Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23813
Total
1705
Critical
7468
High
7599
Medium
CVE ID Severity Score Description Published
CVE-2026-0018 MEDIUM 5.5 In multiple functions of AccessibilityManagerService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of … Jun 01, 2026
CVE-2026-0016 LOW 3.3 In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information … Jun 01, 2026
CVE-2026-0009 MEDIUM 6.2 In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation of privilege with … Jun 01, 2026
CVE-2025-48652 HIGH 7.8 In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to … Jun 01, 2026
CVE-2025-48649 HIGH 7.8 In multiple locations, there is a possible way to reset user-selected permissions selections due to a permissions bypass. This could lead to local escalation of … Jun 01, 2026
CVE-2025-48648 MEDIUM 5.5 In isSameApp of NotificationManagerService.java, there is a possible persistent dos due to resource exhaustion. This could lead to local denial of service with no additional … Jun 01, 2026
CVE-2025-48616 LOW 3.3 In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the … Jun 01, 2026
CVE-2025-48595 HIGH 8.4 In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege … Jun 01, 2026
CVE-2025-48570 HIGH 7.8 In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead … Jun 01, 2026
CVE-2025-32348 HIGH 7.8 In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with … Jun 01, 2026
CVE-2025-26418 MEDIUM 5.9 In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a … Jun 01, 2026
CVE-2025-22426 MEDIUM 5.9 In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could … Jun 01, 2026
CVE-2025-22424 UNKNOWN In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of … Jun 01, 2026
CVE-2019-25716 MEDIUM 6.5 Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending … Jun 01, 2026
CVE-2018-25435 MEDIUM 5.3 ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can … Jun 01, 2026
CVE-2018-25434 HIGH 8.2 WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas_keys parameter. … Jun 01, 2026
CVE-2018-25433 HIGH 8.2 Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through … Jun 01, 2026
CVE-2018-25432 HIGH 8.4 Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft … Jun 01, 2026
CVE-2018-25431 HIGH 7.1 No-Cms 1.0 contains an SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers … Jun 01, 2026
CVE-2018-25430 HIGH 7.1 Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers … Jun 01, 2026
CVE-2018-25429 HIGH 7.1 Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers … Jun 01, 2026
CVE-2018-25428 HIGH 8.2 Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers … Jun 01, 2026
CVE-2018-25427 CRITICAL 9.8 Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address … Jun 01, 2026
CVE-2026-5419 LOW 3.7 A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to … Jun 01, 2026
CVE-2026-49433 MEDIUM 5.0 The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts POST requests without any CSRF protection. If an attacker can trick a logged-in user into clicking a malicious link, the … Jun 01, 2026