Export limit exceeded: 366310 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366310 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-9726 1 Campcodes 1 Farm Management System 2025-09-08 7.3 High
A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /review.php. The manipulation of the argument pid results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
CVE-2025-49456 1 Zoom 7 Meeting Software Development Kit, Rooms, Rooms Controller and 4 more 2025-09-08 6.2 Medium
Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access.
CVE-2025-9729 1 Phpgurukul 1 Online Course Registration 2025-09-08 7.3 High
A vulnerability was detected in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /admin/student-registration.php. Performing manipulation of the argument studentname results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVE-2025-9730 2 Admerc, Itsourcecode 2 Apartment Management System, Apartment Management System 2025-09-08 7.3 High
A vulnerability was found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /ajax/updateProfile.php. The manipulation of the argument user_id results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
CVE-2025-54588 1 Envoyproxy 1 Envoy 2025-09-08 7.5 High
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Versions 1.34.0 through 1.34.4 and 1.35.0 contain a use-after-free (UAF) vulnerability in the DNS cache, causing abnormal process termination. The vulnerability is in Envoy's Dynamic Forward Proxy implementation, occurring when a completion callback for a DNS resolution triggers new DNS resolutions or removes existing pending resolutions. This condition may occur when the following conditions are met: dynamic Forwarding Filter is enabled, the `envoy.reloadable_features.dfp_cluster_resolves_hosts` runtime flag is enabled, and the Host header is modified between the Dynamic Forwarding Filter and Router filters. This issue is resolved in versions 1.34.5 and 1.35.1. To work around this issue, set the envoy.reloadable_features.dfp_cluster_resolves_hosts runtime flag to false.
CVE-2025-58163 2 Freescout, Freescout Helpdesk 2 Freescout, Freescout 2025-09-08 8.8 High
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.185 and earlier contain a deserialization of untrusted data vulnerability that allows authenticated attackers with knowledge of the application's APP_KEY to achieve remote code execution. The vulnerability is exploited via endpoint, e.g.: `/help/{mailbox_id}/auth/{customer_id}/{hash}/{timestamp}` where the `customer_id` and `timestamp` parameters are processed through the decrypt function in `app/Helper.php` without proper validation. The code decrypts using Laravel's built-in encryption functions, which subsequently deserialize the decrypted payload without sanitization, allowing attackers to craft malicious serialized PHP objects using classes to trigger arbitrary command execution. This is fixed in version 1.8.186.
CVE-2023-21466 2 Google, Samsung 4 Android, Android, Mobile and 1 more 2025-09-08 5.3 Medium
PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission.
CVE-2023-21467 1 Samsung 3 Exynos, Mobile, Samsung Mobile 2025-09-08 4.6 Medium
Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message.
CVE-2025-9739 1 Campcodes 1 Online Water Billing System 2025-09-08 7.3 High
A vulnerability has been found in Campcodes Online Water Billing System 1.0. Affected by this issue is some unknown functionality of the file /process.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-10013 1 Portabilis 1 I-educar 2025-09-08 6.3 Medium
A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVE-2025-10012 1 Portabilis 1 I-educar 2025-09-08 6.3 Medium
A security vulnerability has been detected in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file educar_historico_escolar_lst.php. Such manipulation of the argument ref_cod_aluno leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-26437 1 Google 1 Android 2025-09-08 5.5 Medium
In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-26441 1 Google 1 Android 2025-09-08 6.5 Medium
In add_attr of sdp_discovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-26445 1 Google 1 Android 2025-09-08 5.5 Medium
In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-26448 1 Google 1 Android 2025-09-08 5.5 Medium
In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-26449 1 Google 1 Android 2025-09-08 5.5 Medium
In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-26453 1 Google 1 Android 2025-09-08 5.5 Medium
In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-26458 1 Google 1 Android 2025-09-08 7.8 High
In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-9750 1 Campcodes 1 Online Learning Management System 2025-09-08 7.3 High
A security flaw has been discovered in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/login.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
CVE-2025-32323 1 Google 1 Android 2025-09-08 7.8 High
In getCallingAppName of Shared.java, there is a possible way to trick users into granting file access via deceptive text in a permission popup due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.