Export limit exceeded: 16014 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366625 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366625 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-10066 2 Facebook-kimmymatillano, Itsourcecode 2 Point Of Sale System, Pos Point Of Sale System 2025-09-09 4.3 Medium
A security vulnerability has been detected in itsourcecode POS Point of Sale System 1.0. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dymanic_table.php. Such manipulation of the argument scripts leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
CVE-2025-10067 2 Facebook-kimmymatillano, Itsourcecode 2 Point Of Sale System, Pos Point Of Sale System 2025-09-09 4.3 Medium
A vulnerability was detected in itsourcecode POS Point of Sale System 1.0. The impacted element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/empty_table.php. Performing manipulation of the argument scripts results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVE-2025-10068 2 Emiloi, Itsourcecode 2 Online Discussion Forum, Online Discussion Forum 2025-09-09 7.3 High
A flaw has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin/admin_forum/add_views.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVE-2025-55103 1 Esri 1 Portal For Arcgis 2025-09-09 4.8 Medium
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.
CVE-2025-10078 2 Razormist, Sourcecodester 2 Online Polling System, Online Polling System 2025-09-09 7.3 High
A vulnerability was detected in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/candidates.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
CVE-2025-10082 2 Razormist, Sourcecodester 2 Online Polling System, Online Polling System 2025-09-09 7.3 High
A vulnerability has been found in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/manage-admins.php. Such manipulation of the argument email leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-21483 1 Samsung 1 Galaxy Store 2025-09-09 6.4 Medium
Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service.
CVE-2025-21036 1 Samsung 1 Notes 2025-09-09 5 Medium
Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability.
CVE-2025-21037 1 Samsung 1 Notes 2025-09-09 4.1 Medium
Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. User interaction is required for triggering this vulnerability.
CVE-2021-32024 1 Blackberry 1 Qnx Software Development Platform 2025-09-09 8.1 High
A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.
CVE-2025-55944 1 Slinkapp 1 Slink 2025-09-09 6.1 Medium
Slink v1.4.9 allows stored cross-site scripting (XSS) via crafted SVG uploads. When a user views the shared image in a new browser tab, the embedded JavaScript executes. The issue affects both authenticated and unauthenticated users.
CVE-2025-56435 1 Foxcms 1 Foxcms 2025-09-09 5.3 Medium
SQL Injection vulnerability in FoxCMS v1.2.6 and before allows a remote attacker to execute arbitrary code via the. file /DataBackup.php and the operation on the parameter id.
CVE-2025-56498 2 Boa, Prolink2u 3 Boa, Pgn6401v, Pgn6401v Firmware 2025-09-09 5.3 Medium
An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. The ping6.asp page submits user input to the /boaform/formPing6 endpoint via the pingAddr parameter, which is not properly sanitized. An authenticated attacker can exploit this flaw by injecting arbitrary system commands, which are executed by the underlying operating system with root privileges. The router uses the Boa web server (version 0.93.15) to handle the request. Successful exploitation can lead to full system compromise and unauthorized control of the network device.
CVE-2025-10077 2 Razormist, Sourcecodester 2 Online Polling System, Online Polling System 2025-09-09 7.3 High
A security vulnerability has been detected in SourceCodester Online Polling System 1.0. This impacts an unknown function of the file /registeracc.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-10076 2 Razormist, Sourcecodester 2 Online Polling System, Online Polling System 2025-09-09 7.3 High
A weakness has been identified in SourceCodester Online Polling System 1.0. This affects an unknown function of the file /manage-profile.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-10075 2 Razormist, Sourcecodester 2 Online Polling System, Online Polling System 2025-09-09 3.5 Low
A security flaw has been discovered in SourceCodester Online Polling System 1.0. The impacted element is an unknown function of the file /manage-profile.php. The manipulation of the argument firstname results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
CVE-2025-10074 1 Portabilis 1 I-educar 2025-09-09 3.5 Low
A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /usuarios/tipos/. The manipulation of the argument Tipos de Usuário/Descrição leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used.
CVE-2025-10073 1 Portabilis 1 I-educar 2025-09-09 4.3 Medium
A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-10072 1 Portabilis 1 I-educar 2025-09-09 6.3 Medium
A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturmar/. Performing manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
CVE-2025-51667 1 Ryansu 1 Simple Admin 2025-09-09 7 High
An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations.