Search Results (14138 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-10066 2 Facebook-kimmymatillano, Itsourcecode 2 Point Of Sale System, Pos Point Of Sale System 2025-09-09 4.3 Medium
A security vulnerability has been detected in itsourcecode POS Point of Sale System 1.0. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dymanic_table.php. Such manipulation of the argument scripts leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
CVE-2025-10067 2 Facebook-kimmymatillano, Itsourcecode 2 Point Of Sale System, Pos Point Of Sale System 2025-09-09 4.3 Medium
A vulnerability was detected in itsourcecode POS Point of Sale System 1.0. The impacted element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/empty_table.php. Performing manipulation of the argument scripts results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVE-2025-10075 2 Razormist, Sourcecodester 2 Online Polling System, Online Polling System 2025-09-09 3.5 Low
A security flaw has been discovered in SourceCodester Online Polling System 1.0. The impacted element is an unknown function of the file /manage-profile.php. The manipulation of the argument firstname results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
CVE-2025-10074 1 Portabilis 1 I-educar 2025-09-09 3.5 Low
A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /usuarios/tipos/. The manipulation of the argument Tipos de Usuário/Descrição leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used.
CVE-2025-9922 1 Campcodes 1 Sales And Inventory System 2025-09-09 4.3 Medium
A security vulnerability has been detected in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Such manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-9921 1 Code-projects 2 Pharmacy Management System, Pos Pharmacy System 2025-09-09 2.4 Low
A weakness has been identified in code-projects POS Pharmacy System 1.0. Affected is an unknown function of the file /main/products.php. This manipulation of the argument product_code/gen_name/product_name/supplier causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
CVE-2024-37777 1 Zoneland 1 O2oa 2025-09-09 8.8 High
O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function.
CVE-2025-30678 2 Microsoft, Trendmicro 2 Windows, Apex Central 2025-09-08 6.5 Medium
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
CVE-2025-30679 2 Microsoft, Trendmicro 2 Windows, Apex Central 2025-09-08 6.5 Medium
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
CVE-2025-30680 2 Microsoft, Trendmicro 2 Windows, Apex Central 2025-09-08 7.5 High
A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this vulnerability only affects the SaaS instance of Apex Central - customers that automatically apply Trend Micro's monthly maintenance releases to the SaaS instance do not have to take any further action.
CVE-2025-10088 2 Rems, Sourcecodester 2 Personal Time Tracker, Time Tracker 2025-09-08 3.5 Low
A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.
CVE-2025-9929 2 Code-projects, Fabian 2 Responsive Blog Site, Responsive Blog Site 2025-09-08 2.4 Low
A weakness has been identified in code-projects Responsive Blog Site 1.0. This affects an unknown function of the file blogs_view.php. Executing manipulation of the argument product_code/gen_name/product_name/supplier can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-9923 1 Campcodes 1 Sales And Inventory System 2025-09-08 4.3 Medium
A flaw has been found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /index.php. Executing manipulation of the argument page can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used.
CVE-2025-57822 1 Vercel 1 Next.js 2025-09-08 6.5 Medium
Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has been fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function.
CVE-2025-9674 2 Google, Transbyte 2 Android, Scooper News 2025-09-08 5.3 Medium
A flaw has been found in Transbyte Scooper News App up to 1.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.hatsune.eagleee. This manipulation causes improper export of android application components. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-54388 3 Docker, Mirantis, Mobyproject 4 Engine, Moby, Mirantis Container Runtime and 1 more 2025-09-08 4.6 Medium
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules including those created by Docker. While Docker should automatically recreate these rules, versions before 28.3.3 fail to recreate the specific rules that block external access to containers. This means that after a firewalld reload, containers with ports published to localhost (like 127.0.0.1:8080) become accessible from remote machines that have network routing to the Docker bridge, even though they should only be accessible from the host itself. The vulnerability only affects explicitly published ports - unpublished ports remain protected. This issue is fixed in version 28.3.3.
CVE-2025-9675 2 Google, Voice Changer Project 2 Android, Voice Changer 2025-09-08 5.3 Medium
A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing manipulation can lead to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized.
CVE-2025-9676 1 Ncsoft 1 Universe 2025-09-08 5.3 Medium
A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9677 2 Google, Modo 2 Android, Legend Of The Phoenix 2025-09-08 5.3 Medium
A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9845 2 Carmelo, Code-projects 2 Fruit Shop Management System, Fruit Shop Management System 2025-09-08 3.5 Low
A vulnerability has been found in code-projects Fruit Shop Management System 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. Such manipulation of the argument product_code/gen_name/product_name/supplier leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.