — | 0 |
| CVE-2025-50195 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in versio... | 7.2 | HIGH | — | 0 |
| CVE-2025-50196 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. This ... | 7.2 | HIGH | — | 0 |
| CVE-2025-50197 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. This iss... | 7.2 | HIGH | — | 0 |
| CVE-2025-50198 Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST cou... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-50199 Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched in version 1.11.30. | 9.1 | CRITICAL | — | 0 |
| CVE-2026-28403 Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server (`ws://127.0.0.1:<httpPort+1>`) accepts connections from any origin without validating the HTTP... | 7.6 | HIGH | — | 0 |
| CVE-2026-28412 Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-47371 Transient DOS when an LTE RLC packet with invalid TB is received by UE. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-47373 Memory Corruption when accessing buffers with invalid length during TA invocation. | 7.8 | HIGH | — | 0 |
| CVE-2025-47375 Memory corruption while handling different IOCTL calls from the user-space simultaneously. | 7.8 | HIGH | — | 0 |
| CVE-2025-47376 Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. | 7.8 | HIGH | — | 0 |
| CVE-2025-47377 Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls. | 7.8 | HIGH | — | 0 |
| CVE-2025-47378 Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain. | 7.1 | HIGH | — | 0 |
| CVE-2024-31328 In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. T... | 8.8 | HIGH | — | 0 |
| CVE-2024-43766 In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invalid error handling. This could lead to remote (proximal/adjacent) information disclosure with no addit... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-32313 In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges n... | 8.4 | HIGH | — | 0 |
| CVE-2025-48567 In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation... | 7.8 | HIGH | — | 0 |
| CVE-2025-48568 In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ... | 7.4 | HIGH | — | 0 |
| CVE-2025-48574 In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privileg... | 8.4 | HIGH | — | 0 |
| CVE-2025-48605 In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional executio... | 8.4 | HIGH | — | 0 |
| CVE-2025-48609 In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to lo... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-48613 In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege w... | 7.8 | HIGH | — | 0 |
| CVE-2025-48619 In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privi... | 8.4 | HIGH | — | 0 |
| CVE-2025-48630 In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no addi... | 7.4 | HIGH | — | 0 |
| CVE-2025-48634 In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution priv... | 7.3 | HIGH | — | 0 |
| CVE-2025-48635 In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additi... | 7.7 | HIGH | — | 0 |
| CVE-2025-48641 In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User intera... | 7.0 | HIGH | — | 0 |
| CVE-2025-48642 In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges n... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-48644 In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. Use... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-48645 In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privi... | 7.8 | HIGH | — | 0 |
| CVE-2025-48646 In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed... | 7.8 | HIGH | — | 0 |
| CVE-2026-0025 In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution ... | 8.4 | HIGH | — | 0 |
| CVE-2026-0026 In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege ... | 7.8 | HIGH | — | 0 |
| CVE-2026-0027 In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User int... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-0028 In __pkvm_host_share_guest of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privilege... | 8.4 | HIGH | — | 0 |
| CVE-2026-0029 In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. Us... | 8.4 | HIGH | — | 0 |
| CVE-2026-0030 In __host_check_page_state_range of mem_protect.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional executi... | 8.4 | HIGH | — | 0 |
| CVE-2026-26712 code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-0047 In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege... | 8.4 | HIGH | — | 0 |
| CVE-2026-26709 code-projects Simple Gym Management System v1.0 is vulnerable to SQL Injection in /gym/trainer_search.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-26710 code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-26711 code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-25884 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability ... | 8.1 | HIGH | — | 0 |
| CVE-2026-22455 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree Thebe thebe allows Reflected XSS.This issue affects Thebe: from n/a through <= 1.3... | 7.1 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.