Export limit exceeded: 366624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366624 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-10070 1 Portabilis 1 I-educar 2025-09-09 6.3 Medium
A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be carried out remotely. The exploit has been published and may be used.
CVE-2025-10062 1 Itsourcecode 1 Student Information Management System 2025-09-09 7.3 High
A vulnerability was determined in itsourcecode Student Information Management System 1.0. This affects an unknown part of the file /admin/login.php. Executing manipulation of the argument uname can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-9922 1 Campcodes 1 Sales And Inventory System 2025-09-09 4.3 Medium
A security vulnerability has been detected in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Such manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-9921 1 Code-projects 2 Pharmacy Management System, Pos Pharmacy System 2025-09-09 2.4 Low
A weakness has been identified in code-projects POS Pharmacy System 1.0. Affected is an unknown function of the file /main/products.php. This manipulation of the argument product_code/gen_name/product_name/supplier causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-55422 1 Foxcms 1 Foxcms 2025-09-09 8.8 High
In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus.
CVE-2025-58050 1 Pcre 1 Pcre2 2025-09-09 9.1 Critical
The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.
CVE-2025-49155 1 Trendmicro 3 Apex One, Apexone Op, Apexone Saas 2025-09-09 8.8 High
An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations.
CVE-2025-49156 1 Trendmicro 3 Apex One, Apexone Op, Apexone Saas 2025-09-09 7 High
A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2024-37777 1 Zoneland 1 O2oa 2025-09-09 8.8 High
O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function.
CVE-2025-49157 1 Trendmicro 3 Apex One, Apexone Op, Apexone Saas 2025-09-09 7.8 High
A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2025-49158 1 Trendmicro 3 Apex One, Apexone Op, Apexone Saas 2025-09-09 6.7 Medium
An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2025-55582 1 Dlink 2 Dcs-825l, Dcs-825l Firmware 2025-09-09 6.6 Medium
D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported.
CVE-2023-32701 1 Blackberry 1 Qnx Software Development Platform 2025-09-09 7.1 High
Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.
CVE-2025-30642 2 Microsoft, Trendmicro 2 Windows, Deep Security Agent 2025-09-09 5.5 Medium
A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2025-30641 2 Microsoft, Trendmicro 2 Windows, Deep Security Agent 2025-09-09 7.8 High
A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2025-30640 2 Microsoft, Trendmicro 2 Windows, Deep Security Agent 2025-09-09 7.8 High
A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2024-55955 2 Microsoft, Trendmicro 2 Windows, Deep Security Agent 2025-09-09 6.7 Medium
An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2024-46916 1 Dieboldnixdorf 1 Vynamic Security Suite 2025-09-09 8.1 High
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file). This can allow code execution and, in some versions, enable recovery of TPM Disk Encryption keys and decryption of the Windows system partition.
CVE-2025-0289 1 Paragon-software 6 Paragon Backup \& Recovery, Paragon Disk Wiper, Paragon Drive Copy and 3 more 2025-09-09 7.8 High
Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.
CVE-2024-46917 1 Dieboldnixdorf 1 Vynamic Security Suite 2025-09-09 8.1 High
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and full control of the Windows OS, e.g., through ~/.profile changes.