Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-52564 Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as under... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-52998 Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classe... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-66880 Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp (Module 2093) and SignupComp (Module 2094) mod... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0689 In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTT... | N/A | NONE | — | 0 |
| CVE-2026-24101 An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24110 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule,... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24112 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-47381 Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs. | 7.8 | HIGH | — | 0 |
| CVE-2025-47383 Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE. | 7.2 | HIGH | — | 0 |
| CVE-2025-47384 Transient DOS when MAC configures config id greater than supported maximum value. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-47385 Memory Corruption when accessing trusted execution environment without proper privilege check. | 7.8 | HIGH | — | 0 |
| CVE-2025-47386 Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs. | 7.8 | HIGH | — | 0 |
| CVE-2025-59600 Memory Corruption when adding user-supplied data without checking available buffer space. | 7.8 | HIGH | — | 0 |
| CVE-2025-59603 Memory Corruption when processing invalid user address with nonstandard buffer address. | 7.8 | HIGH | — | 0 |
| CVE-2025-64427 ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticate... | 7.1 | HIGH | — | 0 |
| CVE-2026-28358 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint returned different responses for registered and unregistered emails, allowing user enu... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-28359 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Editor role can inject arbitrary HTML into Rich Text cells by bypassing the TipTap edito... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-28360 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issu... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-28361 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-28396 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refre... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-28397 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html without sanitization enable stored XSS. This issue has been patched in version 0.301.3... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-28398 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stor... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-28399 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This iss... | 8.8 | HIGH | — | 0 |
| CVE-2024-31328 In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. T... | 8.8 | HIGH | — | 0 |
| CVE-2024-43766 In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invalid error handling. This could lead to remote (proximal/adjacent) information disclosure with no addit... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-32313 In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges n... | 8.4 | HIGH | — | 0 |
| CVE-2025-48567 In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation... | 7.8 | HIGH | — | 0 |
| CVE-2025-48568 In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ... | 7.4 | HIGH | — | 0 |
| CVE-2025-48574 In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privileg... | 8.4 | HIGH | — | 0 |
| CVE-2025-48578 In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege... | 7.8 | HIGH | — | 0 |
| CVE-2025-48579 In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional ... | 8.4 | HIGH | — | 0 |
| CVE-2025-48582 In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additi... | 8.4 | HIGH | — | 0 |
| CVE-2025-48585 In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional executi... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-48587 In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional executi... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-48602 In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privil... | 8.4 | HIGH | — | 0 |
| CVE-2025-48636 In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no addit... | 8.4 | HIGH | — | 0 |
| CVE-2025-48641 In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User intera... | 7.0 | HIGH | — | 0 |
| CVE-2025-48642 In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges n... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-48644 In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. Use... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-48645 In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privi... | 7.8 | HIGH | — | 0 |
| CVE-2025-48646 In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed... | 7.8 | HIGH | — | 0 |
| CVE-2026-0010 In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges... | 8.4 | HIGH | — | 0 |
| CVE-2026-0011 In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a logic error in the code. This could lead to local escalation of privilege with no a... | 8.4 | HIGH | — | 0 |
| CVE-2026-0012 In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due to a logic error in the code. This could lead to local information disclosure with no additional ex... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-0013 In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional ex... | 8.4 | HIGH | — | 0 |
| CVE-2026-0014 In isPackageNullOrSystem of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional executi... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-0015 In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution ... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-0025 In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution ... | 8.4 | HIGH | — | 0 |
| CVE-2026-0026 In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege ... | 7.8 | HIGH | — | 0 |
| CVE-2026-0027 In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User int... | 6.7 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.