Filtered by vendor
Subscriptions
Total
314439 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2025-10283 | 1 Blsops | 1 Bbot | 2025-10-14 | 9.6 Critical |
BBOT's gitdumper module could be abused to execute commands through a malicious git repository. | ||||
CVE-2025-61532 | 1 Meeco | 1 Svx Portal | 2025-10-14 | 6.1 Medium |
Cross Site Scripting vulnerability in SVX Portal v.2.7A to execute arbitrary code via the TG parameter on last_heard_page.php component | ||||
CVE-2025-61862 | 2025-10-14 | 7.8 High | ||
An out-of-bounds read vulnerability exists in VS6ComFile!get_ovlp_element_size of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution. | ||||
CVE-2025-11551 | 1 Code-projects | 1 Student Result Manager | 2025-10-14 | 6.3 Medium |
A vulnerability was determined in code-projects Student Result Manager 1.0. This affects an unknown function of the file src/students/Database.java. This manipulation of the argument roll/name/gpa causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
CVE-2025-11579 | 2025-10-14 | 5.3 Medium | ||
github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash. | ||||
CVE-2025-21052 | 2025-10-14 | 4 Medium | ||
Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption. | ||||
CVE-2025-21054 | 2025-10-14 | 4 Medium | ||
Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory. | ||||
CVE-2025-21055 | 2025-10-14 | 4.3 Medium | ||
Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory. | ||||
CVE-2025-21058 | 2025-10-14 | 7.3 High | ||
Improper access control in Routines prior to version 4.8.7.1 in Android 15 and 4.9.6.0 in Android 16 allows local attackers to potentially execute arbitrary code with SystemUI privilege. | ||||
CVE-2025-21063 | 2025-10-14 | 4.6 Medium | ||
Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen. | ||||
CVE-2025-21065 | 2025-10-14 | 6.6 Medium | ||
Improper input validation in Retail Mode prior to version 5.59.11 allows self attackers to execute privileged commands on their own devices. | ||||
CVE-2025-21066 | 2025-10-14 | 4 Medium | ||
Out-of-bounds read in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory. | ||||
CVE-2025-21067 | 2025-10-14 | 4 Medium | ||
Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory. | ||||
CVE-2025-25018 | 2025-10-14 | 8.7 High | ||
Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS) | ||||
CVE-2025-30001 | 2025-10-14 | 7.3 High | ||
Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue. | ||||
CVE-2025-40640 | 2025-10-14 | N/A | ||
Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/create_invoice_submit.php”, using the “customerName_0” parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details. | ||||
CVE-2025-21046 | 2025-10-14 | 2.4 Low | ||
Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows physical attackers to temporarily access to recent app list. | ||||
CVE-2025-21047 | 2025-10-14 | 5.2 Medium | ||
Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs. | ||||
CVE-2025-41088 | 2025-10-14 | N/A | ||
Stored Cross-Site Scripting (XSS) in Xibo Signage's Xibo CMS v4.1.2, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create a template in the 'Templates' section, then add a text element in the 'Global Elements' section, and finally modify the 'Text' field in the section with the malicious payload. | ||||
CVE-2025-21049 | 2025-10-14 | 5.5 Medium | ||
Improper access control in SecSettings prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability. |