Total
308619 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9476 | 1 Nelzkie15 | 1 Human Resource Information System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in SourceCodester Human Resource Information System 1.0. Affected by this issue is some unknown functionality of the file /Superadmin_Dashboard/process/editemployee_process.php. Such manipulation of the argument employee_file201 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9475 | 1 Nelzkie15 | 1 Human Resource Information System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in SourceCodester Human Resource Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin_Dashboard/process/editemployee_process.php. This manipulation of the argument employee_file201 causes unrestricted upload. The attack may be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2025-9473 | 1 Oretnom23 | 1 Online Bank Management System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. This impacts an unknown function of the file /feedback.php. The manipulation of the argument msg leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-9472 | 1 Admerc | 1 Apartment Management System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /owner_utility/add_owner_utility.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-9471 | 1 Admerc | 1 Apartment Management System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /maintenance/add_maintenance_cost.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9470 | 1 Admerc | 1 Apartment Management System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /management/add_m_committee.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2025-0080 | 1 Google | 1 Android | 2025-09-02 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-0079 | 1 Google | 1 Android | 2025-09-02 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-9469 | 1 Admerc | 1 Apartment Management System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /fund/add_fund.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-9468 | 1 Admerc | 1 Apartment Management System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /bill/add_bill.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-5731 | 2 Infinispan, Redhat | 4 Infinispan, Data Grid, Jboss Enterprise Application Platform and 1 more | 2025-09-02 | N/A | 6.2 MEDIUM |
| A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found. | |||||
| CVE-2025-0081 | 1 Google | 1 Android | 2025-09-02 | N/A | 7.5 HIGH |
| In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is a possible way to cause a crash due to uninitialized data. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-0082 | 1 Google | 1 Android | 2025-09-02 | N/A | 5.5 MEDIUM |
| In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-0083 | 1 Google | 1 Android | 2025-09-02 | N/A | 4.0 MEDIUM |
| In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-0084 | 1 Google | 1 Android | 2025-09-02 | N/A | 8.8 HIGH |
| In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-0086 | 1 Google | 1 Android | 2025-09-02 | N/A | 6.2 MEDIUM |
| In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-0092 | 1 Google | 1 Android | 2025-09-02 | N/A | 6.5 MEDIUM |
| In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-0093 | 1 Google | 1 Android | 2025-09-02 | N/A | 7.5 HIGH |
| In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-22403 | 1 Google | 1 Android | 2025-09-02 | N/A | 9.8 CRITICAL |
| In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22404 | 1 Google | 1 Android | 2025-09-02 | N/A | 8.4 HIGH |
| In avct_lcb_msg_ind of avct_lcb_act.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||