Search

Search Results (364232 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-20895 1 Samsung 1 Galaxy Store 2025-07-17 3.2 Low
Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.
CVE-2024-34831 2 Gibbon, Gibbonedu 2 Core, Gibbon 2025-07-17 6.1 Medium
cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component.
CVE-2024-31890 1 Ibm 1 I 2025-07-17 7.8 High
IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171.
CVE-2024-3403 1 Pribai 1 Privategpt 2025-07-17 N/A
imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI to retrieve or disclose the contents of any file on the system. This vulnerability could lead to various impacts, including but not limited to remote code execution by obtaining private SSH keys, unauthorized access to private files, source code disclosure facilitating further attacks, and exposure of configuration files.
CVE-2024-20870 1 Samsung 1 Galaxy Store 2025-07-17 5.1 Medium
Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.
CVE-2024-20869 1 Samsung 1 Internet 2025-07-17 5.5 Medium
Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies.
CVE-2025-3555 1 Scriptandtools 1 Ecommerce-website-in-php 2025-07-17 3.7 Low
A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-3556 1 Scriptandtools 1 Ecommerce-website-in-php 2025-07-17 3.7 Low
A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-3557 1 Scriptandtools 1 Ecommerce-website-in-php 2025-07-17 4.3 Medium
A vulnerability, which was classified as problematic, has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-22923 1 Os4ed 1 Opensis 2025-07-17 8.8 High
An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal and delete files by sending a crafted POST request to /Modules.php?modname=users/Staff.php&removefile.
CVE-2024-47823 1 Laravel 1 Livewire 2025-07-17 N/A
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire prior to `2.12.7` and `v3.5.2`, the file extension of an uploaded file is guessed based on the MIME type. As a result, the actual file extension from the file name is not validated. An attacker can therefore bypass the validation by uploading a file with a valid MIME type (e.g., `image/png`) and a “.php” file extension. If the following criteria are met, the attacker can carry out an RCE attack: 1. Filename is composed of the original file name using `$file->getClientOriginalName()`. 2. Files stored directly on your server in a public storage disk. 3. Webserver is configured to execute “.php” files. This issue has been addressed in release versions `2.12.7` and `3.5.2`. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2025-22927 1 Os4ed 1 Opensis 2025-07-17 9.1 Critical
An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal by sending a crafted POST request to /Modules.php?modname=messaging/Inbox.php&modfunc=save&filename.
CVE-2025-22931 1 Os4ed 1 Opensis 2025-07-17 7.5 High
An insecure direct object reference (IDOR) in the component /assets/stafffiles of OS4ED openSIS v7.0 to v9.1 allows unauthenticated attackers to access files uploaded by staff members.
CVE-2025-20950 1 Samsung 1 Notes 2025-07-17 4 Medium
Use of implicit intent for sensitive communication in SamsungNotes prior to version 4.4.26.45 allows local attackers to access sensitive information.
CVE-2025-20951 1 Samsung 1 Galaxy Store 2025-07-17 5.1 Medium
Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.
CVE-2025-3323 1 Godcheese 1 Nimrod 2025-07-17 6.3 Medium
A vulnerability classified as critical was found in godcheese/code-projects Nimrod 0.8. Affected by this vulnerability is the function searchAllByName of the file ViewMenuCategoryRestController.java. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2876 2 Melapress, Wordpress 2 Melapress Login Security, Wordpress 2025-07-17 5.3 Medium
The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user.
CVE-2025-26186 2 Opensis, Os4ed 2 Opensis, Opensis 2025-07-17 8.1 High
SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php
CVE-2024-42650 1 Emqx 1 Nanomq 2025-07-17 7.5 High
NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.
CVE-2025-7596 1 Tenda 2 Fh1205, Fh1205 Firmware 2025-07-17 8.8 High
A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been rated as critical. This issue affects the function formWifiExtraSet of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.