Total
308619 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22405 | 1 Google | 1 Android | 2025-09-02 | N/A | 8.4 HIGH |
| In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22406 | 1 Google | 1 Android | 2025-09-02 | N/A | 8.4 HIGH |
| In bnepu_check_send_packet of bnep_utils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22407 | 1 Google | 1 Android | 2025-09-02 | N/A | 5.5 MEDIUM |
| In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22408 | 1 Google | 1 Android | 2025-09-02 | N/A | 9.8 CRITICAL |
| In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22409 | 1 Google | 1 Android | 2025-09-02 | N/A | 8.4 HIGH |
| In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22410 | 1 Google | 1 Android | 2025-09-02 | N/A | 8.4 HIGH |
| In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22411 | 1 Google | 1 Android | 2025-09-02 | N/A | 8.8 HIGH |
| In process_service_attr_rsp of sdp_discovery.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22412 | 1 Google | 1 Android | 2025-09-02 | N/A | 8.8 HIGH |
| In multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22413 | 1 Google | 1 Android | 2025-09-02 | N/A | 4.0 MEDIUM |
| In multiple functions of hyp-main.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26417 | 1 Google | 1 Android | 2025-09-02 | N/A | 4.0 MEDIUM |
| In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-35112 | 1 Atlassian | 1 Agiloft | 2025-09-02 | N/A | 4.1 MEDIUM |
| Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31. | |||||
| CVE-2025-35113 | 1 Atlassian | 1 Agiloft | 2025-09-02 | N/A | 5.9 MEDIUM |
| Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31. | |||||
| CVE-2025-35114 | 1 Atlassian | 1 Agiloft | 2025-09-02 | N/A | 7.5 HIGH |
| Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30. | |||||
| CVE-2025-35115 | 1 Atlassian | 1 Agiloft | 2025-09-02 | N/A | 8.1 HIGH |
| Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30. | |||||
| CVE-2025-9502 | 1 Campcodes | 1 Online Loan Management System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in Campcodes Online Loan Management System 1.0. This impacts an unknown function of the file /ajax.php?action=save_payment. Executing manipulation of the argument loan_id can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-9503 | 1 Campcodes | 1 Online Loan Management System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A security vulnerability has been detected in Campcodes Online Loan Management System 1.0. Affected is an unknown function of the file /ajax.php?action=save_borrower. The manipulation of the argument lastname leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-9504 | 1 Campcodes | 1 Online Loan Management System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in Campcodes Online Loan Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_plan. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. | |||||
| CVE-2025-9505 | 1 Campcodes | 1 Online Loan Management System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in Campcodes Online Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_loan_type. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | |||||
| CVE-2025-9506 | 1 Campcodes | 1 Online Loan Management System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in Campcodes Online Loan Management System 1.0. This affects an unknown part of the file /ajax.php?action=delete_plan. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote location. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-49592 | 1 N8n | 1 N8n | 2025-09-02 | N/A | 4.6 MEDIUM |
| n8n is a workflow automation platform. Versions prior to 1.98.0 have an Open Redirect vulnerability in the login flow. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misleading redirect query parameter. This may lead to phishing attacks by impersonating the n8n UI on lookalike domains (e.g., n8n.local.evil.com), credential or 2FA theft if users are tricked into re-entering sensitive information, and/or reputation risk due to the visual similarity between attacker-controlled domains and trusted ones. The vulnerability affects anyone hosting n8n and exposing the `/signin` endpoint to users. The issue has been patched in version 1.98.0. All users should upgrade to this version or later. The fix introduces strict origin validation for redirect URLs, ensuring only same-origin or relative paths are allowed after login. | |||||