Export limit exceeded: 363866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363866 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-20900 1 Samsung 1 Blockchain Keystore 2025-07-17 6.3 Medium
Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory.
CVE-2025-20898 1 Samsung 1 Members 2025-07-17 4.6 Medium
Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user profiles.
CVE-2025-20894 1 Samsung 1 Email 2025-07-17 4.6 Medium
Improper access control in Samsung Email prior to version 6.1.97.1 allows physical attackers to access data across multiple user profiles.
CVE-2025-2942 2 Tychesoftwares, Wordpress 2 Order Delivery Date For Woocommerce, Wordpress 2025-07-17 4.3 Medium
The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information
CVE-2025-28245 1 Alteryx 1 Alteryx Server 2025-07-17 6.1 Medium
Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body.
CVE-2025-28244 1 Alteryx 1 Alteryx Server 2025-07-17 8.8 High
Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover
CVE-2025-20949 1 Samsung 1 Members 2025-07-17 5.1 Medium
Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members.
CVE-2025-20976 2 Samsung, Samsung Mobile 2 Notes, Samsung Notes 2025-07-17 5.5 Medium
Out-of-bounds read in applying binary of text content in Samsung Notes prior to version 4.4.29.23 allows attackers to read out-of-bounds memory.
CVE-2024-12498 2025-07-16 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-53886 2 Directus, Monospace 2 Directus, Directus 2025-07-16 4.5 Medium
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in cookies. Malicious admins with access to the logs can hijack the user sessions within the token expiration time of them triggering the Flow. Version 11.9.0 fixes the issue.
CVE-2025-53885 2 Directus, Monospace 2 Directus, Directus 2025-07-16 4.2 Medium
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows to handle CRUD events for users it is possible to log the incoming data to console using the "Log to Console" operation and a template string. Malicious admins can log sensitive data from other users when they are created or updated. Version 11.9.0 contains a fix for the issue. As a workaround, avoid logging sensitive data to the console outside the context of development.
CVE-2025-53887 2 Directus, Monospace 2 Directus, Directus 2025-07-16 5.3 Medium
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the `/server/specs/oas` endpoint without authentication. With the exact version information a malicious attacker can look for known vulnerabilities in Directus core or any of its shipped dependencies in that specific running version. Version 11.9.0 fixes the issue.
CVE-2025-53889 2 Directus, Monospace 2 Directus, Directus 2025-07-16 6.5 Medium
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow. Depending on what the Flow is set up to do this can lead to the Flow executing potential tasks on the attacker's behalf without authenticating. Bad actors could execute the manual trigger Flows without authentication, or access rights to the said collection(s) or item(s). Users with manual trigger Flows configured are impacted as these endpoints do not currently validate if the user has read access to `directus_flows` or to the relevant collection/items. The manual trigger Flows should have tighter security requirements as compared to webhook Flows where users are expected to perform do their own checks. Version 11.9.0 fixes the issue. As a workaround, implement permission checks for read access to Flows and read access to relevant collection/items.
CVE-2025-50091 1 Oracle 2 Mysql, Mysql Server 2025-07-16 4.9 Medium
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-50104 1 Oracle 2 Mysql, Mysql Server 2025-07-16 2.7 Low
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
CVE-2025-50094 1 Oracle 2 Mysql, Mysql Server 2025-07-16 4.9 Medium
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.42, 8.4.5 and 9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-53029 1 Oracle 1 Vm Virtualbox 2025-07-16 2.3 Low
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).
CVE-2025-50097 1 Oracle 2 Mysql, Mysql Server 2025-07-16 4.9 Medium
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-50095 1 Oracle 2 Mysql, Mysql Server 2025-07-16 4.9 Medium
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-50096 1 Oracle 2 Mysql, Mysql Server 2025-07-16 4.4 Medium
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).