Total
336347 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48631 | 1 Google | 1 Android | 2026-03-06 | N/A | 6.5 MEDIUM |
|
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-48630 | 1 Google | 1 Android | 2026-03-06 | N/A | 7.4 HIGH |
|
In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-48619 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.4 HIGH |
|
In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-48613 | 1 Google | 1 Android | 2026-03-06 | N/A | 7.8 HIGH |
|
In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-48609 | 1 Google | 1 Android | 2026-03-06 | N/A | 9.1 CRITICAL |
|
In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-48605 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.4 HIGH |
|
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-48602 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.4 HIGH |
|
In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-48587 | 1 Google | 1 Android | 2026-03-06 | N/A | 6.2 MEDIUM |
|
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-48585 | 1 Google | 1 Android | 2026-03-06 | N/A | 6.2 MEDIUM |
|
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-48582 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.4 HIGH |
|
In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-48579 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.4 HIGH |
|
In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-48578 | 1 Google | 1 Android | 2026-03-06 | N/A | 7.8 HIGH |
|
In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
|
|||||
| CVE-2025-48577 | 1 Google | 1 Android | 2026-03-06 | N/A | 7.4 HIGH |
|
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-48574 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.4 HIGH |
|
In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-48568 | 1 Google | 1 Android | 2026-03-06 | N/A | 7.4 HIGH |
|
In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-48567 | 1 Google | 1 Android | 2026-03-06 | N/A | 7.8 HIGH |
|
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
|
|||||
| CVE-2025-48544 | 1 Google | 1 Android | 2026-03-06 | N/A | 7.8 HIGH |
|
In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-40931 | 2026-03-06 | N/A | 9.1 CRITICAL | ||
|
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id.
Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids cou ...
Show More |
|||||
| CVE-2025-32313 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.4 HIGH |
|
In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-12801 | 2026-03-06 | N/A | 6.5 MEDIUM | ||
|
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the
privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client.
|
|||||
| CVE-2024-43766 | 1 Google | 1 Android | 2026-03-06 | N/A | 6.5 MEDIUM |
|
In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invalid error handling. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-31328 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.8 HIGH |
|
In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2026-3616 | 2026-03-06 | 6.5 MEDIUM | 6.3 MEDIUM | ||
|
A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. The patch is named f0e991870e9d33701cca3a1d0fd4eec135af01a6. It is suggested to install a patch to address this issue.
|
|||||
| CVE-2026-3613 | 2026-03-06 | 8.3 HIGH | 7.2 HIGH | ||
|
A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub_401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
|
|||||
| CVE-2026-3612 | 2026-03-06 | 8.3 HIGH | 7.2 HIGH | ||
|
A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub_405AF4 of the file /cgi-bin/adm.cgi of the component OTA Online Upgrade. This manipulation of the argument firmware_url causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.
|
|||||
| CVE-2026-3610 | 2026-03-06 | 5.0 MEDIUM | 4.3 MEDIUM | ||
|
A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL Handler. The manipulation of the argument error_description results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used. Upgrading to version 5.4.0 can resolve this issue. You should upgrade the affected component. The vendor was contac ...
Show More |
|||||
| CVE-2026-2589 | 2026-03-06 | N/A | 5.3 MEDIUM | ||
|
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup stored in a publicly accessible file. This makes it possible for unauthenticated attackers to extract sensitive data including the configured OpenAI, Claude, Google Maps, Gemini, DeepSeek, and Cloudflare Turnstile API keys.
|
|||||
| CVE-2026-28727 | 2026-03-06 | N/A | 7.8 HIGH | ||
|
Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124.
|
|||||
| CVE-2026-28726 | 2026-03-06 | N/A | 4.3 MEDIUM | ||
|
Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
|
|||||
| CVE-2026-28725 | 2026-03-06 | N/A | 5.5 MEDIUM | ||
|
Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
|
|||||
| CVE-2026-28724 | 2026-03-06 | N/A | 4.3 MEDIUM | ||
|
Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
|
|||||
| CVE-2026-28723 | 2026-03-06 | N/A | 4.3 MEDIUM | ||
|
Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
|
|||||
| CVE-2026-28722 | 2026-03-06 | N/A | 7.3 HIGH | ||
|
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.
|
|||||
| CVE-2026-28721 | 2026-03-06 | N/A | 7.3 HIGH | ||
|
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.
|
|||||
| CVE-2026-28720 | 2026-03-06 | N/A | 4.3 MEDIUM | ||
|
Unauthorized modification of settings due to insufficient authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
|
|||||
| CVE-2026-28719 | 2026-03-06 | N/A | 4.3 MEDIUM | ||
|
Unauthorized resource manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
|
|||||
| CVE-2026-28718 | 2026-03-06 | N/A | 5.3 MEDIUM | ||
|
Denial of service due to insufficient input validation in authentication logging. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
|
|||||
| CVE-2026-28717 | 2026-03-06 | N/A | 5.0 MEDIUM | ||
|
Local privilege escalation due to improper directory permissions. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.
|
|||||
| CVE-2026-28716 | 2026-03-06 | N/A | 4.4 MEDIUM | ||
|
Information disclosure and manipulation due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
|
|||||
| CVE-2026-28715 | 2026-03-06 | N/A | 6.5 MEDIUM | ||
|
Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
|
|||||