CVE Database

111589+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-48606
7.8 HIGH

In preparePackage of InstallPackageHelper.java, there is a possible way for an app to appear hidden upon installation without a mechanism to uninstall it due to …

Dec 8, 2025
CVE-2025-48569
5.5 MEDIUM

In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no …

Dec 8, 2025
CVE-2025-14259
6.3 MEDIUM

A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation …

Dec 8, 2025
CVE-2025-14258
7.3 HIGH

A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /newsubject.php. The manipulation …

Dec 8, 2025
CVE-2025-65799
4.3 MEDIUM

A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.

Dec 8, 2025
CVE-2025-65797
6.5 MEDIUM

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, …

Dec 8, 2025
CVE-2025-65795
7.5 HIGH

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request.

Dec 8, 2025
CVE-2025-65363
7.2 HIGH

Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1.x) allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and …

Dec 8, 2025
CVE-2025-63721
8.8 HIGH

HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and …

Dec 8, 2025
CVE-2025-59391
6.5 MEDIUM

A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing …

Dec 8, 2025
CVE-2025-48639
7.3 HIGH

In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation …

Dec 8, 2025
CVE-2025-48638
7.8 HIGH

In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no …

Dec 8, 2025
CVE-2025-48637
7.8 HIGH

In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of …

Dec 8, 2025
CVE-2025-48633
5.5 MEDIUM KEV

In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This …

Dec 8, 2025
CVE-2025-48632
7.8 HIGH

In setDisplayName of AssociationRequest.java, there is a possible way to cause CDM associations to persist after the user has disassociated them due to improper input …

Dec 8, 2025
CVE-2025-48631
6.5 MEDIUM

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with …

Dec 8, 2025
CVE-2025-48629
7.8 HIGH

In findAvailRecognizer of VoiceInteractionManagerService.java, there is a possible way to become the default speech recognizer app due to an insecure default value. This could lead …

Dec 8, 2025
CVE-2025-48628
7.8 HIGH

In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with …

Dec 8, 2025
CVE-2025-48627
7.8 HIGH

In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This …

Dec 8, 2025
CVE-2025-48626
9.8 CRITICAL

In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to …

Dec 8, 2025
CVE-2025-48624
7.8 HIGH

In multiple functions of arm-smmu-v3.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with …

Dec 8, 2025
CVE-2025-48623
7.8 HIGH

In init_pkvm_hyp_vcpu of pkvm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege …

Dec 8, 2025
CVE-2025-48622
5.5 MEDIUM

In ProcessArea of dng_misc_opcodes.cpp, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with …

Dec 8, 2025
CVE-2025-48621
7.3 HIGH

In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead to local escalation of privilege …

Dec 8, 2025
CVE-2025-48620
7.8 HIGH

In onSomePackagesChanged of VoiceInteractionManagerService.java, there is a possible way for a third party application's component name to persist even after uninstalling due to a logic …

Dec 8, 2025
CVE-2025-48618
6.8 MEDIUM

In processLaunchBrowser of CommandParamsFactory.java, there is a possible browser interaction from the lockscreen due to improper locking. This could lead to physical escalation of privilege …

Dec 8, 2025
CVE-2025-48615
7.8 HIGH

In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no …

Dec 8, 2025
CVE-2025-48614
4.6 MEDIUM

In rebootWipeUserData of RecoverySystem.java, there is a possible way to factory reset the device while in DSU mode due to a missing permission check. This …

Dec 8, 2025
CVE-2025-48612
7.8 HIGH

In multiple locations, there is a possible way for an application on a work profile to set the main user's default NFC payment setting due …

Dec 8, 2025
CVE-2025-48610
5.5 MEDIUM

In __pkvm_guest_relinquish_to_host of mem_protect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information …

Dec 8, 2025
CVE-2025-48607
5.5 MEDIUM

In multiple locations, there is a possible way to create a large amount of app ops due to a logic error in the code. This …

Dec 8, 2025
CVE-2025-48604
5.5 MEDIUM

In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local …

Dec 8, 2025
CVE-2025-48603
5.5 MEDIUM

In InputMethodInfo of InputMethodInfo.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with …

Dec 8, 2025
CVE-2025-48601
5.5 MEDIUM

In multiple locations, there is a possible permanent denial of service due to improper input validation. This could lead to local escalation of privilege with …

Dec 8, 2025
CVE-2025-48600
5.5 MEDIUM

In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information …

Dec 8, 2025
CVE-2025-48599
7.8 HIGH

In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead …

Dec 8, 2025
CVE-2025-48598
6.6 MEDIUM

In multiple locations, there is a possible way to alter the primary user's face unlock settings due to a confused deputy. This could lead to …

Dec 8, 2025
CVE-2025-48597
7.8 HIGH

In multiple locations, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to …

Dec 8, 2025
CVE-2025-48596
7.8 HIGH

In appendFrom of Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of …

Dec 8, 2025
CVE-2025-48594
7.3 HIGH

In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disassociation due to improper input validation. This could lead to …

Dec 8, 2025
CVE-2025-48592
7.5 HIGH

In initDecoder of C2SoftDav1dDec.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure …

Dec 8, 2025
CVE-2025-48591
5.5 MEDIUM

In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local …

Dec 8, 2025
CVE-2025-48590
5.5 MEDIUM

In verifyAndGetBypass of AppOpsService.java, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to resource exhaustion. …

Dec 8, 2025
CVE-2025-48589
7.8 HIGH

In multiple functions of HeaderPrivacyIconsController.kt, there is a possible way to grand permissions across user due to a logic error in the code. This could …

Dec 8, 2025
CVE-2025-48588
7.8 HIGH

In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic error in the code. This could lead to …

Dec 8, 2025
CVE-2025-48586
7.8 HIGH

In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to …

Dec 8, 2025
CVE-2025-48584
5.5 MEDIUM

In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial …

Dec 8, 2025
CVE-2025-48583
7.8 HIGH

In multiple functions of BaseBundle.java, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead …

Dec 8, 2025
CVE-2025-48580
7.8 HIGH

In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic …

Dec 8, 2025
CVE-2025-48576
5.5 MEDIUM

In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with …

Dec 8, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.