Search

Search Results (366567 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-21038 2 Google, Samsung 6 Android, Assistant, Mobile and 3 more 2025-09-05 5.1 Medium
Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
CVE-2024-13308 1 Browser Back Button Project 1 Browser Back Button 2025-09-05 3.8 Low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Browser Back Button allows Cross-Site Scripting (XSS).This issue affects Browser Back Button: from 1.0.0 before 2.0.2.
CVE-2025-21039 2 Google, Samsung 6 Android, Assistant, Mobile and 3 more 2025-09-05 5.1 Medium
Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
CVE-2023-21471 1 Samsung 3 Android, Mobile, Samsung Mobile 2025-09-05 4 Medium
Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission.
CVE-2023-21472 1 Samsung 4 Android, Exynos, Mobile and 1 more 2025-09-05 6.8 Medium
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.
CVE-2023-21473 1 Samsung 4 Android, Exynos, Mobile and 1 more 2025-09-05 6.8 Medium
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.
CVE-2025-21040 2 Google, Samsung 6 Android, Assistant, Mobile and 3 more 2025-09-05 5.1 Medium
Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
CVE-2025-21031 1 Samsung 2 Android, Mobile Devices 2025-09-05 6.8 Medium
Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs.
CVE-2025-9927 1 Projectworlds 1 Travel Management System 2025-09-05 7.3 High
A vulnerability was identified in projectworlds Travel Management System 1.0. The affected element is an unknown function of the file /viewpackage.php. Such manipulation of the argument t1 leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
CVE-2025-9928 1 Projectworlds 1 Travel Management System 2025-09-05 7.3 High
A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument t1 results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
CVE-2025-36892 1 Google 1 Android 2025-09-05 7.5 High
Denial of service
CVE-2025-36893 1 Google 1 Android 2025-09-05 5.5 Medium
In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-36894 1 Google 1 Android 2025-09-05 7.5 High
In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-36895 1 Google 1 Android 2025-09-05 7.5 High
Information disclosure
CVE-2025-36909 1 Google 1 Android 2025-09-05 5.3 Medium
Information disclosure
CVE-2025-21623 1 Oxygenz 1 Clipbucket 2025-09-05 7.5 High
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service.
CVE-2025-21624 1 Oxygenz 1 Clipbucket 2025-09-05 9.8 Critical
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script file instead of an image file, thus allowing a webshell or other malicious files to be stored and executed on the server. This attack vector exists in both the admin area and low-level user area. This vulnerability is fixed in 5.5.1 - 239.
CVE-2025-4447 2 Eclipse, Redhat 2 Openj9, Enterprise Linux 2025-09-05 7.8 High
In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.
CVE-2024-23976 1 F5 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more 2025-09-05 6 Medium
When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2024-23603 1 F5 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager 2025-09-05 3.8 Low
An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated