Export limit exceeded: 25175 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25175 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32323 | 1 Google | 1 Android | 2025-09-08 | 7.8 High |
| In getCallingAppName of Shared.java, there is a possible way to trick users into granting file access via deceptive text in a permission popup due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2014-9199 | 1 Clorius Controls A\/s | 1 Java Web Client | 2025-09-05 | N/A |
| The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic. | ||||
| CVE-2025-26429 | 1 Google | 1 Android | 2025-09-05 | 5.5 Medium |
| In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48527 | 1 Google | 1 Android | 2025-09-05 | 6.2 Medium |
| In multiple locations, there is a possible way to leak hidden work profile notifications due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48537 | 1 Google | 1 Android | 2025-09-05 | 7.1 High |
| In multiple locations, there is a possible way to persistently DoS the device due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48538 | 1 Google | 1 Android | 2025-09-05 | 5.5 Medium |
| In setApplicationHiddenSettingAsUser of PackageManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48559 | 1 Google | 1 Android | 2025-09-05 | 5.5 Medium |
| In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-32322 | 1 Google | 1 Android | 2025-09-05 | 7.8 High |
| In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-43779 | 1 Clear | 1 Clearml Enterprise Server | 2025-09-05 | 7.7 High |
| An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this vulnerability. | ||||
| CVE-2025-24970 | 3 Netapp, Netty, Redhat | 12 Active Iq Unified Manager, Oncommand Insight, Netty and 9 more | 2025-09-05 | 7.5 High |
| Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually. | ||||
| CVE-2023-47799 | 1 Mahara | 1 Mahara | 2025-09-05 | 7.5 High |
| Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the cache is not cleared after the files of one account are exported. | ||||
| CVE-2025-29992 | 1 Mahara | 1 Mahara | 2025-09-05 | 7.5 High |
| Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy. | ||||
| CVE-2024-39335 | 1 Mahara | 1 Mahara | 2025-09-05 | 9.1 Critical |
| Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the 'Current submissions' page: Administration -> Groups -> Submissions. | ||||
| CVE-2023-21472 | 1 Samsung | 4 Android, Exynos, Mobile and 1 more | 2025-09-05 | 6.8 Medium |
| Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader. | ||||
| CVE-2023-21473 | 1 Samsung | 4 Android, Exynos, Mobile and 1 more | 2025-09-05 | 6.8 Medium |
| Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader. | ||||
| CVE-2025-36895 | 1 Google | 1 Android | 2025-09-05 | 7.5 High |
| Information disclosure | ||||
| CVE-2025-6600 | 1 Github | 1 Enterprise Server | 2025-09-05 | 4.3 Medium |
| An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This issue could be exploited by leveraging a user-to-server token with no scopes via the Search API endpoint. Successful exploitation required an organization administrator to install a malicious GitHub App in the organization’s repositories. This vulnerability impacted only GitHub Enterprise Server version 3.17 and was addressed in version 3.17.2. The vulnerability was reported through the GitHub Bug Bounty program. | ||||
| CVE-2024-51741 | 2 Redhat, Redis | 2 Enterprise Linux, Redis | 2025-09-05 | 4.4 Medium |
| Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2. | ||||
| CVE-2024-52802 | 1 Riot-os | 1 Riot | 2025-09-04 | 7.5 High |
| RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after processing `dhcpv6_msg_t`. This omission could lead to an out-of-bound read, causing system inconsistency. Additionally, the same lack of a header length check is present in the function `_preparse_advertise`, which is called by `_parse_advertise` before handling the request. As of time of publication, no known patched version exists. | ||||
| CVE-2024-31449 | 2 Redhat, Redis | 3 Discovery, Enterprise Linux, Redis | 2025-09-04 | 7 High |
| Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||