CVE-2025-27606

MEDIUM Year: 2025
CVSS v3 Score
5.1
Medium
Weakness Type
CWE-488
View all →

Vulnerability Description

Element Android is an Android Matrix Client provided by Element. Element Android up to version 1.6.32 can, under certain circumstances, fail to logout the user if they input the wrong PIN more than the configured amount of times. An attacker with physical access to a device can exploit this to guess the PIN. Version 1.6.34 solves the issue.

Related Vulnerabilities

CVE-2024-11094

MEDIUM
CVSS:5.3(Medium)

The 404 Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35.17 via the export feature. This makes it possible for unauthenticated a...

CWE-4882024

CVE-2024-1223

MEDIUM
CVSS:4.8(Medium)

This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, de...

CWE-4882024

CVE-2024-7049

MEDIUM
CVSS:5.4(Medium)

In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation...

CWE-4882024

CVE-2025-2312

MEDIUM
CVSS:5.9(Medium)

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. Th...

CWE-4882025

CVE-2024-38367

CRITICAL
CVSS:9.6(Critical)

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipula...

CWE-4882024

CVE-2024-27455

CRITICAL
CVSS:9.1(Critical)

In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.0...

CWE-4882024