Total
95079 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21033 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 4.0 MEDIUM |
| Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information. | |||||
| CVE-2025-21032 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 5.9 MEDIUM |
| Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions. | |||||
| CVE-2025-21029 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 4.0 MEDIUM |
| Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display. | |||||
| CVE-2025-21028 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 5.5 MEDIUM |
| Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items. | |||||
| CVE-2025-21026 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 4.0 MEDIUM |
| Improper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the call. | |||||
| CVE-2025-21027 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 5.1 MEDIUM |
| Improper verification of intent by broadcast receiver in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to temporarily disable the SIM. | |||||
| CVE-2025-21025 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 5.1 MEDIUM |
| Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background execution management. | |||||
| CVE-2025-55472 | 1 Tirreno | 1 Tirreno | 2025-09-11 | N/A | 6.5 MEDIUM |
| SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in the /admin/loadUsers API endpoint. The vulnerability arises due to unsafe handling of user-supplied input in the columns[0][data] parameter, which is directly used in SQL queries without proper validation or parameterization. | |||||
| CVE-2025-55373 | 1 Beakon | 1 Beakon | 2025-09-11 | N/A | 5.3 MEDIUM |
| Incorrect access control in Beakon Application before v5.4.3 allows authenticated attackers with low-level privileges to escalate privileges and execute commands with Administrator rights. | |||||
| CVE-2025-55372 | 1 Beakon | 1 Beakon | 2025-09-11 | N/A | 5.3 MEDIUM |
| An arbitrary file upload vulnerability in Beakon Application before v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2025-9758 | 1 Deepakmisal24 | 1 Chemical Inventory Management System | 2025-09-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in deepakmisal24 Chemical Inventory Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /inventory_form.php. Such manipulation of the argument chem_name leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used. | |||||
| CVE-2025-59019 | 1 Typo3 | 1 Typo3 | 2025-09-11 | N/A | 4.3 MEDIUM |
| Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them. | |||||
| CVE-2025-59018 | 1 Typo3 | 1 Typo3 | 2025-09-11 | N/A | 6.5 MEDIUM |
| Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access. | |||||
| CVE-2025-56556 | 2025-09-11 | N/A | 6.5 MEDIUM | ||
| An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated privileges in the context of the SQL query tool. | |||||
| CVE-2024-51720 | 2025-09-11 | N/A | 4.8 MEDIUM | ||
| An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone number. | |||||
| CVE-2024-12347 | 1 Huayi-tec | 1 Jeewms | 2025-09-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewms_war/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-11251 | 1 Huayi-tec | 1 Jeewms | 2025-09-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in erzhongxmu Jeewms up to 20241108. It has been rated as critical. This issue affects some unknown processing of the file cgReportController.do of the component AuthInterceptor. The manipulation of the argument begin_date leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Other parameters might be affected as well. | |||||
| CVE-2025-0390 | 1 Huayi-tec | 1 Jeewms | 2025-09-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-0391 | 1 Huayi-tec | 1 Jeewms | 2025-09-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This issue affects the function saveOrUpdate of the file org/jeecgframework/web/cgform/controller/build/CgFormBuildController. java. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2023-38327 | 1 Egroupware | 1 Egroupware | 2025-09-11 | N/A | 5.3 MEDIUM |
| An issue was discovered in eGroupWare 17.1.20190111. A User Enumeration vulnerability exists under calendar/freebusy.php, which allows unauthenticated remote attackers to enumerate the users of web applications based on server response. | |||||