Skip to main content
CVE-2025-26426 MEDIUM This Month

In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "android" package due to improper input validation. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Java Android
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-48562 MEDIUM PATCH This Month

In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Information Disclosure Android Google
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-48551 MEDIUM PATCH This Month

In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2024-13073 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft TaskPano allows Cross-Site Scripting (XSS).06.04. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-38687 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: comedi: fix race between polling and detaching syzbot reports a use-after-free in comedi in the below link, which is due to comedi. Rated medium severity (CVSS 4.7).

Linux Information Disclosure Race Condition
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-26427 MEDIUM PATCH This Month

In multiple locations, there is a possible Android/data access due to a path traversal error. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Google Path Traversal Android
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-13071 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft e-Mutabakat allows Cross-Site Scripting (XSS).02.05 before v2.02.06. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2022-39888 MEDIUM This Month

Improper access control vulnerability in retrieveExternalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to access to Proxy information. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-49731 MEDIUM This Month

In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-26425 MEDIUM PATCH This Month

In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-22415 MEDIUM This Month

In android_app of Android.bp, there is a possible way to launch any activity as a system user. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-48528 MEDIUM PATCH This Month

In multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay attack. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-48526 MEDIUM PATCH This Month

In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profile due to improper input validation. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Java Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2023-35657 MEDIUM PATCH This Month

In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-55305 MEDIUM POC PATCH This Month

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Red Hat Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-55242 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xbox Gaming Services
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-55209 MEDIUM This Month

contactmanager is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation XSS
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-26449 MEDIUM PATCH This Month

In multiple locations, there is a possible permanent denial of service due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-26448 MEDIUM PATCH This Month

In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-26445 MEDIUM PATCH This Month

In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-26424 MEDIUM PATCH Monitor

In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Information Disclosure Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-26423 MEDIUM PATCH This Month

In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a permanent DoS due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Privilege Escalation Android Google
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-26422 MEDIUM PATCH Monitor

In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-26421 MEDIUM PATCH Monitor

In multiple locations, there is a possible lock screen bypass due to a logic error in the code. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-26420 MEDIUM PATCH Monitor

In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Java Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-22425 MEDIUM PATCH This Month

In onCreate of InstallStart.java, there is a possible permissions bypass due to improper input validation. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android Google
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-0087 MEDIUM This Month

In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-0077 MEDIUM PATCH Monitor

In multiple functions of UserController.java, there is a possible lock screen bypass due to a race condition. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-49739 MEDIUM Monitor

In MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-57576 MEDIUM POC This Month

PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) in /admin/updateorder.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Shopping Portal
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-38726 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect After the call to phy_disconnect() netdev->phydev is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38720 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fix rtnl deadlock issue Currently, the hibmcge netdev acquires the rtnl_lock in pci_error_handlers.reset_prepare(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38719 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fix the division by zero issue When the network port is down, the queue is released, and ring->len is 0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38717 MEDIUM PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcm_unattach() syzbot found a race condition when kcm_unattach(psock) and kcm_release(kcm) are. Rated medium severity (CVSS 4.7).

Linux Information Disclosure Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-38716 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: hfs: fix general protection fault in hfs_find_init() The hfs_find_init() method can trigger the crash if tree pointer is NULL: [. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Canonical Debian Linux Denial Of Service +4
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38709 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: loop: Avoid updating block size under exclusive owner Syzbot came up with a reproducer where a loop device block size is changed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38705 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters (' ', '\n', '\0') to the under gpu_od/fan_ctrl sysfs or. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Amd Linux Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38692 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: exfat: add cluster chain loop check for dir An infinite loop may occur if the following conditions occur due to file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38690 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/xe/migrate: prevent infinite recursion If the buf + offset is not aligned to XE_CAHELINE_BYTES we fallback to using a bounce. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38689 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix NULL dereference in avx512_status() Problem ------- With CONFIG_X86_DEBUG_FPU enabled, reading. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38686 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry When UFFDIO_MOVE encounters a migration PMD entry, it. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-23302 MEDIUM Monitor

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. Rated medium severity (CVSS 4.2). No vendor patch available.

Denial Of Service Nvidia
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-23301 MEDIUM Monitor

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. Rated medium severity (CVSS 4.2). No vendor patch available.

Denial Of Service Nvidia
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-23262 MEDIUM This Month

NVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Nvidia Information Disclosure
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-23261 MEDIUM This Month

NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Nvidia
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-23259 MEDIUM PATCH This Month

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver (PMD), where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Information Disclosure Nvidia Race Condition Suse
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-6785 MEDIUM Monitor

Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD
CVSS 4.0
4.7
EPSS
0.0%
CVE-2025-2694 MEDIUM Monitor

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-25048 MEDIUM PATCH This Month

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Jazz Foundation
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-43184 MEDIUM PATCH This Month

IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Jazz Foundation
NVD
CVSS 3.1
6.1
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy