Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23813
Total
1705
Critical
7468
High
7599
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-0018 | MEDIUM | 5.5 | In multiple functions of AccessibilityManagerService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of … | Jun 01, 2026 |
| CVE-2026-0016 | LOW | 3.3 | In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information … | Jun 01, 2026 |
| CVE-2026-0009 | MEDIUM | 6.2 | In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation of privilege with … | Jun 01, 2026 |
| CVE-2025-48652 | HIGH | 7.8 | In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to … | Jun 01, 2026 |
| CVE-2025-48649 | HIGH | 7.8 | In multiple locations, there is a possible way to reset user-selected permissions selections due to a permissions bypass. This could lead to local escalation of … | Jun 01, 2026 |
| CVE-2025-48648 | MEDIUM | 5.5 | In isSameApp of NotificationManagerService.java, there is a possible persistent dos due to resource exhaustion. This could lead to local denial of service with no additional … | Jun 01, 2026 |
| CVE-2025-48616 | LOW | 3.3 | In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the … | Jun 01, 2026 |
| CVE-2025-48595 | HIGH | 8.4 | In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege … | Jun 01, 2026 |
| CVE-2025-48570 | HIGH | 7.8 | In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead … | Jun 01, 2026 |
| CVE-2025-32348 | HIGH | 7.8 | In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with … | Jun 01, 2026 |
| CVE-2025-26418 | MEDIUM | 5.9 | In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a … | Jun 01, 2026 |
| CVE-2025-22426 | MEDIUM | 5.9 | In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could … | Jun 01, 2026 |
| CVE-2025-22424 | UNKNOWN | — | In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of … | Jun 01, 2026 |
| CVE-2019-25716 | MEDIUM | 6.5 | Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending … | Jun 01, 2026 |
| CVE-2018-25435 | MEDIUM | 5.3 | ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can … | Jun 01, 2026 |
| CVE-2018-25434 | HIGH | 8.2 | WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas_keys parameter. … | Jun 01, 2026 |
| CVE-2018-25433 | HIGH | 8.2 | Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through … | Jun 01, 2026 |
| CVE-2018-25432 | HIGH | 8.4 | Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft … | Jun 01, 2026 |
| CVE-2018-25431 | HIGH | 7.1 | No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers … | Jun 01, 2026 |
| CVE-2018-25430 | HIGH | 7.1 | Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers … | Jun 01, 2026 |
| CVE-2018-25429 | HIGH | 7.1 | Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers … | Jun 01, 2026 |
| CVE-2018-25428 | HIGH | 8.2 | Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers … | Jun 01, 2026 |
| CVE-2018-25427 | CRITICAL | 9.8 | Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address … | Jun 01, 2026 |
| CVE-2026-5419 | LOW | 3.7 | A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to … | Jun 01, 2026 |
| CVE-2026-49433 | MEDIUM | 5.0 | The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts POST requests without any CSRF protection. If an attacker can trick a logged-in user into clicking a malicious link, the … | Jun 01, 2026 |