Export limit exceeded: 366292 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366292 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-29992 1 Mahara 1 Mahara 2025-09-05 7.5 High
Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy.
CVE-2024-39335 1 Mahara 1 Mahara 2025-09-05 9.1 Critical
Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the 'Current submissions' page: Administration -> Groups -> Submissions.
CVE-2024-35203 1 Mahara 1 Mahara 2025-09-05 6.1 Medium
Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting (XSS) via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system.
CVE-2024-47192 1 Mahara 1 Mahara 2025-09-05 5.3 Medium
An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download.
CVE-2025-21038 2 Google, Samsung 6 Android, Assistant, Mobile and 3 more 2025-09-05 5.1 Medium
Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
CVE-2024-13308 1 Browser Back Button Project 1 Browser Back Button 2025-09-05 3.8 Low
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Browser Back Button allows Cross-Site Scripting (XSS).This issue affects Browser Back Button: from 1.0.0 before 2.0.2.
CVE-2025-21039 2 Google, Samsung 6 Android, Assistant, Mobile and 3 more 2025-09-05 5.1 Medium
Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
CVE-2023-21471 1 Samsung 3 Android, Mobile, Samsung Mobile 2025-09-05 4 Medium
Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission.
CVE-2023-21472 1 Samsung 4 Android, Exynos, Mobile and 1 more 2025-09-05 6.8 Medium
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.
CVE-2023-21473 1 Samsung 4 Android, Exynos, Mobile and 1 more 2025-09-05 6.8 Medium
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.
CVE-2025-21040 2 Google, Samsung 6 Android, Assistant, Mobile and 3 more 2025-09-05 5.1 Medium
Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
CVE-2025-21031 1 Samsung 2 Android, Mobile Devices 2025-09-05 6.8 Medium
Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs.
CVE-2025-9927 1 Projectworlds 1 Travel Management System 2025-09-05 7.3 High
A vulnerability was identified in projectworlds Travel Management System 1.0. The affected element is an unknown function of the file /viewpackage.php. Such manipulation of the argument t1 leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
CVE-2025-9928 1 Projectworlds 1 Travel Management System 2025-09-05 7.3 High
A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument t1 results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
CVE-2025-36892 1 Google 1 Android 2025-09-05 7.5 High
Denial of service
CVE-2025-36893 1 Google 1 Android 2025-09-05 5.5 Medium
In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-36894 1 Google 1 Android 2025-09-05 7.5 High
In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-36895 1 Google 1 Android 2025-09-05 7.5 High
Information disclosure
CVE-2025-36909 1 Google 1 Android 2025-09-05 5.3 Medium
Information disclosure
CVE-2025-21623 1 Oxygenz 1 Clipbucket 2025-09-05 7.5 High
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service.