Total
29717 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1701 | 1 Keerti1924 | 1 Php Mysql User Signup Login System | 2025-02-12 | 5.3 Medium |
| A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-21486 | 1 Samsung | 1 Android | 2025-02-12 | 5.3 Medium |
| Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | ||||
| CVE-2023-21485 | 1 Samsung | 1 Android | 2025-02-12 | 5.3 Medium |
| Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | ||||
| CVE-2023-21505 | 1 Samsung | 1 Samsung Core Services | 2025-02-12 | 4 Medium |
| Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox. | ||||
| CVE-2023-21496 | 1 Samsung | 1 Android | 2025-02-12 | 6.1 Medium |
| Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level. | ||||
| CVE-2024-3460 | 1 Kioware | 1 Kioware | 2025-02-12 | 7.4 High |
| In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occurs. Then, by using some built-in function of these applications, one may launch any other programs. In order to exploit this vulnerability external applications must be left running when the KioWare software is launched. Additionally, an attacker must know the PIN set for this Kioware instance and also slow down the application with some specific task which extends the usable time window. | ||||
| CVE-2025-20884 | 1 Samsung | 1 Android | 2025-02-12 | 4.6 Medium |
| Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. | ||||
| CVE-2025-20883 | 1 Samsung | 1 Android | 2025-02-12 | 4.6 Medium |
| Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. | ||||
| CVE-2024-3459 | 1 Kioware | 1 Kioware | 2025-02-12 | 8.4 High |
| KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges. | ||||
| CVE-2025-22303 | 1 Wpmailster | 1 Wp Mailster | 2025-02-11 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0. | ||||
| CVE-2024-53804 | 2 Brandtoss, Wpmailster | 2 Wpmailster, Wp Mailster | 2025-02-11 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0. | ||||
| CVE-2024-5245 | 1 Netgear | 1 Prosafe Network Management System | 2025-02-11 | 7.8 High |
| NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of default MySQL credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22755. | ||||
| CVE-2023-1768 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2025-02-11 | 3.7 Low |
| Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations. | ||||
| CVE-2024-6637 | 1 Wpwebelite | 1 Woocommerce Social Login | 2025-02-11 | 7.3 High |
| The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated privilege escalation in all versions up to, and including, 2.7.3. This is due to a lack of brute force controls on a weak one-time password. This makes it possible for unauthenticated attackers to brute force the one-time password for any user, except an Administrator, if they know the email of user. | ||||
| CVE-2024-46948 | 1 Northern.tech | 1 Mender | 2025-02-10 | 5.3 Medium |
| Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control. | ||||
| CVE-2024-10941 | 1 Mozilla | 1 Firefox | 2025-02-10 | 4.3 Medium |
| A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126. | ||||
| CVE-2024-20885 | 1 Samsung | 1 Android | 2025-02-10 | 5.1 Medium |
| Improper component protection vulnerability in Samsung Dialer prior to SMR May-2024 Release 1 allows local attackers to make a call without proper permission. | ||||
| CVE-2024-20884 | 1 Samsung | 1 Android | 2025-02-10 | 6.2 Medium |
| Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API. | ||||
| CVE-2024-20883 | 1 Samsung | 1 Android | 2025-02-10 | 6.2 Medium |
| Incorrect use of privileged API vulnerability in registerBatteryStatsCallback in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API. | ||||
| CVE-2024-49414 | 1 Samsung | 1 Android | 2025-02-10 | 2.4 Low |
| Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list. | ||||