Export limit exceeded: 10707 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366299 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366299 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48554 | 1 Google | 1 Android | 2025-09-05 | 6.1 Medium |
| In handlePackagesChanged of DevicePolicyManagerService.java, there is a possible persistent denial of service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-48559 | 1 Google | 1 Android | 2025-09-05 | 5.5 Medium |
| In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-26432 | 1 Google | 1 Android | 2025-09-05 | 5.5 Medium |
| In multiple locations, there is a possible way to persistently DoS the device due to a missing length check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-32322 | 1 Google | 1 Android | 2025-09-05 | 7.8 High |
| In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-35657 | 1 Google | 1 Android | 2025-09-05 | 4 Medium |
| In bta_av_config_ind of bta_av_aact.cc, there is a possible out of bounds read due to type confusion. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-0087 | 1 Google | 1 Android | 2025-09-05 | 5.1 Medium |
| In onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-50565 | 1 Doubo Erp Project | 1 Doubo Erp | 2025-09-05 | 6.5 Medium |
| Doubo ERP 1.0 has an SQL injection vulnerability due to a lack of filtering of user input, which can be remotely initiated by an attacker. | ||||
| CVE-2025-51966 | 1 U-tools | 1 Utools | 2025-09-05 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes within the application's privileged context, potentially allowing attackers to steal sensitive data or perform unauthorized actions. | ||||
| CVE-2022-42124 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-09-05 | 7.5 High |
| ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the 'name' field of a layout prototype. | ||||
| CVE-2022-42123 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-09-05 | 7.5 High |
| A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin. | ||||
| CVE-2022-42122 | 1 Liferay | 2 Dxp, Liferay Portal | 2025-09-05 | 9.8 Critical |
| A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL. | ||||
| CVE-2022-42121 | 1 Liferay | 3 Digital Experience Platform, Dxp, Liferay Portal | 2025-09-05 | 8.8 High |
| A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected into a page template's 'Name' field. | ||||
| CVE-2022-42120 | 1 Liferay | 2 Dxp, Liferay Portal | 2025-09-05 | 9.8 Critical |
| A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' `namespace` attribute. | ||||
| CVE-2021-20039 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2025-09-05 | 8.8 High |
| Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | ||||
| CVE-2025-55476 | 1 Shaneisrael | 1 Fireshare | 2025-09-05 | 6.5 Medium |
| FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the endpoint: GET /api/videos/public?sort= This parameter is unsafely evaluated in a SQL ORDER BY clause without proper sanitization, allowing an attacker to inject arbitrary SQL subqueries. | ||||
| CVE-2025-55824 | 1 Modstart | 1 Mostartcms | 2025-09-05 | 6.5 Medium |
| ModStartCMS v9.5.0 has an arbitrary file write vulnerability, which allows attackers to write malicious files and execute malicious commands to obtain sensitive data on the server. | ||||
| CVE-2025-9829 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-09-05 | 7.3 High |
| A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /signup.php. The manipulation of the argument mobilenumber leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. Other parameters might be affected as well. | ||||
| CVE-2025-9830 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-09-05 | 7.3 High |
| A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/add-customer-services.php. The manipulation of the argument sids[] results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-55474 | 1 Brufdev | 1 Many Notes | 2025-09-05 | 6.1 Medium |
| Many Notes 0.10.1 is vulnerable to Cross Site Scripting (XSS), which allows malicious Markdown files to execute JavaScript when viewed. | ||||
| CVE-2025-9767 | 2 Angeljudesuarez, Itsourcecode | 2 Sports Management System, Sports Management System | 2025-09-05 | 7.3 High |
| A vulnerability was determined in itsourcecode Sports Management System 1.0. This affects an unknown function of the file /Admin/sporttype.php. Executing manipulation of the argument code can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||