Export limit exceeded: 334383 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334383 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21478 | 1 Samsung | 3 Android, Mobile, Samsung Mobile | 2025-09-19 | 6 Medium |
| Improper input validation vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data. | ||||
| CVE-2023-21480 | 1 Samsung | 4 Android, Mobile, Samsung and 1 more | 2025-09-19 | 8.5 High |
| Improper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local attackers to launch privileged activities. | ||||
| CVE-2025-10662 | 1 Seacms | 1 Seacms | 2025-09-19 | 4.7 Medium |
| A vulnerability has been found in SeaCMS up to 13.3. The impacted element is an unknown function of the file /admin_members.php?ac=editsave. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This affects another injection point than CVE-2025-25513. | ||||
| CVE-2025-10664 | 1 Phpgurukul | 1 Small Crm | 2025-09-19 | 7.3 High |
| A vulnerability was determined in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /create-ticket.php. Executing manipulation of the argument subject can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2024-26026 | 1 F5 | 1 Big-ip Next Central Manager | 2025-09-19 | 7.5 High |
| An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2024-21793 | 1 F5 | 1 Big-ip Next Central Manager | 2025-09-19 | 7.5 High |
| An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-40542 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2025-09-19 | 7.5 High |
| When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2014-0773 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. After validation, the values supplied in the HTML are passed to the Windows CreateProcessA API. The validation can be bypassed allowing for running arbitrary command lines. The command line can specify running remote files (example: UNC command line). A function exists at offset 100019B0 of bwocxrun.ocx. Inside this function, there are 3 calls to strstr to check the contents of the user specified command line. If “\setup.exe,” “\bwvbprt.exe,” or “\bwvbprtl.exe” are contained in the command line (strstr returns nonzero value), the command line passes validation and is then passed to CreateProcessA. | ||||
| CVE-2014-0772 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL validation and allows file:// URLs that access the local disk. The method can be used to open a URL (including file URLs) and read the URLs through JavaScript. This method could also be used to reach any arbitrary URL to which the browser has access. | ||||
| CVE-2014-0771 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL validation and allows “file://” URLs that access the local disk. The method can be used to open a URL (including file URLs) and read file URLs through JavaScript. This method could also be used to reach any arbitrary URL to which the browser has access. | ||||
| CVE-2014-0770 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely. | ||||
| CVE-2014-0768 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The attacker may then remotely execute arbitrary code. | ||||
| CVE-2014-0767 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. This will overflow the static stack buffer. The attacker may then execute code on the target device remotely. | ||||
| CVE-2014-0766 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. An attacker may use this vulnerability to remotely execute arbitrary code. | ||||
| CVE-2014-0765 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow the attacker to execute arbitrary code remotely. | ||||
| CVE-2025-21041 | 2 Google, Samsung | 4 Android, Android, Mobile and 1 more | 2025-09-19 | 6.2 Medium |
| Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information. | ||||
| CVE-2025-10668 | 2 Emiloi, Itsourcecode | 2 Online Discussion Forum, Online Discussion Forum | 2025-09-19 | 7.3 High |
| A security vulnerability has been detected in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file /members/compose_msg_admin.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-10670 | 2 Emiloi, Itsourcecode | 2 E-logbook With Health Monitoring System For Covid-19, E-logbook With Health Monitoring System For Covid-19 | 2025-09-19 | 7.3 High |
| A flaw has been found in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /check_profile.php. Executing manipulation of the argument profile_id can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2024-47829 | 1 Pnpm | 1 Pnpm | 2025-09-19 | 6.5 Medium |
| pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name /node_modoules/, there are no version numbers for the libraries they refer to. This issue has been patched in version 10.0.0. | ||||
| CVE-2025-46720 | 1 Keystonejs | 1 Keystone | 2025-09-19 | 3.1 Low |
| Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields. Specifically, when a mutation includes a `where` clause with multiple unique filters (e.g. `id` and `email`), Keystone will attempt to match records even if filtering by the latter fields would normally be rejected by `field.isFilterable` or `list.defaultIsFilterable`. This can allow malicious actors to infer the presence of a particular field value when a filter is successful in returning a result. This affects any project relying on the default or dynamic `isFilterable` behavior (at the list or field level) to prevent external users from using the filtering of fields as a discovery mechanism. While this access control is respected during `findMany` operations, it was not completely enforced during `update` and `delete` mutations when accepting more than one unique `where` values in filters. This has no impact on projects using `isFilterable: false` or `defaultIsFilterable: false` for sensitive fields, or for those who have otherwise omitted filtering by these fields from their GraphQL schema. This issue has been patched in `@keystone-6/core` version 6.5.0. To mitigate this issue in older versions where patching is not a viable pathway, set `isFilterable: false` statically for relevant fields to prevent filtering by them earlier in the access control pipeline (that is, don't use functions); set `{field}.graphql.omit.read: true` for relevant fields, which implicitly removes filtering by these fields from the GraphQL schema; and/or deny `update` and `delete` operations for the relevant lists completely. | ||||