Export limit exceeded: 366571 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366571 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29992 | 1 Mahara | 1 Mahara | 2025-09-05 | 7.5 High |
| Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy. | ||||
| CVE-2024-39335 | 1 Mahara | 1 Mahara | 2025-09-05 | 9.1 Critical |
| Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the 'Current submissions' page: Administration -> Groups -> Submissions. | ||||
| CVE-2024-35203 | 1 Mahara | 1 Mahara | 2025-09-05 | 6.1 Medium |
| Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting (XSS) via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system. | ||||
| CVE-2024-47192 | 1 Mahara | 1 Mahara | 2025-09-05 | 5.3 Medium |
| An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download. | ||||
| CVE-2025-21038 | 2 Google, Samsung | 6 Android, Assistant, Mobile and 3 more | 2025-09-05 | 5.1 Medium |
| Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | ||||
| CVE-2024-13308 | 1 Browser Back Button Project | 1 Browser Back Button | 2025-09-05 | 3.8 Low |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Browser Back Button allows Cross-Site Scripting (XSS).This issue affects Browser Back Button: from 1.0.0 before 2.0.2. | ||||
| CVE-2025-21039 | 2 Google, Samsung | 6 Android, Assistant, Mobile and 3 more | 2025-09-05 | 5.1 Medium |
| Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | ||||
| CVE-2023-21471 | 1 Samsung | 3 Android, Mobile, Samsung Mobile | 2025-09-05 | 4 Medium |
| Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission. | ||||
| CVE-2023-21472 | 1 Samsung | 4 Android, Exynos, Mobile and 1 more | 2025-09-05 | 6.8 Medium |
| Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader. | ||||
| CVE-2023-21473 | 1 Samsung | 4 Android, Exynos, Mobile and 1 more | 2025-09-05 | 6.8 Medium |
| Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader. | ||||
| CVE-2025-21040 | 2 Google, Samsung | 6 Android, Assistant, Mobile and 3 more | 2025-09-05 | 5.1 Medium |
| Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | ||||
| CVE-2025-21031 | 1 Samsung | 2 Android, Mobile Devices | 2025-09-05 | 6.8 Medium |
| Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs. | ||||
| CVE-2025-9927 | 1 Projectworlds | 1 Travel Management System | 2025-09-05 | 7.3 High |
| A vulnerability was identified in projectworlds Travel Management System 1.0. The affected element is an unknown function of the file /viewpackage.php. Such manipulation of the argument t1 leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used. | ||||
| CVE-2025-9928 | 1 Projectworlds | 1 Travel Management System | 2025-09-05 | 7.3 High |
| A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument t1 results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-36892 | 1 Google | 1 Android | 2025-09-05 | 7.5 High |
| Denial of service | ||||
| CVE-2025-36893 | 1 Google | 1 Android | 2025-09-05 | 5.5 Medium |
| In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36894 | 1 Google | 1 Android | 2025-09-05 | 7.5 High |
| In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-36895 | 1 Google | 1 Android | 2025-09-05 | 7.5 High |
| Information disclosure | ||||
| CVE-2025-36909 | 1 Google | 1 Android | 2025-09-05 | 5.3 Medium |
| Information disclosure | ||||
| CVE-2025-21623 | 1 Oxygenz | 1 Clipbucket | 2025-09-05 | 7.5 High |
| ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service. | ||||