Security Vulnerabilities
A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-09-05
Vulnerability of exposing object heap addresses in the Ark eTS module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-09-05
Out-of-bounds read vulnerability in the runtime interpreter module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-09-05
Race condition vulnerability in the audio module.
Impact: Successful exploitation of this vulnerability may affect function stability.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-09-05
Race condition vulnerability in the device standby module.
Impact: Successful exploitation of this vulnerability may cause feature exceptions of the device standby module.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-09-05
Permission verification vulnerability in the home screen module
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-09-05
Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-04
In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-09-04
In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-09-04
In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-09-04