Total
11415 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48644 | 1 Google | 1 Android | 2026-06-17 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48638 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48632 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In setDisplayName of AssociationRequest.java, there is a possible way to cause CDM associations to persist after the user has disassociated them due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48624 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In multiple functions of arm-smmu-v3.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48623 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In init_pkvm_hyp_vcpu of pkvm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48612 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In setDefaultKey of DefaultPaymentSettings.java, there is a possible way for an application to set the main user's default NFC payment setting due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48601 | 1 Google | 1 Android | 2026-06-17 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible permanent denial of service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48594 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.3 HIGH |
| In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disassociation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-48587 | 1 Google | 1 Android | 2026-06-17 | N/A | 6.2 MEDIUM |
| In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48585 | 1 Google | 1 Android | 2026-06-17 | N/A | 6.2 MEDIUM |
| In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48566 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48559 | 1 Google | 1 Android | 2026-06-17 | N/A | 5.5 MEDIUM |
| In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48556 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.3 HIGH |
| In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-48541 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In onCreate of FaceSettings.java, there is a possible way to remove biometric unlock across user profiles due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48538 | 1 Google | 1 Android | 2026-06-17 | N/A | 5.5 MEDIUM |
| In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48537 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.1 HIGH |
| In multiple locations, there is a possible way to persistently DoS the device due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48525 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In disassociate of DisassociationProcessor.java, there is a possible way for an app to continue reading notifications when not associated to a companion device due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48490 | 2026-06-17 | N/A | N/A | ||
| Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts (such as index, store, and update actions), malicious actors could exploit this behavior by crafting requests that bypass expected validation rules, potentially injecting unexpected or dangerous parameters into the application. This could lead to unauthorized data being accepted or processed by the API, depending on the context in which the validation was bypassed. This issue has been patched in version 2.13.0. | |||||
| CVE-2025-47982 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2026-06-17 | N/A | 7.8 HIGH |
| Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-47968 | 1 Microsoft | 1 Autoupdate | 2026-06-17 | N/A | 7.8 HIGH |
| Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | |||||