Google Android elevation of privilege vulnerability (CNVD-2025-26885)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by a lack of privilege checking in multiple functions. The vulnerability can be exploited by an attacker to cause privilege escalation...

Google Android elevation of privilege vulnerability (CNVD-2025-26729)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to an unsafe default value in the onNullBinding function in RemoteFillService.java that causes background activity to start. An attacker can exploit th...

Google Android elevation of privilege vulnerability (CNVD-2025-26730)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...

Google Android Obfuscated Proxy Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from an obfuscated proxy vulnerability that originates from an...

Google Android Obfuscated Proxy Vulnerability (CNVD-2025-26792)

Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from an obfuscated proxy vulnerability that originates from...

Google Android elevation of privilege vulnerability (CNVD-2025-26732)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by a BAL bypass in the clearAllowBgActivityStarts function in PendingIntentRecord.java. An attacker can exploit the vulnerability to eleva...

Google Android Protocol Implementation Incorrect Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from an incorrect protocol implementation vulnerability that ca...

Google Android Obfuscated Proxy Vulnerability (CNVD-2025-26799)

Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from an obfuscated proxy vulnerability that can be exploited by...

Google Android Privilege Bypass Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from a privilege bypass vulnerability that can be exploited by ...

Google Android elevation of privilege vulnerability (CNVD-2025-30728)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...

Google Android Information Disclosure Vulnerability (CNVD-2025-30726)

Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

Google Android Information Disclosure Vulnerability (CNVD-2025-30725)

Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

Google Android Information Disclosure Vulnerability (CNVD-2025-30724)

Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

Google Android elevation of privilege vulnerability (CNVD-2025-30723)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to unauthorized data access caused by SQL injection in multiple functions in PickerDbFacade.java. An attacker can exploit the vulnerability to elevate...

Google Android elevation of privilege vulnerability (CNVD-2025-29702)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to an obfuscated agent in the loadDrawableForCookie function in ResourcesImpl.java. An attacker can exploit the vulnerability to elevate privileges...

Google Android elevation of privilege vulnerability (CNVD-2025-29703)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the updateState function in ContentProtectionTogglePreferenceController.java, which can be exploited by an attacker to elevate...

Google Android elevation of privilege vulnerability (CNVD-2025-29704)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...

Google Android elevation of privilege vulnerability (CNVD-2025-29705)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by a way to bypass intent type checking due to proxy obfuscation in the isSafeIntent function in AccountTypePreferenceLoader.java. An...

Google Android elevation of privilege vulnerability (CNVD-2025-29707)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...

Google Android Denial of Service Vulnerability (CNVD-2025-29708)

Google Android is a Linux-based open source operating system from Google. A denial of service vulnerability exists in Google Android due to incorrect input validation of the collectOps function in AppOpsService.java. An attacker can exploit the vulnerability to cause a denial of service...

Unspecified Vulnerability in Google Android (CNVD-2025-23037)

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to cause local elevation of privilege...

Google Android elevation of privilege vulnerability (CNVD-2025-26884)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is a cross-user file leak due to a logic error in the getDestinationForApp function in SpaAppBridgeActivity. An attacker can exploit the vulnerabili...

Google Android Information Disclosure Vulnerability (CNVD-2025-29709)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by a lack of permission checking in the offerNetwork function in ConnectivityService.java. An attacker can exploit this vulnerability to obtain...

Google Android Denial of Service Vulnerability (CNVD-2025-23027)

Google Android is a Linux-based open source operating system from Google. A denial of service vulnerability exists in Google Android, which is caused by a logic error in the handlePackagesChanged function in DevicePolicyManagerService.java. An attacker can exploit this vulnerability to cause a...

appRain CMF cross-site scripting vulnerability (CNVD-2025-21115)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/baselibs endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

Google Pixel elevation of privilege vulnerability (CNVD-2025-25480)

Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that can be exploited by an attacker that may lead to physical elevation of privileges...

Google Android Reuse After Release Vulnerability

Google Android is a free and open source mobile operating system based on the Linux kernel, developed by Google Inc. and the Open Handset Alliance, and is mainly used for smartphones, tablets and other devices. Google Android suffers from a post-release reuse vulnerability, which can be exploited...

Google Android elevation of privilege vulnerability (CNVD-2025-29706)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is due to a logic error in multiple locations that can be exploited by an attacker to elevate privileges...

appRain CMF cross-site scripting vulnerability (CNVD-2025-21123)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/rowmanager endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authenticatio...

Google Android elevation of privilege vulnerability (CNVD-2025-28662)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...

Google Chrome V8 post-release reuse vulnerability (CNVD-2025-22938)

Google Chrome is a web browser developed by Google, known for being fast, secure and personalized, with support for multi-device synchronization and smart tool integration. Google Chrome suffers from a post-release reuse vulnerability that stems from the mishandling of memory objects by the V8...

Google Android elevation of privilege vulnerability (CNVD-2025-28658)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by an unauthorized way of adding contacts due to a logic error in the onCreate function in SelectAccountActivity.java. An attacker can...

Google Android Denial of Service Vulnerability (CNVD-2025-28663)

Google Android is a Linux-based open source operating system from Google. A denial of service vulnerability exists in Google Android, which is caused by a privilege bypass due to a missing privilege check in the isSystem function in WifiPermissionsTil.java. An attacker can exploit this...

Google Android elevation of privilege vulnerability (CNVD-2025-28665)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause an elevation of privilege on a paired device...

Google Android Information Disclosure Vulnerability (CNVD-2025-28666)

Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

TOTOLINK X5000R Command Injection Vulnerability

TOTOLINK X5000R is a wireless router supporting Wi-Fi 6 technology with full coverage mesh system and dual-band transmission for home and business network environments. The TOTOLINK X5000R suffers from a command injection vulnerability that stems from the parameter pid in the file...

Unspecified Vulnerability in NVIDIA DOCA (CNVD-2025-21180)

NVIDIA DOCA is a software framework from NVIDIA. NVIDIA DOCA has a security vulnerability that can be exploited by attackers to cause elevation of privilege...

Unspecified Vulnerability in NVIDIA ConnectX (CNVD-2025-21179)

NVIDIA ConnectX is a series of intelligent network interface cards from NVIDIA. NVIDIA ConnectX has a security vulnerability that can be exploited by attackers to potentially cause denial of service, elevation of privilege, information disclosure, and data tampering...

appRain CMF path traversal vulnerability

appRain CMF is a content management framework. A path traversal vulnerability exists in appRain CMF, which stems from the incorrect handling of base64 path parameters, and can be exploited by an attacker to download an arbitrary file on the system via a constructed URL request...

appRain CMF cross-site scripting vulnerability (CNVD-2025-21134)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/page/manage-static-pages/create endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

appRain CMF SQL Injection Vulnerability (CNVD-2025-21133)

appRain CMF is a content management framework. appRain CMF suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the data%5BPage%5D%5Bname%5D parameter of /apprain/page/manage-static-pages/create. An attacker could use this...

appRain CMF SQL Injection Vulnerability (CNVD-2025-21132)

appRain CMF is a content management framework. appRain CMF suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the data%5BPage%5D%5Bname%5D parameter of /apprain/page/manage-dynamic-pages/create. An attacker could use this...

appRain CMF cross-site scripting vulnerability (CNVD-2025-21131)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF, which is caused by improper validation of user input in the /apprain/information/manage/emailtemplate/add endpoint. An attacker could use this vulnerability to steal the victim's cookie-base...

appRain CMF cross-site scripting vulnerability (CNVD-2025-21130)

appRain CMF is a content management framework from appRain Canada. appRain CMF suffers from a cross-site scripting vulnerability that is caused by improper validation of user input in the /apprain/developer/language/lipsum.xml endpoint. An attacker could use this vulnerability to steal the victim...

appRain CMF cross-site scripting vulnerability (CNVD-2025-21129)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/language/default.xml endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

appRain CMF cross-site scripting vulnerability (CNVD-2025-21127)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF, which stems from the lack of effective filtering and escaping of user-supplied data in the /apprain/developer/addons parameter page, which can be exploited by an attacker to steal a victim's...

appRain CMF cross-site scripting vulnerability (CNVD-2025-21125)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/tree endpoint. An attacker could use this vulnerability to steal a victim's cookie-based authentication...

appRain CMF cross-site scripting vulnerability (CNVD-2025-21122)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/richtexteditor endpoint. An attacker could use the vulnerability to steal the victim's cookie-based...

appRain CMF cross-site scripting vulnerability (CNVD-2025-21121)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/hysontable endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authenticatio...

appRain CMF cross-site scripting vulnerability (CNVD-2025-21120)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/dialogs endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...