Search

Search Results (363167 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-20989 1 Samsung 1 Android 2026-02-10 5.2 Medium
Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmac_key.
CVE-2025-20988 1 Samsung 1 Android 2026-02-10 5.5 Medium
Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.
CVE-2025-20987 1 Samsung 1 Android 2026-02-10 5.2 Medium
Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a auth_token.
CVE-2025-20985 1 Samsung 1 Android 2026-02-10 5.5 Medium
Improper privilege management in ThemeManager prior to SMR Jun-2025 Release 1 allows local privileged attackers to reuse trial items.
CVE-2025-20981 1 Samsung 1 Android 2026-02-10 6.2 Medium
Improper access control in AudioService prior to SMR Jun-2025 Release 1 allows local attackers to access sensitive information.
CVE-2025-36407 1 Ibm 1 Db2 2026-02-10 6.5 Medium
IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.
CVE-2020-37114 2 Gunet, Openeclass 2 Open Eclass Platform, Openeclass 2026-02-10 4.3 Medium
GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download other users' files without proper authorization.
CVE-2020-37116 2 Gunet, Openeclass 2 Open Eclass Platform, Openeclass 2026-02-10 8.8 High
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise.
CVE-2025-3569 1 Jameszbl 1 Db-hospital-drug 2026-02-10 6.3 Medium
A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ShiroConfig.java. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2020-37115 2 Gunet, Openeclass 2 Open Eclass Platform, Openeclass 2026-02-10 6.5 Medium
GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access.
CVE-2025-59891 1 Flexense 4 Disk Pulse Enterprise, Diskpulse, Sync Breeze Enterprise Server and 1 more 2026-02-10 8.0 High
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to change a user's password or create users via '/setup_login?sid=', affecting the 'username', 'password', and 'cpassword' parameters.
CVE-2025-47705 1 Iframe Remove Filter Project 1 Iframe Remove Filter 2026-02-10 6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting (XSS).This issue affects IFrame Remove Filter: from 2.0.0 before 2.0.5, from 7.X-1.0 through 7.X-1.5, from 1.0 through 1.2.
CVE-2025-59892 1 Flexense 4 Disk Pulse Enterprise, Diskpulse, Sync Breeze Enterprise Server and 1 more 2026-02-10 8.0 High
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to delete commands individually via '/delete_command?sid=', using the 'cid' parameter.
CVE-2025-59893 1 Flexense 4 Disk Pulse Enterprise, Diskpulse, Sync Breeze Enterprise Server and 1 more 2026-02-10 8.0 High
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to rename commands via '/rename_command?sid=', affecting the 'command_name' parameter.
CVE-2025-59894 1 Flexense 4 Disk Pulse Enterprise, Diskpulse, Sync Breeze Enterprise Server and 1 more 2026-02-10 8.0 High
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to delete all commands via '/delete_all_commands?sid='.
CVE-2025-59895 1 Flexense 4 Disk Pulse Enterprise, Diskpulse, Sync Breeze Enterprise Server and 1 more 2026-02-10 7.5 High
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during this process. An attacker could send malicious requests to alter the configuration file, causing the application to become unresponsive. In a successful scenario, the service may not recover on its own and require a complete reinstallation, as the configuration becomes corrupted and prevents the service from restarting, even manually.
CVE-2025-59896 1 Flexense 4 Disk Pulse Enterprise, Diskpulse, Sync Breeze Enterprise Server and 1 more 2026-02-10 5.4 Medium
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/add_command?sid=', affecting the 'command_name' parameter.
CVE-2025-59897 1 Flexense 4 Disk Pulse Enterprise, Diskpulse, Sync Breeze Enterprise Server and 1 more 2026-02-10 5.4 Medium
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/edit_command?sid=', affecting the 'source_dir' and ‘dest_dir’ parameters.
CVE-2025-59898 1 Flexense 4 Disk Pulse Enterprise, Diskpulse, Sync Breeze Enterprise Server and 1 more 2026-02-10 5.4 Medium
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in '/add_exclude_dir?sid=', affecting the 'exclude_dir' parameter.
CVE-2025-59899 1 Flexense 4 Disk Pulse Enterprise, Diskpulse, Sync Breeze Enterprise Server and 1 more 2026-02-10 5.4 Medium
Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user input in  '/server_options?sid=', affecting the 'tasks_logs_dir', 'errors_logs_dir', 'error_notifications_address', 'status_notifications_address', and 'status_reports_address' parameters.