Export limit exceeded: 344709 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344709 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58444 | 2025-09-09 | N/A | ||
| The MCP inspector is a developer tool for testing and debugging MCP servers. A cross-site scripting issue was reported in versions of the MCP Inspector local development tool prior to 0.16.6 when connecting to untrusted remote MCP servers with a malicious redirect URI. This could be leveraged to interact directly with the inspector proxy to trigger arbitrary command execution. Users are advised to update to 0.16.6 to resolve this issue. | ||||
| CVE-2025-52389 | 2025-09-09 | 8.8 High | ||
| An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitive data for other users via a crafted HTTP request. | ||||
| CVE-2023-21483 | 1 Samsung | 1 Galaxy Store | 2025-09-09 | 6.4 Medium |
| Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service. | ||||
| CVE-2025-21036 | 1 Samsung | 1 Notes | 2025-09-09 | 5 Medium |
| Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability. | ||||
| CVE-2025-21037 | 1 Samsung | 1 Notes | 2025-09-09 | 4.1 Medium |
| Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. User interaction is required for triggering this vulnerability. | ||||
| CVE-2021-32024 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-09-09 | 8.1 High |
| A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process. | ||||
| CVE-2025-55944 | 1 Slinkapp | 1 Slink | 2025-09-09 | 6.1 Medium |
| Slink v1.4.9 allows stored cross-site scripting (XSS) via crafted SVG uploads. When a user views the shared image in a new browser tab, the embedded JavaScript executes. The issue affects both authenticated and unauthenticated users. | ||||
| CVE-2025-56435 | 1 Foxcms | 1 Foxcms | 2025-09-09 | 5.3 Medium |
| SQL Injection vulnerability in FoxCMS v1.2.6 and before allows a remote attacker to execute arbitrary code via the. file /DataBackup.php and the operation on the parameter id. | ||||
| CVE-2025-56498 | 2 Boa, Prolink2u | 3 Boa, Pgn6401v, Pgn6401v Firmware | 2025-09-09 | 5.3 Medium |
| An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. The ping6.asp page submits user input to the /boaform/formPing6 endpoint via the pingAddr parameter, which is not properly sanitized. An authenticated attacker can exploit this flaw by injecting arbitrary system commands, which are executed by the underlying operating system with root privileges. The router uses the Boa web server (version 0.93.15) to handle the request. Successful exploitation can lead to full system compromise and unauthorized control of the network device. | ||||
| CVE-2025-10077 | 2 Razormist, Sourcecodester | 2 Online Polling System, Online Polling System | 2025-09-09 | 7.3 High |
| A security vulnerability has been detected in SourceCodester Online Polling System 1.0. This impacts an unknown function of the file /registeracc.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-10076 | 2 Razormist, Sourcecodester | 2 Online Polling System, Online Polling System | 2025-09-09 | 7.3 High |
| A weakness has been identified in SourceCodester Online Polling System 1.0. This affects an unknown function of the file /manage-profile.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-10075 | 2 Razormist, Sourcecodester | 2 Online Polling System, Online Polling System | 2025-09-09 | 3.5 Low |
| A security flaw has been discovered in SourceCodester Online Polling System 1.0. The impacted element is an unknown function of the file /manage-profile.php. The manipulation of the argument firstname results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-10074 | 1 Portabilis | 1 I-educar | 2025-09-09 | 3.5 Low |
| A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /usuarios/tipos/. The manipulation of the argument Tipos de Usuário/Descrição leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-10073 | 1 Portabilis | 1 I-educar | 2025-09-09 | 4.3 Medium |
| A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-10072 | 1 Portabilis | 1 I-educar | 2025-09-09 | 6.3 Medium |
| A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturmar/. Performing manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-51667 | 1 Ryansu | 1 Simple Admin | 2025-09-09 | 7 High |
| An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations. | ||||
| CVE-2025-10071 | 1 Portabilis | 1 I-educar | 2025-09-09 | 6.3 Medium |
| A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-10070 | 1 Portabilis | 1 I-educar | 2025-09-09 | 6.3 Medium |
| A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||
| CVE-2025-10062 | 1 Itsourcecode | 1 Student Information Management System | 2025-09-09 | 7.3 High |
| A vulnerability was determined in itsourcecode Student Information Management System 1.0. This affects an unknown part of the file /admin/login.php. Executing manipulation of the argument uname can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-9922 | 1 Campcodes | 1 Sales And Inventory System | 2025-09-09 | 4.3 Medium |
| A security vulnerability has been detected in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Such manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||