US-CERT Vulnerability Summary for the Week of June 2, 2025
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1000 Projects–ABC Courier Management System | A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. Affected is an unknown function of the file /adminSQL. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 7.3 | CVE-2025-5778 |
| 1000projects–Online Notice Board | A vulnerability classified as critical was found in 1000projects Online Notice Board 1.0. This vulnerability affects unknown code of the file /register.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-06-05 | 7.3 | CVE-2025-5650 |
| ABB–EIBPORT V3 KNX | This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web Server of EIBPORT. This issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9.8. | 2025-06-04 | 8.8 | CVE-2024-13967 |
| Adrian Hanft–Konami Easter Egg | Cross-Site Request Forgery (CSRF) vulnerability in Adrian Hanft Konami Easter Egg allows Stored XSS. This issue affects Konami Easter Egg: from n/a through v0.4. | 2025-06-06 | 7.1 | CVE-2025-49425 |
| Aem Solutions–CMS | A vulnerability was found in Aem Solutions CMS up to 1.0. It has been classified as critical. This affects an unknown part of the file /page.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 7.3 | CVE-2025-5434 |
| Agile Logix–Store Locator WordPress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Agile Logix Store Locator WordPress allows SQL Injection. This issue affects Store Locator WordPress: from n/a through 1.5.1. | 2025-06-06 | 7.6 | CVE-2025-49328 |
| alexpinel–Dot | The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs. | 2025-06-02 | 8.1 | CVE-2024-57783 |
| AncoraThemes–Mr. Murphy | Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy allows Object Injection.This issue affects Mr. Murphy: from n/a before 1.2.12.1. | 2025-06-06 | 9.8 | CVE-2025-49072 |
| Andrei Filonov–WP Text Expander | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Andrei Filonov WP Text Expander allows SQL Injection. This issue affects WP Text Expander: from n/a through 1.0.1. | 2025-06-06 | 7.6 | CVE-2025-49421 |
| anssilaitila–Shared Files Frontend File Upload Form & Secure File Sharing | The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitize_file() function. This makes it possible for unauthenticated attackers to bypass the plugin’s MIME-only checks and inject arbitrary web scripts in pages that will execute whenever a user accesses the html file. | 2025-06-03 | 7.2 | CVE-2025-4392 |
| AstrBotDevs–AstrBot | AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. The vulnerability has been addressed in Pull Request #1676 and is included in version 3.5.13. As a workaround, users can edit the `cmd_config.json` file to disable the dashboard feature as a temporary workaround. However, it is strongly recommended to upgrade to version v3.5.13 or later to fully resolve this issue. | 2025-06-02 | 7.5 | CVE-2025-48957 |
| Autodesk–Revit | A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2025-06-02 | 7.8 | CVE-2025-5036 |
| Axiomthemes–Sweet Dessert | Deserialization of Untrusted Data vulnerability in Axiomthemes Sweet Dessert allows Object Injection.This issue affects Sweet Dessert: from n/a before 1.1.13. | 2025-06-06 | 9.8 | CVE-2025-49073 |
| Axis Communications AB–AXIS OS | The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges. | 2025-06-02 | 9.4 | CVE-2025-0324 |
| Axis Communications AB–AXIS OS | During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges. | 2025-06-02 | 8.8 | CVE-2025-0358 |
| B. Braun Melsungen AG–OnlineSuite | A missing protection against path traversal allows to access any file on the server. | 2025-06-06 | 9.8 | CVE-2025-3365 |
| Campcodes–Hospital Management System | A vulnerability, which was classified as critical, was found in Campcodes Hospital Management System 1.0. Affected is an unknown function of the file /admin/registration.php. The manipulation of the argument full_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5602 |
| Campcodes–Hospital Management System | A vulnerability has been found in Campcodes Hospital Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /registration.php. The manipulation of the argument full_name/username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5603 |
| Campcodes–Hospital Management System | A vulnerability was found in Campcodes Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user-login.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5604 |
| Campcodes–Online Recruitment Management System | A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 7.3 | CVE-2025-5676 |
| Campcodes–Online Recruitment Management System | A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/ajax.php?action=save_application. The manipulation of the argument position_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 7.3 | CVE-2025-5677 |
| Campcodes–Online Teacher Record Management System | A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /search-teacher.php. The manipulation of the argument searchteacher leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 7.3 | CVE-2025-5625 |
| Campcodes–Online Teacher Record Management System | A vulnerability classified as critical has been found in Campcodes Online Teacher Record Management System 1.0. Affected is an unknown function of the file /admin/edit-subjects-detail.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 7.3 | CVE-2025-5626 |
| Campcodes–Online Teacher Record Management System | A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /trms/admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 7.3 | CVE-2025-5675 |
| catdoc–catdoc | An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 2025-06-02 | 8.4 | CVE-2024-52035 |
| catdoc–catdoc | An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 2025-06-02 | 8.4 | CVE-2024-54028 |
| choicehomemortgage–AI Mortgage Calculator | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in choicehomemortgage AI Mortgage Calculator allows PHP Local File Inclusion. This issue affects AI Mortgage Calculator: from n/a through 1.0.1. | 2025-06-06 | 7.5 | CVE-2023-25995 |
| Christiaan Pieterse–MaxiBlocks | Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through 2.1.0. | 2025-06-07 | 8.8 | CVE-2025-47601 |
| Cisco–Cisco Data Center Network Manager | A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials. | 2025-06-04 | 8.7 | CVE-2025-20163 |
| Cisco–Cisco Identity Services Engine Software | A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected. | 2025-06-04 | 9.9 | CVE-2025-20286 |
| Cisco–Cisco Unified Computing System (Managed) | A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device. | 2025-06-04 | 8.8 | CVE-2025-20261 |
| code-projects–Content Management System | A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been classified as critical. Affected is an unknown function of the file /publicposts.php. The manipulation of the argument post leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 7.3 | CVE-2025-5631 |
| code-projects–Real Estate Property Management System | A vulnerability was found in code-projects Real Estate Property Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /Admin/User.php. The manipulation of the argument txtUserName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 7.3 | CVE-2025-5704 |
| code-projects–Real Estate Property Management System | A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Admin/Property.php. The manipulation of the argument cmbCat leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 7.3 | CVE-2025-5705 |
| code-projects–Real Estate Property Management System | A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /Admin/NewsReport.php. The manipulation of the argument txtFrom leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 7.3 | CVE-2025-5708 |
| code-projects–Real Estate Property Management System | A vulnerability classified as critical was found in code-projects Real Estate Property Management System 1.0. This vulnerability affects unknown code of the file /Admin/InsertCategory.php. The manipulation of the argument txtCategoryName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 7.3 | CVE-2025-5709 |
| code-projects–Real Estate Property Management System | A vulnerability, which was classified as critical, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/InsertState.php. The manipulation of the argument txtStateName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 7.3 | CVE-2025-5710 |
| code-projects–Real Estate Property Management System | A vulnerability, which was classified as critical, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /Admin/InsertCity.php. The manipulation of the argument cmbState leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 7.3 | CVE-2025-5711 |
| code-projects–Real Estate Property Management System | A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/EditCity.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 7.3 | CVE-2025-5756 |
| CodeAstro–Real Estate Management System | A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5580 |
| CodeAstro–Real Estate Management System | A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5581 |
| CodeAstro–Real Estate Management System | A vulnerability classified as critical has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /register.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5583 |
| codedraft–Mediabay – WordPress Media Library Folders | Cross-Site Request Forgery (CSRF) vulnerability in codedraft Mediabay – WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay – WordPress Media Library Folders: from n/a through 1.4. | 2025-06-06 | 7.1 | CVE-2025-28948 |
| coredns–coredns | CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticated attacker could open a large number of streams, leading to uncontrolled memory consumption and eventually causing an Out Of Memory (OOM) crash – especially in containerized or memory-constrained environments. The patch in version 1.12.2 introduces two key mitigation mechanisms: `max_streams`, which caps the number of concurrent QUIC streams per connection with a default value of `256`; and `worker_pool_size`, which Introduces a server-wide, bounded worker pool to process incoming streams with a default value of `1024`. This eliminates the 1:1 stream-to-goroutine model and ensures that CoreDNS remains resilient under high concurrency. Some workarounds are available for those who are unable to upgrade. Disable QUIC support by removing or commenting out the `quic://` block in the Corefile, use container runtime resource limits to detect and isolate excessive memory usage, and/or monitor QUIC connection patterns and alert on anomalies. | 2025-06-06 | 7.5 | CVE-2025-47950 |
| D-Link–DCS-932L | A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-06-04 | 8.8 | CVE-2025-5572 |
| D-Link–DIR-816 | A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-06-05 | 9.8 | CVE-2025-5622 |
| D-Link–DIR-816 | A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-06-05 | 9.8 | CVE-2025-5623 |
| D-Link–DIR-816 | A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-06-05 | 9.8 | CVE-2025-5624 |
| D-Link–DIR-816 | A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-06-05 | 9.8 | CVE-2025-5630 |
| D-Link–DIR-816 | A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-06-04 | 7.3 | CVE-2025-5620 |
| D-Link–DIR-816 | A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-06-04 | 7.3 | CVE-2025-5621 |
| Daman Jeet–Real Time Validation for Gravity Forms | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Daman Jeet Real Time Validation for Gravity Forms allows Reflected XSS.This issue affects Real Time Validation for Gravity Forms: from n/a through 1.7.0. | 2025-06-06 | 7.1 | CVE-2025-48329 |
| Dassault Systmes–DELMIA Apriso | A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution. | 2025-06-02 | 9 | CVE-2025-5086 |
| David Shabtai–Post Author | Cross-Site Request Forgery (CSRF) vulnerability in David Shabtai Post Author allows Stored XSS. This issue affects Post Author: from n/a through 1.1.1. | 2025-06-06 | 7.1 | CVE-2025-28950 |
| Dell–Encryption Admin Utilities | Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation. | 2025-06-03 | 7.8 | CVE-2025-36564 |
| dilemma123–Recent Posts Slider Responsive | Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive allows Stored XSS. This issue affects Recent Posts Slider Responsive: from n/a through 1.0.1. | 2025-06-06 | 7.1 | CVE-2025-28966 |
| dr_scythe–WP Email Debug | The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled address and then trigger a password reset for an administrator to gain access to an administrator account. | 2025-06-06 | 9.8 | CVE-2025-5486 |
| enituretechnology–LTL Freight Quotes Freightview Edition | The LTL Freight Quotes – Freightview Edition, LTL Freight Quotes – Daylight Edition and LTL Freight Quotes – Day & Ross Edition plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the expiry_date parameter in all versions up to, and including, 1.0.11, 2.2.6 and 2.1.10 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-07 | 7.2 | CVE-2025-5303 |
| Fahad Mahmood–WP Shopify | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Fahad Mahmood WP Shopify allows PHP Local File Inclusion. This issue affects WP Shopify: from n/a through 1.5.3. | 2025-06-06 | 7.5 | CVE-2025-30999 |
| FreeFloat–FTP Server | A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown processing of the component CDUP Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5547 |
| FreeFloat–FTP Server | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5548 |
| FreeFloat–FTP Server | A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component PASV Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5549 |
| FreeFloat–FTP Server | A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component PBSZ Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5550 |
| FreeFloat–FTP Server | A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. This affects an unknown part of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5551 |
| FreeFloat–FTP Server | A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component PASSIVE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5592 |
| FreeFloat–FTP Server | A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component HOST Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5593 |
| FreeFloat–FTP Server | A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component SET Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5594 |
| FreeFloat–FTP Server | A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component PROGRESS Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5595 |
| FreeFloat–FTP Server | A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component REGET Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5596 |
| FreeFloat–FTP Server | A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RESTART Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 7.3 | CVE-2025-5664 |
| FreeFloat–FTP Server | A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component XCWD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 7.3 | CVE-2025-5665 |
| FreeFloat–FTP Server | A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component XMKD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 7.3 | CVE-2025-5666 |
| FreeFloat–FTP Server | A vulnerability was found in FreeFloat FTP Server 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component REIN Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 7.3 | CVE-2025-5667 |
| FreshRSS–FreshRSS | FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse proxy, it’s possible to impersonate any user either via the `Remote-User` header or the `X-WebAuth-User` header by making specially crafted requests via the add feed functionality and obtaining the CSRF token via XPath scraping. The attacker has to know the IP address of the proxied FreshRSS instance and the admin’s username, while also having an account on the instance. An attacker can send specially crafted requests in order to gain unauthorized access to internal services. This can also lead to privilege escalation like in the demonstrated scenario, although users that have setup OIDC are not affected by privilege escalation. Version 1.26.2 contains a patch for the issue. | 2025-06-04 | 7.1 | CVE-2025-46341 |
| Grafana–Grafana | A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: – Viewers can view all dashboards/folders regardless of permissions – Editors can view/edit/delete all dashboards/folders regardless of permissions – Editors can create dashboards in any folder regardless of permissions – Anonymous users with viewer/editor roles are similarly affected Organization isolation boundaries remain intact. The vulnerability only affects dashboard access and does not grant access to datasources. | 2025-06-02 | 8.3 | CVE-2025-3260 |
| gVectors–wpForo + wpForo Advanced Attachments | The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-03 | 7.2 | CVE-2025-4224 |
| Hewlett Packard Enterprise (HPE)–HPE StoreOnce Software | An authentication bypass vulnerability exists in HPE StoreOnce Software. | 2025-06-02 | 9.8 | CVE-2025-37093 |
| Hewlett Packard Enterprise (HPE)–HPE StoreOnce Software | A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | 2025-06-02 | 7.2 | CVE-2025-37091 |
| Hibernate–Hibernate Validator | Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data. | 2025-06-03 | 7.3 | CVE-2025-35036 |
| hivesupport–Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress | The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update_ai_chat_settings() and hive_lite_support_get_all_binbox() functions in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read and overwrite the site’s OpenAI API key and inspection data or modify AI-chat prompts and behavior. This vulnerability is potentially a duplicate of CVE-2025-32208 or/and CVE-2025-32242. | 2025-06-06 | 7.1 | CVE-2025-5018 |
| Huawei–HarmonyOS | Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types. | 2025-06-06 | 8.1 | CVE-2025-48905 |
| Huawei–HarmonyOS | Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-06-06 | 8.8 | CVE-2025-48906 |
| Huawei–HarmonyOS | Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-06-06 | 8.2 | CVE-2025-48911 |
| Huawei–HarmonyOS | Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-06-06 | 7.8 | CVE-2025-48903 |
| Huawei–HarmonyOS | Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-06-06 | 7.1 | CVE-2025-48909 |
| IBM–QRadar Suite Software | IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files. | 2025-06-03 | 9.6 | CVE-2025-25022 |
| IBM–QRadar Suite Software | IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code. | 2025-06-03 | 7.2 | CVE-2025-25021 |
| jack0240 –bskms | A vulnerability was found in jack0240 é bskms è“天幼儿å›ç®¡ç†ç³»ç»Ÿ up to dffe6640b5b54d8e29da6f060e0493fea74b3fad. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sa/addUser of the component User Creation Handler. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | 2025-06-03 | 7.3 | CVE-2025-5522 |
| Jatinder Pal Singh–BP Profile as Homepage | Cross-Site Request Forgery (CSRF) vulnerability in Jatinder Pal Singh BP Profile as Homepage allows Stored XSS. This issue affects BP Profile as Homepage: from n/a through 1.1. | 2025-06-06 | 7.1 | CVE-2025-49453 |
| JEHc–JEHC-BPM | /server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams. | 2025-06-03 | 10 | CVE-2025-45854 |
| jupyter–jupyter_core | Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%\jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user). | 2025-06-03 | 7.3 | CVE-2025-30167 |
| Kunbus–Revolution Pi webstatus | An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device | 2025-06-06 | 9.8 | CVE-2025-41646 |
| Magazine3–WP Multilang | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Magazine3 WP Multilang allows PHP Local File Inclusion. This issue affects WP Multilang: from n/a through 2.4.19. | 2025-06-06 | 7.5 | CVE-2025-49307 |
| mail250–Free WP Mail SMTP | Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP allows Stored XSS. This issue affects Free WP Mail SMTP: from n/a through 1.0. | 2025-06-06 | 7.1 | CVE-2025-28974 |
| mangup–Personal Favicon | Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon allows Stored XSS. This issue affects Personal Favicon: from n/a through 2.0. | 2025-06-06 | 7.1 | CVE-2025-28964 |
| Marwal Infotech–CMS | A vulnerability was found in Marwal Infotech CMS 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /page.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 7.3 | CVE-2025-5435 |
| Microhard–IPn4Gii / Bullet-LTE Firmware | Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing. | 2025-06-08 | 7.1 | CVE-2025-35004 |
| Microhard–IPn4Gii / Bullet-LTE Firmware | Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing. | 2025-06-08 | 7.1 | CVE-2025-35005 |
| Microhard–IPn4Gii / Bullet-LTE Firmware | Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFPORTFWD command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing. | 2025-06-08 | 7.1 | CVE-2025-35006 |
| Microhard–IPn4Gii / Bullet-LTE Firmware | Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFRULE command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing. | 2025-06-08 | 7.1 | CVE-2025-35007 |
| Microhard–IPn4Gii / Bullet-LTE Firmware | Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MMNAME command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing. | 2025-06-08 | 7.1 | CVE-2025-35008 |
| Microhard–IPn4Gii / Bullet-LTE Firmware | Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing. | 2025-06-08 | 7.1 | CVE-2025-35009 |
| Microhard–IPn4Gii / Bullet-LTE Firmware | Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNPINGTM command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing. | 2025-06-08 | 7.1 | CVE-2025-35010 |
| Microsoft–Power Automate for Desktop | Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network. | 2025-06-05 | 9.8 | CVE-2025-47966 |
| mybb–mybb | MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion (LFI) via a specially crafted parameter value. In order to exploit the vulnerability, the installer must be unlocked (no `install/lock` file present) and the upgrade script must be accessible (by re-installing the forum via access to `install/index.php`; when the forum has not yet been installed; or the attacker is authenticated as a forum administrator). MyBB 1.8.39 resolves this issue. | 2025-06-02 | 7.2 | CVE-2025-48940 |
| Netgear–WNR614 | A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The manipulation with the input %00currentsetting.htm leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue appears to have been circulating as an 0day since 2024. | 2025-06-03 | 7.3 | CVE-2025-5495 |
| Nir–Complete Google Seo Scan | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Nir Complete Google Seo Scan allows SQL Injection. This issue affects Complete Google Seo Scan: from n/a through 3.5.1. | 2025-06-06 | 7.6 | CVE-2025-26590 |
| ON Semiconductor–Quantenna Wi-Fi chipset | The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, “Missing Authentication for Critical Function,” and is estimated as a CVSS 9.1 ( CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset. | 2025-06-08 | 9.1 | CVE-2025-3461 |
| ON Semiconductor–Quantenna Wi-Fi chipset | The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset. | 2025-06-08 | 7.7 | CVE-2025-32455 |
| ON Semiconductor–Quantenna Wi-Fi chipset | The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset. | 2025-06-08 | 7.7 | CVE-2025-32456 |
| ON Semiconductor–Quantenna Wi-Fi chipset | The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset. | 2025-06-08 | 7.7 | CVE-2025-32457 |
| ON Semiconductor–Quantenna Wi-Fi chipset | The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset. | 2025-06-08 | 7.7 | CVE-2025-32458 |
| ON Semiconductor–Quantenna Wi-Fi chipset | The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset. | 2025-06-08 | 7.7 | CVE-2025-32459 |
| ON Semiconductor–Quantenna Wi-Fi chipset | The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset. | 2025-06-08 | 7.7 | CVE-2025-3459 |
| ON Semiconductor–Quantenna Wi-Fi chipset | The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset. | 2025-06-08 | 7.7 | CVE-2025-3460 |
| OTWthemes–Widgetize Pages Light | Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Widgetize Pages Light allows Stored XSS. This issue affects Widgetize Pages Light: from n/a through 3.0. | 2025-06-06 | 7.1 | CVE-2025-30995 |
| ovatheme–BRW | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ovatheme BRW allows PHP Local File Inclusion. This issue affects BRW: from n/a through 1.8.6. | 2025-06-06 | 7.5 | CVE-2025-49313 |
| owasp-modsecurity–ModSecurity | ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` – this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action. | 2025-06-02 | 7.5 | CVE-2025-48866 |
| Parallels–Parallels Desktop for Mac | A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation. | 2025-06-03 | 8.8 | CVE-2025-31359 |
| Parallels–Parallels Desktop for Mac | A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation. | 2025-06-03 | 7.8 | CVE-2024-36486 |
| Parallels–Parallels Desktop for Mac | A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change the ownership of files owned by root to a lower-privilege user, potentially leading to privilege escalation. | 2025-06-03 | 7.8 | CVE-2024-52561 |
| Parallels–Parallels Desktop for Mac | A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary file, potentially leading to privilege escalation. | 2025-06-03 | 7.8 | CVE-2024-54189 |
| PCMan–FTP Server | A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 7.3 | CVE-2025-5634 |
| PCMan–FTP Server | A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component PLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 7.3 | CVE-2025-5635 |
| PCMan–FTP Server | A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SET Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 7.3 | CVE-2025-5636 |
| PCMan–FTP Server | A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 7.3 | CVE-2025-5637 |
| PersianScript–Persian Woocommerce SMS | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in PersianScript Persian Woocommerce SMS allows SQL Injection. This issue affects Persian Woocommerce SMS: from n/a through 7.0.10. | 2025-06-06 | 7.6 | CVE-2025-49315 |
| PHOENIX CONTACT–ILC 131 | An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device. | 2025-06-04 | 7.5 | CVE-2018-25112 |
| PHPGurukul–Auto Taxi Stand Management System | A vulnerability has been found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search-autoortaxi.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 7.3 | CVE-2025-5663 |
| PHPGurukul–Curfew e-Pass Management System | A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5560 |
| PHPGurukul–Curfew e-Pass Management System | A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5561 |
| PHPGurukul–Curfew e-Pass Management System | A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/edit-category-detail.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5562 |
| PHPGurukul–Dairy Farm Shop Management System | A vulnerability classified as critical has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This affects an unknown part of the file /add-company.php. The manipulation of the argument companyname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5574 |
| PHPGurukul–Dairy Farm Shop Management System | A vulnerability classified as critical was found in PHPGurukul Dairy Farm Shop Management System 1.3. This vulnerability affects unknown code of the file /add-product.php. The manipulation of the argument productname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5575 |
| PHPGurukul–Dairy Farm Shop Management System | A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This issue affects some unknown processing of the file /bwdate-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5576 |
| PHPGurukul–Dairy Farm Shop Management System | A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System 1.3. Affected is an unknown function of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5577 |
| PHPGurukul–Dairy Farm Shop Management System | A vulnerability has been found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sales-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5578 |
| PHPGurukul–Dairy Farm Shop Management System | A vulnerability was found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this issue is some unknown functionality of the file /search-product.php. The manipulation of the argument productname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5579 |
| PHPGurukul–Human Metapneumovirus Testing Management System | A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /new-user-testing.php. The manipulation of the argument state leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-06-06 | 7.3 | CVE-2025-5706 |
| PHPGurukul–Human Metapneumovirus Testing Management System | A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registered-user-testing.php. The manipulation of the argument testtype leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-06-06 | 7.3 | CVE-2025-5707 |
| PHPGurukul–Local Services Search Engine Management System | A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. This vulnerability affects unknown code of the file /admin/edit-person-detail.php?editid=2. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 7.3 | CVE-2025-5759 |
| PHPGurukul–Notice Board System | A vulnerability was found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 7.3 | CVE-2025-5639 |
| PHPGurukul–Rail Pass Management System | A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5553 |
| PHPGurukul–Student Result Management System | A vulnerability classified as critical was found in PHPGurukul Student Result Management System 1.3. This vulnerability affects unknown code of the file /editmyexp.php. The manipulation of the argument emp1ctc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 7.3 | CVE-2025-5599 |
| POEditor–POEditor | Cross-Site Request Forgery (CSRF) vulnerability in POEditor POEditor allows Path Traversal. This issue affects POEditor: from n/a through 0.9.10. | 2025-06-06 | 7.4 | CVE-2025-49237 |
| Python Software Foundation–CPython | Allows arbitrary filesystem writes outside the extraction directory during extraction with filter=”data”. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of “data” or “tar”. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from “no filtering” to `”data”, so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it’s important to avoid installing source distributions with suspicious links. | 2025-06-03 | 9.4 | CVE-2025-4517 |
| Python Software Foundation–CPython | Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of “data” or “tar”. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from “no filtering” to `”data”, so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it’s important to avoid installing source distributions with suspicious links. | 2025-06-03 | 7.5 | CVE-2025-4138 |
| Python Software Foundation–CPython | Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of “data” or “tar”. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from “no filtering” to `”data”, so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it’s important to avoid installing source distributions with suspicious links. | 2025-06-03 | 7.5 | CVE-2025-4330 |
| Python Software Foundation–CPython | When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped. | 2025-06-03 | 7.5 | CVE-2025-4435 |
| Qualcomm, Inc.–Snapdragon | Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources. | 2025-06-03 | 8.2 | CVE-2024-53019 |
| Qualcomm, Inc.–Snapdragon | Information disclosure may occur while decoding the RTP packet with invalid header extension from network. | 2025-06-03 | 8.2 | CVE-2024-53020 |
| Qualcomm, Inc.–Snapdragon | Information disclosure may occur while processing goodbye RTCP packet from network. | 2025-06-03 | 8.2 | CVE-2024-53021 |
| Qualcomm, Inc.–Snapdragon | Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call. | 2025-06-03 | 8.2 | CVE-2024-53026 |
| Qualcomm, Inc.–Snapdragon | Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. | 2025-06-03 | 8.6 | CVE-2025-21479 |
| Qualcomm, Inc.–Snapdragon | Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. | 2025-06-03 | 8.6 | CVE-2025-21480 |
| Qualcomm, Inc.–Snapdragon | Memory corruption may occur while attaching VM when the HLOS retains access to VM. | 2025-06-03 | 7.8 | CVE-2024-53010 |
| Qualcomm, Inc.–Snapdragon | Transient DOS while processing the EHT operation IE in the received beacon frame. | 2025-06-03 | 7.5 | CVE-2025-21463 |
| Qualcomm, Inc.–Snapdragon | Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC. | 2025-06-03 | 7.8 | CVE-2025-21485 |
| Qualcomm, Inc.–Snapdragon | Memory corruption during dynamic process creation call when client is only passing address and length of shell binary. | 2025-06-03 | 7.8 | CVE-2025-21486 |
| Qualcomm, Inc.–Snapdragon | Transient DOS while processing the tone measurement response buffer when the response buffer is out of range. | 2025-06-03 | 7.5 | CVE-2025-27029 |
| Qualcomm, Inc.–Snapdragon | memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed. | 2025-06-03 | 7.8 | CVE-2025-27031 |
| Qualcomm, Inc.–Snapdragon | Memory corruption while rendering graphics using Adreno GPU drivers in Chrome. | 2025-06-03 | 7.5 | CVE-2025-27038 |
| quequnlong–shiyi-blog | A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administrator Backend. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-03 | 7.3 | CVE-2025-5512 |
| quic-go–quic-go | quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different remote addresses (thereby triggering the newly added path validation logic: the server sends path probe packets), and then sending ACKs for packets received from the server specifically crafted to trigger the nil-pointer dereference. v0.50.1 contains a patch that fixes the vulnerability. This release contains a test that generates random sequences of sent packets (both regular and path probe packets), that was used to verify that the patch actually covers all corner cases. No known workarounds are available. | 2025-06-02 | 7.5 | CVE-2025-29785 |
| Realtek–Bluetooth HCI Adaptor | Bluetooth HCI Adaptor from Realtek has a Link Following vulnerability. Local attackers with regular privileges can create a symbolic link with the same name as a specific file, causing the product to delete arbitrary files pointed to by the link. Subsequently, attackers can leverage arbitrary file deletion to privilege escalation. | 2025-06-02 | 7.8 | CVE-2024-11857 |
| Red Hat–Red Hat Enterprise Linux 10 | A flaw was found in the user’s crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list. | 2025-06-06 | 7.1 | CVE-2025-5791 |
| Renzo Tejada–Libro de Reclamaciones y Quejas | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Renzo Tejada Libro de Reclamaciones y Quejas allows SQL Injection. This issue affects Libro de Reclamaciones y Quejas: from n/a through 0.9. | 2025-06-06 | 7.6 | CVE-2025-30989 |
| Roundcube–Webmail | Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. | 2025-06-02 | 9.9 | CVE-2025-49113 |
| Ruben Garcia–GamiPress | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ruben Garcia GamiPress allows SQL Injection. This issue affects GamiPress: from n/a through 7.4.5. | 2025-06-06 | 7.6 | CVE-2025-49326 |
| Ruben Garcia–ShortLinks Pro | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ruben Garcia ShortLinks Pro allows SQL Injection. This issue affects ShortLinks Pro: from n/a through 1.0.7. | 2025-06-06 | 7.6 | CVE-2025-49327 |
| shaonsina–Sina Extension for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in shaonsina Sina Extension for Elementor allows Stored XSS. This issue affects Sina Extension for Elementor: from n/a through 3.6.1. | 2025-06-06 | 7.6 | CVE-2025-49262 |
| siteheart–HyperComments | The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2025-06-05 | 9.8 | CVE-2025-5701 |
| Skyvern–Skyvern | Skyvern through 0.1.85 has a Jinja runtime leak in sdk/workflow/models/block.py. | 2025-06-07 | 8.5 | CVE-2025-49619 |
| slackero–phpwcms | A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function is_file/getimagesize of the file image_resized.php. The manipulation of the argument imgfile leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component. | 2025-06-03 | 7.3 | CVE-2025-5499 |
| SolarWinds–Dameware Mini Remote Control Service | The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability. | 2025-06-02 | 7.8 | CVE-2025-26396 |
| Soli–WP Mail Options | Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Options allows Stored XSS. This issue affects WP Mail Options: from n/a through 0.2.3. | 2025-06-06 | 7.1 | CVE-2025-28981 |
| SourceCodester–Client Database Management System | A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_update_customer_order.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to initiate the attack remotely. | 2025-06-07 | 7.3 | CVE-2025-5840 |
| SourceCodester–Open Source Clinic Management System | A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /appointment.php. The manipulation of the argument patient leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 7.3 | CVE-2025-5712 |
| SourceCodester–Open Source Clinic Management System | A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 7.3 | CVE-2025-5716 |
| SourceCodester–Open Source Clinic Management System | A vulnerability was found in SourceCodester Open Source Clinic Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /email_config.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 7.3 | CVE-2025-5755 |
| SourceCodester–Open Source Clinic Management System | A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. This affects an unknown part of the file /doctor.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-06-06 | 7.3 | CVE-2025-5758 |
| Splunk–Splunk/UniversalForwarder for Windows | In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents. | 2025-06-02 | 8 | CVE-2025-20298 |
| StylemixThemes–Motors – Events | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in StylemixThemes Motors – Events allows PHP Local File Inclusion.This issue affects Motors – Events: from n/a through 1.4.7. | 2025-06-06 | 9 | CVE-2025-47586 |
| sunshinephotocart–Sunshine Photo Cart: Free Client Photo Galleries for Photographers | The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user’s passwords through the password reset functionality, including administrators, and leverage that to reset the user’s password and gain access to their account. | 2025-06-04 | 8.8 | CVE-2025-5482 |
| Teastudio.pl–WP Posts Carousel | Deserialization of Untrusted Data vulnerability in Teastudio.Pl WP Posts Carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through 1.3.12. | 2025-06-06 | 8.8 | CVE-2025-39358 |
| Tenda–AC10 | A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 8.8 | CVE-2025-5629 |
| Tenda–AC15 | A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-08 | 8.8 | CVE-2025-5848 |
| Tenda–AC15 | A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been classified as critical. This affects the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-08 | 8.8 | CVE-2025-5849 |
| Tenda–AC15 | A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of the component HTTP POST Request Handler. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-08 | 8.8 | CVE-2025-5850 |
| Tenda–AC15 | A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-08 | 8.8 | CVE-2025-5851 |
| Tenda–AC18 | A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 8.8 | CVE-2025-5607 |
| Tenda–AC18 | A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 8.8 | CVE-2025-5608 |
| Tenda–AC18 | A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 8.8 | CVE-2025-5609 |
| Tenda–AC5 | A vulnerability, which was classified as critical, has been found in Tenda AC5 15.03.06.47. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 8.8 | CVE-2025-5794 |
| Tenda–AC5 | A vulnerability, which was classified as critical, was found in Tenda AC5 1.0/15.03.06.47. This affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 8.8 | CVE-2025-5795 |
| Tenda–AC8 | A vulnerability was found in Tenda AC8 16.03.34.09. It has been classified as critical. Affected is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeType leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 8.8 | CVE-2025-5798 |
| Tenda–AC8 | A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 8.8 | CVE-2025-5799 |
| Tenda–AC9 | A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-07 | 8.8 | CVE-2025-5839 |
| Tenda–AC9 | A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-08 | 8.8 | CVE-2025-5847 |
| Tenda–CH22 | A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 8.8 | CVE-2025-5619 |
| Tenda–CH22 | A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 8.8 | CVE-2025-5685 |
| Tenda–RX3 | A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been rated as critical. This issue affects the function save_staticroute_data of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-03 | 8.8 | CVE-2025-5527 |
| Themefic–Hydra Booking | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themefic Hydra Booking allows SQL Injection. This issue affects Hydra Booking: from n/a through 1.1.10. | 2025-06-06 | 8.5 | CVE-2025-49323 |
| ThemeGoods–Photography | Deserialization of Untrusted Data vulnerability in ThemeGoods Photography.This issue affects Photography: from n/a through 7.5.2. | 2025-06-06 | 8.5 | CVE-2025-47584 |
| TOTOLINK–EX1200T | A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 9.8 | CVE-2025-5600 |
| TOTOLINK–EX1200T | A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 8.8 | CVE-2025-5792 |
| TOTOLINK–EX1200T | A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 8.8 | CVE-2025-5793 |
| TOTOLINK–N302R Plus | A vulnerability, which was classified as critical, was found in TOTOLINK N302R Plus up to 3.4.0-B20201028. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 8.8 | CVE-2025-5671 |
| TOTOLINK–N302R Plus | A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 8.8 | CVE-2025-5672 |
| TOTOLINK–X15 | A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. This affects the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-03 | 8.8 | CVE-2025-5503 |
| TOTOLINK–X15 | A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 8.8 | CVE-2025-5734 |
| TOTOLINK–X15 | A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formSetLg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 8.8 | CVE-2025-5735 |
| TOTOLINK–X15 | A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 8.8 | CVE-2025-5736 |
| TOTOLINK–X15 | A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 8.8 | CVE-2025-5737 |
| TOTOLINK–X15 | A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 8.8 | CVE-2025-5738 |
| TOTOLINK–X15 | A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 8.8 | CVE-2025-5739 |
| TOTOLINK–X15 | A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 8.8 | CVE-2025-5785 |
| TOTOLINK–X15 | A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 8.8 | CVE-2025-5786 |
| TOTOLINK–X15 | A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 8.8 | CVE-2025-5787 |
| TOTOLINK–X15 | A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 8.8 | CVE-2025-5788 |
| TOTOLINK–X15 | A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 8.8 | CVE-2025-5789 |
| TOTOLINK–X15 | A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. This vulnerability affects unknown code of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 8.8 | CVE-2025-5790 |
| uxper–Golo – City Travel Guide WordPress Theme | The Golo – City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not properly validating a user’s identity prior to setting an authorization cookie. This makes it possible for unauthenticated attackers to log in as any user, including administrators, provided they know the user’s email address. | 2025-06-03 | 9.8 | CVE-2025-4797 |
| Vadim Bogaiskov–Bg Orthodox Calendar | Cross-Site Request Forgery (CSRF) vulnerability in Vadim Bogaiskov Bg Orthodox Calendar allows Stored XSS. This issue affects Bg Orthodox Calendar: from n/a through 0.13.10. | 2025-06-06 | 7.1 | CVE-2025-28958 |
| vipul Jariwala–WP Post Corrector | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in vipul Jariwala WP Post Corrector allows SQL Injection. This issue affects WP Post Corrector: from n/a through 1.0.2. | 2025-06-06 | 7.6 | CVE-2023-26003 |
| VMware–VMware NSX | VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation. | 2025-06-04 | 7.5 | CVE-2025-22243 |
| WCVendors–WC Vendors Marketplace | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WCVendors WC Vendors Marketplace allows Blind SQL Injection. This issue affects WC Vendors Marketplace: from n/a through 2.5.6. | 2025-06-06 | 7.6 | CVE-2025-49263 |
| Webaholicson–Epicwin Plugin | Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwin Plugin allows SQL Injection. This issue affects Epicwin Plugin: from n/a through 1.5. | 2025-06-06 | 8.2 | CVE-2025-28986 |
| wedevs–WP User Frontend Pro | The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. Please note that this requires the ‘Private Message’ module to be enabled and the Business version of the PRO software to be in use. | 2025-06-05 | 8.8 | CVE-2025-3054 |
| wedevs–WP User Frontend Pro | The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_avatar_ajax() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | 2025-06-05 | 8.1 | CVE-2025-3055 |
| Wireshark Foundation–Wireshark | Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file | 2025-06-04 | 7.8 | CVE-2025-5601 |
| WP Travel Engine–WP Travel Engine | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.5.1. | 2025-06-06 | 7.5 | CVE-2025-49308 |
| wphobby–Backwp | Cross-Site Request Forgery (CSRF) vulnerability in wphobby Backwp allows Path Traversal. This issue affects Backwp: from n/a through 2.0.2. | 2025-06-06 | 7.4 | CVE-2025-28954 |
| xls2csv–xls2csv | A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | 2025-06-02 | 8.4 | CVE-2024-48877 |
| Zscaler–Client Connector | An improper verification of a loaded library in Zscaler Client Connector on Mac < 4.2.0.241 may allow a local attacker to elevate their privileges. | 2025-06-04 | 7.3 | CVE-2024-31127 |
Medium Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 6Storage–6Storage Rentals | Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.19.5. | 2025-06-06 | 4.3 | CVE-2023-26002 |
| _CreativeMedia_–Elite Video Player | Cross-Site Request Forgery (CSRF) vulnerability in _CreativeMedia_ Elite Video Player allows Cross Site Request Forgery. This issue affects Elite Video Player: from n/a through 10.0.5. | 2025-06-06 | 5.4 | CVE-2025-30986 |
| aaluoxiang–oa_system | A vulnerability was found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. It has been rated as problematic. Affected by this issue is the function image of the file src/main/java/cn/gson/oasys/controller/user/UserpanelController.java. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | 2025-06-03 | 4.3 | CVE-2025-5544 |
| aaluoxiang–oa_system | A vulnerability classified as problematic has been found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. This affects the function image of the file src/main/java/cn/gson/oasys/controller/process/ProcedureController.java. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | 2025-06-03 | 4.3 | CVE-2025-5545 |
| Ability, Inc–Accessibility Suite | Missing Authorization vulnerability in Ability, Inc Accessibility Suite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Suite: from n/a through 4.19. | 2025-06-06 | 5.4 | CVE-2025-30636 |
| add-ons.org–PDF for WPForms | Missing Authorization vulnerability in add-ons.org PDF for WPForms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for WPForms: from n/a through 5.5.0. | 2025-06-06 | 5 | CVE-2025-49289 |
| Agile Logix–Store Locator WordPress | Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress allows Upload a Web Shell to a Web Server. This issue affects Store Locator WordPress: from n/a through 1.5.2. | 2025-06-06 | 6.6 | CVE-2025-49329 |
| ajay–Knowledge Base | The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘kbalert’ shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-06 | 6.4 | CVE-2025-5533 |
| Akhtarujjaman Shuvo–Post Grid Master | Missing Authorization vulnerability in Akhtarujjaman Shuvo Post Grid Master allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Grid Master: from n/a through 3.4.13. | 2025-06-06 | 4.3 | CVE-2025-30974 |
| Alessandro Piconi–Simple Keyword to Link | Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link allows Cross Site Request Forgery. This issue affects Simple Keyword to Link: from n/a through 1.5. | 2025-06-06 | 4.3 | CVE-2025-30980 |
| andreyk–Paged Gallery | The Paged Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘gallery’ shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-06 | 6.4 | CVE-2025-5686 |
| Anton Vanyukov–Market Exporter | Cross-Site Request Forgery (CSRF) vulnerability in Anton Vanyukov Market Exporter allows Cross Site Request Forgery. This issue affects Market Exporter: from n/a through 2.0.22. | 2025-06-06 | 4.3 | CVE-2025-49269 |
| arildur–Read More Login | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in arildur Read More Login allows Stored XSS. This issue affects Read More Login: from n/a through 2.0.3. | 2025-06-06 | 5.9 | CVE-2025-28989 |
| Arris–VIP1113 | Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename. | 2025-06-02 | 6.4 | CVE-2025-49162 |
| Arris–VIP1113 | Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file. | 2025-06-02 | 6.7 | CVE-2025-49163 |
| Arris–VIP1113 | Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a. | 2025-06-02 | 4.3 | CVE-2025-49164 |
| AssamLook–CMS | A vulnerability, which was classified as critical, has been found in AssamLook CMS 1.0. This issue affects some unknown processing of the file /product.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5430 |
| AssamLook–CMS | A vulnerability, which was classified as critical, was found in AssamLook CMS 1.0. Affected is an unknown function of the file /department-profile.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5431 |
| AssamLook–CMS | A vulnerability has been found in AssamLook CMS 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_tender.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5432 |
| Automattic–Newspack Newsletters | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Automattic Newspack Newsletters allows Phishing. This issue affects Newspack Newsletters: from n/a through 3.13.0. | 2025-06-06 | 4.7 | CVE-2025-49325 |
| Axis Communications AB–AXIS OS | A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device. | 2025-06-02 | 4.3 | CVE-2025-0325 |
| Baison–Channel Middleware Product | A vulnerability was found in Baison Channel Middleware Product 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file /e3api/api/main/ToJsonByControlName. The manipulation of the argument data leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-03 | 6.3 | CVE-2025-5493 |
| Bastien Ho–Event post | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bastien Ho Event post allows Stored XSS. This issue affects Event post: from n/a through 5.10.1. | 2025-06-06 | 6.5 | CVE-2025-49298 |
| BdThemes–Element Pack Pro | Missing Authorization vulnerability in BdThemes Element Pack Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a before 8.0.0. | 2025-06-05 | 5.4 | CVE-2025-46258 |
| BdThemes–Element Pack Pro | Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0. | 2025-06-05 | 4.3 | CVE-2025-46257 |
| Bill Minozzi–WP Tools | Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi WP Tools allows Cross Site Request Forgery. This issue affects WP Tools: from n/a through 5.24. | 2025-06-06 | 4.3 | CVE-2025-49273 |
| bitpressadmin–Bit File Manager 100% Free & Open Source File Manager and Code Editor for WordPress | The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2025-06-03 | 6.4 | CVE-2025-1725 |
| Blocksera–Image Hover Effects Block | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Blocksera Image Hover Effects Block allows Stored XSS. This issue affects Image Hover Effects Block: from n/a through 1.4.5. | 2025-06-06 | 6.5 | CVE-2025-31025 |
| bobbingwide–oik | Missing Authorization vulnerability in bobbingwide oik allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects oik: from n/a through 4.15.1. | 2025-06-06 | 5.3 | CVE-2025-49241 |
| Booqable Rental Software–Booqable Rental | Cross-Site Request Forgery (CSRF) vulnerability in Booqable Rental Software Booqable Rental allows Cross Site Request Forgery. This issue affects Booqable Rental: from n/a through 2.4.20. | 2025-06-06 | 4.3 | CVE-2025-30956 |
| brikou–WP Plugin Info Card | The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerid’ parameter in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This issue is due to an incomplete patch for CVE-2025-31835. | 2025-06-03 | 6.4 | CVE-2025-5116 |
| Brilliance–Golden Link Secondary System | A vulnerability classified as critical was found in Brilliance Golden Link Secondary System up to 20250424. This vulnerability affects unknown code of the file /storagework/rentChangeCheckInfoPage.htm. The manipulation of the argument clientname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5696 |
| Brilliance–Golden Link Secondary System | A vulnerability, which was classified as critical, has been found in Brilliance Golden Link Secondary System up to 20250424. This issue affects some unknown processing of the file /reprotframework/tcCustDeferPosiQuery.htm. The manipulation of the argument custTradeId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5697 |
| Brilliance–Golden Link Secondary System | A vulnerability, which was classified as critical, was found in Brilliance Golden Link Secondary System up to 20250424. Affected is an unknown function of the file /sysframework/logSelect.htm. The manipulation of the argument nodename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5698 |
| broadly–Broadly for WordPress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in broadly Broadly for WordPress allows Stored XSS. This issue affects Broadly for WordPress: from n/a through 3.0.2. | 2025-06-06 | 5.9 | CVE-2025-30938 |
| BuddyDev–Activity Plus Reloaded for BuddyPress | Missing Authorization vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Activity Plus Reloaded for BuddyPress: from n/a through 1.1.2. | 2025-06-06 | 5.4 | CVE-2025-30957 |
| cais–BNS Featured Category | The BNS Featured Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘bnsfc’ shortcode in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-06 | 6.4 | CVE-2025-5538 |
| calebzahnd–ESV Bible Shortcode for WordPress | The ESV Bible Shortcode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘esv’ shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-06 | 6.4 | CVE-2025-5534 |
| catchsquare–WP Social Widget | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in catchsquare WP Social Widget allows Stored XSS. This issue affects WP Social Widget: from n/a through 2.3. | 2025-06-06 | 6.5 | CVE-2025-49306 |
| CE-PhoenixCart–PhoenixCart | CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner (admin) approves the testimonial, the script executes in the context of any user visiting the testimonial page. Because the session cookies are not marked with the `HttpOnly` flag, they can be exfiltrated by the attacker – potentially leading to account takeover. Version 1.1.0.3 fixes the issue. | 2025-06-02 | 6.3 | CVE-2025-47289 |
| CE-PhoenixCart–PhoenixCart | The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session (e.g., on a shared/public machine) could permanently delete the user’s account without knowledge of the password. This bypass of re-authentication puts users at risk of account loss and data disruption. Version 1.1.0.3 contains a patch for the issue. | 2025-06-02 | 5.5 | CVE-2025-47272 |
| centangle–Direct Checkout for WooCommerce Lite | Missing Authorization vulnerability in centangle Direct Checkout for WooCommerce Lite allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Direct Checkout for WooCommerce Lite: from n/a through 1.0.3. | 2025-06-06 | 5.3 | CVE-2025-29006 |
| Chaport Live Chat–WP Live Chat + Chatbots Plugin for WordPress Chaport | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Chaport Live Chat WP Live Chat + Chatbots Plugin for WordPress – Chaport allows Stored XSS. This issue affects WP Live Chat + Chatbots Plugin for WordPress – Chaport: from n/a through 1.1.5. | 2025-06-06 | 5.9 | CVE-2025-30977 |
| CHR Designer–YouTube Simple Gallery | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CHR Designer YouTube Simple Gallery allows Stored XSS. This issue affects YouTube Simple Gallery: from n/a through 2.2.0. | 2025-06-06 | 6.5 | CVE-2025-29011 |
| Chris McCoy–Bacon Ipsum | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Chris McCoy Bacon Ipsum allows Stored XSS. This issue affects Bacon Ipsum: from n/a through 2.4. | 2025-06-06 | 6.5 | CVE-2025-49443 |
| Cimatti Consulting–Contact Forms by Cimatti | Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Cross Site Request Forgery.This issue affects Contact Forms by Cimatti: from n/a through 1.9.8. | 2025-06-02 | 4.3 | CVE-2025-49069 |
| Cisco–Cisco Finesse | A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials. | 2025-06-04 | 6 | CVE-2025-20278 |
| Cisco–Cisco Identity Services Engine Software | A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system. | 2025-06-04 | 4.9 | CVE-2025-20130 |
| Cisco–Cisco SocialMiner | A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker. | 2025-06-04 | 4.3 | CVE-2025-20129 |
| Cisco–Cisco ThousandEyes Endpoint Agent | Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These vulnerabilities are due to improper access controls on files that are in the local file system. An attacker could exploit these vulnerabilities by using a symbolic link to perform an agent upgrade that redirects the delete operation of any protected file. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device. | 2025-06-04 | 5.3 | CVE-2025-20259 |
| Cisco–Cisco Unified Contact Center Express | A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device. This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading an authenticated, local user to open a crafted .aef file. A successful exploit could allow the attacker to execute arbitrary code on the host that is running the editor application with the privileges of the user who launched it. | 2025-06-04 | 5.3 | CVE-2025-20275 |
| Cisco–Cisco Unified Contact Center Express | A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system. | 2025-06-04 | 4.8 | CVE-2025-20279 |
| Cisco–Cisco Unified Intelligent Contact Management Enterprise | A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | 2025-06-04 | 6.1 | CVE-2025-20273 |
| cmoreira–Team Showcase | Missing Authorization vulnerability in cmoreira Team Showcase allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team Showcase: from n/a through n/a. | 2025-06-06 | 4.3 | CVE-2025-49248 |
| cmoreira–Team Showcase | Improper Control of Generation of Code (‘Code Injection’) vulnerability in cmoreira Team Showcase allows Code Injection. This issue affects Team Showcase: from n/a through n/a. | 2025-06-06 | 4.3 | CVE-2025-49250 |
| cmoreira–Testimonials Showcase | Missing Authorization vulnerability in cmoreira Testimonials Showcase allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Testimonials Showcase: from n/a through 1.9.16. | 2025-06-06 | 4.3 | CVE-2025-49246 |
| cmsMinds–Pay with Contact Form 7 | Cross-Site Request Forgery (CSRF) vulnerability in cmsMinds Pay with Contact Form 7 allows Cross Site Request Forgery. This issue affects Pay with Contact Form 7: from n/a through 1.0.4. | 2025-06-06 | 5.4 | CVE-2025-24772 |
| code-projects–Content Management System | A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument change_to_admin leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5632 |
| code-projects–Content Management System | A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/users.php. The manipulation of the argument delete leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5633 |
| code-projects–Health Center Patient Record Management System | A vulnerability, which was classified as critical, was found in code-projects Health Center Patient Record Management System 1.0. Affected is an unknown function of the file /birthing_record.php. The manipulation of the argument itr_no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 6.3 | CVE-2025-5729 |
| code-projects–Laundry System | A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 4.3 | CVE-2025-5766 |
| code-projects–Patient Record Management System | A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /sputum_form.php. The manipulation of the argument itr_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5627 |
| code-projects–Patient Record Management System | A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file urinalysis_form.php. The manipulation of the argument urinalysis_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5674 |
| code-projects–Patient Record Management System | A vulnerability, which was classified as critical, was found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file view_hematology.php. The manipulation of the argument itr_no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 6.3 | CVE-2025-5762 |
| code-projects–Patient Record Management System | A vulnerability has been found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /birthing.php. The manipulation of the argument itr_no/comp_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 6.3 | CVE-2025-5779 |
| code-projects–Patient Record Management System | A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view_dental.php. The manipulation of the argument itr_no leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 6.3 | CVE-2025-5780 |
| code-projects–Traffic Offense Reporting System | A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 4.3 | CVE-2025-5732 |
| CodeAstro–Real Estate Management System | A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 6.3 | CVE-2025-5582 |
| CodeAstro–Real Estate Management System | A vulnerability, which was classified as critical, has been found in CodeAstro Real Estate Management System 1.0. Affected by this issue is some unknown functionality of the file /submitpropertydelete.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 6.3 | CVE-2025-5610 |
| CodeAstro–Real Estate Management System | A vulnerability, which was classified as critical, was found in CodeAstro Real Estate Management System 1.0. This affects an unknown part of the file /submitpropertyupdate.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 6.3 | CVE-2025-5611 |
| Codehaveli–Bitly URL Shortener | Cross-Site Request Forgery (CSRF) vulnerability in Codehaveli Bitly URL Shortener allows Cross Site Request Forgery. This issue affects Bitly URL Shortener: from n/a through 1.3.3. | 2025-06-06 | 4.3 | CVE-2025-30629 |
| codelobster–Responsive Flipbooks | Missing Authorization vulnerability in codelobster Responsive Flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Flipbooks: from n/a through 1.0. | 2025-06-06 | 5.4 | CVE-2025-24776 |
| CodeManas–Search with Typesense | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodeManas Search with Typesense allows Stored XSS. This issue affects Search with Typesense: from n/a through 2.0.10. | 2025-06-06 | 6.5 | CVE-2025-49304 |
| codepeople–Calculated Fields Form | Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form allows Cross Site Request Forgery. This issue affects Calculated Fields Form: from n/a through 5.3.58. | 2025-06-06 | 4.3 | CVE-2025-49291 |
| codepeople–WP Time Slots Booking Form | Cross-Site Request Forgery (CSRF) vulnerability in codepeople WP Time Slots Booking Form allows Cross Site Request Forgery. This issue affects WP Time Slots Booking Form: from n/a through 1.2.30. | 2025-06-06 | 4.3 | CVE-2025-49332 |
| CodeRevolution–Crawlomatic Multisite Scraper Post Generator | Insertion of Sensitive Information Into Sent Data vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator allows Retrieve Embedded Sensitive Data. This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through 2.6.8.2. | 2025-06-06 | 5.3 | CVE-2025-49294 |
| CodeRevolution–Crawlomatic Multisite Scraper Post Generator | Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through 2.6.8.2. | 2025-06-06 | 4.3 | CVE-2025-49293 |
| CoolHappy–The Events Calendar Countdown Addon | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CoolHappy The Events Calendar Countdown Addon allows Stored XSS. This issue affects The Events Calendar Countdown Addon: from n/a through 1.4.9. | 2025-06-06 | 6.5 | CVE-2025-49311 |
| Cozmoslabs–Profile Builder | Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder allows Phishing. This issue affects Profile Builder: from n/a through 3.13.8. | 2025-06-06 | 4.3 | CVE-2025-49292 |
| cozmoslabs–User Profile Builder Beautiful User Registration Forms, User Profiles & User Role Editor | The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s user_meta and compare shortcodes in all versions up to, and including, 3.13.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-03 | 6.4 | CVE-2025-4671 |
| CRM Perks–WP Gravity Forms Constant Contact Plugin | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin allows Phishing. This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through 1.1.0. | 2025-06-06 | 4.7 | CVE-2025-30954 |
| CRM Perks–WP Gravity Forms Salesforce | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks WP Gravity Forms Salesforce allows Phishing. This issue affects WP Gravity Forms Salesforce: from n/a through 1.4.7. | 2025-06-06 | 4.7 | CVE-2025-30953 |
| CyberChimps–Responsive Plus | Missing Authorization vulnerability in CyberChimps Responsive Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through 3.2.0. | 2025-06-06 | 5.4 | CVE-2025-48335 |
| cyberscorp–WP-Addpub | The WP-Addpub plugin for WordPress is vulnerable to SQL Injection via the ‘wp-addpub’ shortcode in all versions up to, and including, 1.2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-06-06 | 6.5 | CVE-2025-5563 |
| D-Link–DCS-932L | A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-06-04 | 6.3 | CVE-2025-5571 |
| D-Link–DCS-932L | A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-06-04 | 6.3 | CVE-2025-5573 |
| D-Link–DI-500WF-WT | A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub_456DE8 of the file /msp_info.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack can be launched remotely. | 2025-06-03 | 6.3 | CVE-2025-5492 |
| DALIBO–PostgreSQL Anonymizer | PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the –insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1 | 2025-06-04 | 6.5 | CVE-2025-5690 |
| Daman Jeet–Real Time Validation for Gravity Forms | Cross-Site Request Forgery (CSRF) vulnerability in Daman Jeet Real Time Validation for Gravity Forms allows Cross Site Request Forgery.This issue affects Real Time Validation for Gravity Forms: from n/a through 1.7.0. | 2025-06-06 | 4.3 | CVE-2025-48328 |
| danieliser–Popup Maker Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder | The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popupID’ parameter in all versions up to, and including, 1.20.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-03 | 6.4 | CVE-2025-4205 |
| De paragon–No Spam At All | Missing Authorization vulnerability in De paragon No Spam At All allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects No Spam At All: from n/a through 1.3. | 2025-06-06 | 5.4 | CVE-2025-24778 |
| Debashish–IFrame Widget | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Debashish IFrame Widget allows Stored XSS. This issue affects IFrame Widget: from n/a through 4.1. | 2025-06-06 | 5.9 | CVE-2025-30939 |
| Deetronix–Booking Ultra Pro | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Deetronix Booking Ultra Pro allows Stored XSS. This issue affects Booking Ultra Pro: from n/a through 1.1.20. | 2025-06-06 | 5.9 | CVE-2025-30637 |
| djangoproject–Django | An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. | 2025-06-05 | 4 | CVE-2025-48432 |
| Dor Zuberi–Slack Notifications by dorzki | Missing Authorization vulnerability in Dor Zuberi Slack Notifications by dorzki allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slack Notifications by dorzki: from n/a through 2.0.7. | 2025-06-06 | 4.3 | CVE-2025-30978 |
| Elastic Email–Elastic Email Subscribe Form | Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elastic Email Subscribe Form: from n/a through 1.2.2. | 2025-06-06 | 5.4 | CVE-2025-28985 |
| eleopard–Behance Portfolio Manager | Missing Authorization vulnerability in eleopard Behance Portfolio Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Behance Portfolio Manager: from n/a through 1.7.4. | 2025-06-06 | 4.3 | CVE-2025-29010 |
| emarket-design–Campus Directory Faculty, Staff & Student Directory Plugin for WordPress | The Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ’emd_mb_meta’ shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-04 | 6.4 | CVE-2025-5532 |
| emarket-design–Employee Directory Staff Listing & Team Directory Plugin for WordPress | The Employee Directory – Staff Listing & Team Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ’emd_mb_meta’ shortcode in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-04 | 6.4 | CVE-2025-5531 |
| emarket-design–Simple Contact Form Plugin for WordPress WP Easy Contact | The Simple Contact Form Plugin for WordPress – WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ’emd_mb_meta’ shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-04 | 6.4 | CVE-2025-5539 |
| Emraan Cheema–CubeWP All-in-One Dynamic Content Framework | Cross-Site Request Forgery (CSRF) vulnerability in Emraan Cheema CubeWP – All-in-One Dynamic Content Framework allows Cross Site Request Forgery. This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.23. | 2025-06-06 | 4.3 | CVE-2025-30994 |
| Erudika–para | Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require logging for debugging or system health purposes. Version 1.50.8 fixes the issue. | 2025-06-02 | 6.2 | CVE-2025-48955 |
| Erudika–para | Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in `FacebookAuthFilter.java` results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user’s access token in plain text. Since WARN-level logs are often retained in production and accessible to operators or log aggregation systems, this poses a risk of token exposure. Version 1.50.8 fixes the issue. | 2025-06-05 | 6.2 | CVE-2025-49009 |
| esigngenie–Foxit eSign for WordPress | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n/a through 2.0.3. | 2025-06-06 | 5.5 | CVE-2025-49419 |
| eskapism–Simple History Track, Log, and Audit WordPress Changes | The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password-related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third-party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user whose actions generate a login event will have their password recorded; an administrator (or anyone with database read access) can then read those logs and retrieve every captured password. | 2025-06-06 | 4.9 | CVE-2025-5760 |
| everestthemes–Everest Backup | Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup allows Cross Site Request Forgery. This issue affects Everest Backup: from n/a through 2.3.3. | 2025-06-06 | 4.3 | CVE-2025-49238 |
| EXEIdeas International–WP AutoKeyword | Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP AutoKeyword: from n/a through 1.0. | 2025-06-06 | 5.3 | CVE-2025-28997 |
| faaiq–Custom Category/Post Type Post order | Missing Authorization vulnerability in faaiq Custom Category/Post Type Post order allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Custom Category/Post Type Post order: from n/a through 1.5.9. | 2025-06-06 | 5.4 | CVE-2025-29013 |
| facturaone–TicketBAI Facturas para WooCommerce | Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TicketBAI Facturas para WooCommerce: from n/a through 3.19. | 2025-06-06 | 5.4 | CVE-2025-24762 |
| FasterThemes–FastBook | Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook allows Cross Site Request Forgery. This issue affects FastBook: from n/a through 1.1. | 2025-06-06 | 4.3 | CVE-2025-26593 |
| FasterXML–jackson-core | Jackson-core contains core low-level incremental (“streaming”) parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core’s `JsonLocation._appendSourceDesc` method allows up to 500 bytes of unintended memory content to be included in exception messages. When parsing JSON from a byte array with an offset and length, the exception message incorrectly reads from the beginning of the array instead of the logical payload start. This results in possible information disclosure in systems using pooled or reused buffers, like Netty or Vert.x. This issue was silently fixed in jackson-core version 2.13.0, released on September 30, 2021, via PR #652. All users should upgrade to version 2.13.0 or later. If upgrading is not immediately possible, applications can mitigate the issue by disabling exception message exposure to clients to avoid returning parsing exception messages in HTTP responses and/or disabling source inclusion in exceptions to prevent Jackson from embedding any source content in exception messages, avoiding leakage. | 2025-06-06 | 4 | CVE-2025-49128 |
| Fengoffice–Feng Office | A vulnerability was found in Fengoffice Feng Office 3.5.1.5 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php?c=account&a=set_timezone. The manipulation of the argument tz_offset leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5433 |
| FLIR–AX8 | A vulnerability classified as critical has been found in FLIR AX8 up to 1.46.16. This affects the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscriptions.php of the component Backend. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.55.16 is able to address this issue. It is recommended to upgrade the affected component. | 2025-06-05 | 4.7 | CVE-2025-5695 |
| fraudlabspro–FraudLabs Pro for WooCommerce | Missing Authorization vulnerability in fraudlabspro FraudLabs Pro for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FraudLabs Pro for WooCommerce: from n/a through 2.22.11. | 2025-06-06 | 5.3 | CVE-2025-49320 |
| FreshRSS–FreshRSS | FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it’s possible to run arbitrary JavaScript on the feeds page. This occurs by combining a cross-site scripting (XSS) issue that occurs in `f.php` when SVG favicons are downloaded from an attacker-controlled feed containing `<script>` tags inside of them that aren’t sanitized, with the lack of CSP in `f.php` by embedding the malicious favicon in an iframe (that has `sandbox=”allow-scripts allow-same-origin”` set as its attribute). An attacker needs to control one of the feeds that the victim is subscribed to, and also must have an account on the FreshRSS instance. Other than that, the iframe payload can be embedded as one of two options. The first payload requires user interaction (the user clicking on the malicious feed entry) with default user configuration, and the second payload fires instantly right after the user adds the feed or logs into the account while the feed entry is still visible. This is because of lazy image loading functionality, which the second payload bypasses. An attacker can gain access to the victim’s account by exploiting this vulnerability. If the victim is an admin it would be possible to delete all users (cause damage) or execute arbitrary code on the server by modifying the update URL using fetch() via the XSS. Version 1.26.2 has a patch for the issue. | 2025-06-04 | 6.7 | CVE-2025-31136 |
| FreshRSS–FreshRSS | FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `<iframe srcdoc>` attribute, which leads to cross-site scripting (XSS) by loading an attacker’s UserJS inside `<script src>`. In order to execute the attack, the attacker needs to control one of the victim’s feeds and have an account on the FreshRSS instance that the victim is using. An attacker can gain access to the victim’s account by exploiting this vulnerability. If the victim is an admin it would be possible to delete all users (cause damage) or execute arbitrary code on the server by modifying the update URL using fetch() via the XSS. Version 1.26.2 contains a patch for the issue. | 2025-06-04 | 6.7 | CVE-2025-32015 |
| FreshRSS–FreshRSS | FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue. | 2025-06-04 | 4.3 | CVE-2025-31482 |
| FreshRSS–FreshRSS | FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it’s possible to poison feed favicons by adding a given URL as a feed with the proxy set to an attacker-controlled one and disabled SSL verifying. The favicon hash is computed by hashing the feed URL and the salt, whilst not including the following variables: proxy address, proxy protocol, and whether SSL should be verified. Therefore it’s possible to poison a favicon of a given feed by simply intercepting the response of the feed, and changing the website URL to one where a threat actor controls the feed favicon. Feed favicons can be replaced for all users by anyone. Version 1.26.2 fixes the issue. | 2025-06-04 | 4.3 | CVE-2025-46339 |
| frold–Runners Log | The Runners Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘runnerslog’ shortcode in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-06 | 6.4 | CVE-2025-5541 |
| froxlor–Froxlor | Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue. | 2025-06-02 | 5.5 | CVE-2025-48958 |
| Giraphix Creative–Layouts for Elementor | Cross-Site Request Forgery (CSRF) vulnerability in Giraphix Creative Layouts for Elementor allows Cross Site Request Forgery. This issue affects Layouts for Elementor: from n/a through 1.11. | 2025-06-06 | 4.3 | CVE-2025-30948 |
| Google–AngularJS | Improper sanitization of the value of the ‘href’ and ‘xlink:href’ attributes in ‘<image>’ SVG elements in AngularJS’s ‘ngSanitize’ module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing and also negatively affect the application’s performance and behavior by using too large or slow-to-load images. This issue affects AngularJS versions greater than or equal to 1.3.1. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status . | 2025-06-04 | 4.8 | CVE-2025-2336 |
| Grafana–Grafana | This vulnerability in Grafana’s datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily affects datasources that implement route-specific permissions, including Alertmanager and certain Prometheus-based datasources. | 2025-06-02 | 5 | CVE-2025-3454 |
| gsaraiva–Developer Formatter | The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-06-06 | 5.5 | CVE-2025-5699 |
| hanhdo205–Bang tinh vay | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in hanhdo205 Bang tinh vay allows Stored XSS. This issue affects Bang tinh vay: from n/a through 1.0.1. | 2025-06-06 | 5.9 | CVE-2023-26000 |
| Hasina77–Wp Easy Allopass | Cross-Site Request Forgery (CSRF) vulnerability in Hasina77 Wp Easy Allopass allows Cross Site Request Forgery. This issue affects Wp Easy Allopass: from n/a through 4.1.1. | 2025-06-06 | 4.3 | CVE-2025-49435 |
| haxtheweb–issues | HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the `haxPsuUsage` API endpoint, related to a flat present in open-apis versions up to and including 10.0.2. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. When chained with other authorization issues (e.g., HAX-3), this could assist in targeted attacks such as unauthorized content modification or deletion. Commit 06c2e1fbb7131a8fe66aa0600f38dcacae6b7ac7 patches the vulnerability. | 2025-06-02 | 5.3 | CVE-2025-48996 |
| heateor–Social Sharing Plugin Sassy Social Share | The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.75 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action, such as clicking on a link. | 2025-06-07 | 6.1 | CVE-2025-5528 |
| Hewlett Packard Enterprise (HPE)–HPE StoreOnce Software | A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software. | 2025-06-02 | 5.5 | CVE-2025-37094 |
| High-Logic–FontCreator | An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. | 2025-06-02 | 6.5 | CVE-2025-20001 |
| himmelblau-idm–himmelblau | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using group display names instead of object IDs. Starting in version 0.9.0, Himmelblau introduced support for specifying group names in the `pam_allow_groups` configuration option. However, Microsoft Entra ID permits the creation of multiple groups with the same `displayName` via the Microsoft Graph API-even by non-admin users, depending on tenant settings. As a result, a user could create a personal group with the same name as a legitimate access group (e.g., `”Allow-Linux-Login”`), add themselves to it, and be granted authentication or `sudo` rights by Himmelblau. Because affected Himmelblau versions compare group names by either `displayName` or by the immutable `objectId`, this allows bypassing access control mechanisms intended to restrict login to members of official, centrally-managed groups. This issue is fixed in Himmelblau version **0.9.15** and later. In these versions, group name matching in `pam_allow_groups` has been deprecated and removed, and only group `objectId`s (GUIDs) may be specified for secure group-based filtering. To mitigate the issue without upgrading, replace all entries in `pam_allow_groups` with the objectId of the target Entra ID group(s) and/or audit your tenant for groups with duplicate display names using the Microsoft Graph API. | 2025-06-05 | 5.4 | CVE-2025-49012 |
| hivesupport–Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress | The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the hs_update_ai_chat_settings() function. This makes it possible for unauthenticated attackers to reconfigure the plugin’s AI/chat settings (including API keys) and to potentially redirect notifications or leak data to attacker-controlled endpoints via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-06-06 | 5.4 | CVE-2025-5019 |
| hk1993–WP Online Users Stats | The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hk_dataset_results() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-06-06 | 6.1 | CVE-2025-4966 |
| hk1993–WP Online Users Stats | The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘table_name’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-06-06 | 4.9 | CVE-2025-4964 |
| HT Plugins–HT Team Member | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HT Plugins HT Team Member allows Stored XSS. This issue affects HT Team Member: from n/a through 1.1.7. | 2025-06-06 | 6.5 | CVE-2025-49309 |
| Huawei–EG8141A5 | Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-V2 devices through V5R021C00S184 allow the Epuser account to disable ONT firewall functionality, e.g., to remove the default blocking of the SSH and TELNET TCP ports, aka HWNO-56Q3. | 2025-06-06 | 4.1 | CVE-2025-49599 |
| Huawei–HarmonyOS | Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-06-06 | 6.6 | CVE-2025-48902 |
| Huawei–HarmonyOS | Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-06-06 | 6.2 | CVE-2025-48907 |
| Huawei–HarmonyOS | Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability. | 2025-06-06 | 6.7 | CVE-2025-48908 |
| Huawei–HarmonyOS | Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-06-06 | 5.5 | CVE-2025-48910 |
| Huawei–HarmonyOS | Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | 2025-06-06 | 4 | CVE-2024-58114 |
| Huawei–HarmonyOS | Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability. | 2025-06-06 | 4.4 | CVE-2025-48904 |
| IBM–Application Gateway | IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment. | 2025-06-03 | 5.5 | CVE-2024-45655 |
| IBM–QRadar Suite Software | IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input. | 2025-06-03 | 6.5 | CVE-2025-25020 |
| IBM–QRadar Suite Software | IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 allows web pages to be stored locally which can be read by another user on the system. | 2025-06-03 | 4 | CVE-2025-1334 |
| IBM–QRadar Suite Software | IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system. | 2025-06-03 | 4.8 | CVE-2025-25019 |
| IBM–Security Verify Governance | IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 2025-06-06 | 5.9 | CVE-2024-22330 |
| IBM–Verify Identity Access Digital Credentials | IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 2025-06-06 | 4.3 | CVE-2024-56342 |
| IBM–Verify Identity Access Digital Credentials | IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request. | 2025-06-06 | 4.3 | CVE-2024-56343 |
| impleCode–Product Catalog Simple | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in impleCode Product Catalog Simple allows Stored XSS. This issue affects Product Catalog Simple: from n/a through 1.8.1. | 2025-06-06 | 6.5 | CVE-2025-49305 |
| IWEBIX–WP Featured Content Slider | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in IWEBIX WP Featured Content Slider allows Stored XSS. This issue affects WP Featured Content Slider: from n/a through 2.6. | 2025-06-06 | 5.9 | CVE-2025-30634 |
| jason-lau–Hide It | The Hide It plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘hideit’ shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-06 | 6.4 | CVE-2025-5565 |
| jokerbr313–Advanced Post List | Cross-Site Request Forgery (CSRF) vulnerability in jokerbr313 Advanced Post List allows Cross Site Request Forgery. This issue affects Advanced Post List: from n/a through 0.5.6.2. | 2025-06-06 | 5.4 | CVE-2025-30968 |
| Jonathan Lau–CubePoints | Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Lau CubePoints allows Cross Site Request Forgery. This issue affects CubePoints: from n/a through 3.2.1. | 2025-06-06 | 4.3 | CVE-2025-28952 |
| Jrohy–trojan | A vulnerability was found in Jrohy trojan up to 2.15.3. It has been declared as critical. This vulnerability affects the function LogChan of the file trojan/util/linux.go. The manipulation of the argument c leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | 2025-06-03 | 5.6 | CVE-2025-5525 |
| juzaweb–CMS | A vulnerability, which was classified as critical, has been found in juzaweb CMS up to 3.4.2. Affected by this issue is some unknown functionality of the file /admin-cp/plugin/editor of the component Plugin Editor Page. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5421 |
| juzaweb–CMS | A vulnerability has been found in juzaweb CMS up to 3.4.2 and classified as critical. This vulnerability affects unknown code of the file /admin-cp/setting/system/general of the component General Setting Page. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5423 |
| juzaweb–CMS | A vulnerability was found in juzaweb CMS up to 3.4.2 and classified as critical. This issue affects some unknown processing of the file /admin-cp/media of the component Media Page. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5424 |
| juzaweb–CMS | A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as critical. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor Page. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5425 |
| juzaweb–CMS | A vulnerability was found in juzaweb CMS up to 3.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-cp/menus of the component Menu Page. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5426 |
| juzaweb–CMS | A vulnerability was found in juzaweb CMS up to 3.4.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin-cp/permalinks of the component Permalinks Page. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5427 |
| juzaweb–CMS | A vulnerability classified as critical has been found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/log-viewer of the component Error Logs Page. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5428 |
| juzaweb–CMS | A vulnerability classified as critical was found in juzaweb CMS up to 3.4.2. This vulnerability affects unknown code of the file /admin-cp/plugin/install of the component Plugins Page. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5429 |
| juzaweb–CMS | A vulnerability, which was classified as problematic, was found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/logs/email of the component Email Logs Page. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 4.3 | CVE-2025-5422 |
| kro.run–kro | kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro’s controllers deploy and run attacker-controlled images, resulting in unauthenticated remote code execution on cluster nodes. | 2025-06-04 | 4.1 | CVE-2025-48710 |
| Linksys–RE6500 | A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS of the file /goform/WPS. The manipulation of the argument PIN leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5438 |
| Linksys–RE6500 | A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the argument uid/accessToken leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5439 |
| Linksys–RE6500 | A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5440 |
| Linksys–RE6500 | A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5441 |
| Linksys–RE6500 | A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ip/nm/gw leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5442 |
| Linksys–RE6500 | A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the argument ExtChSelector/24GSelector/5GSelector leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5443 |
| Linksys–RE6500 | A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5444 |
| Linksys–RE6500 | A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5445 |
| Linksys–RE6500 | A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5446 |
| Linksys–RE6500 | A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 6.3 | CVE-2025-5447 |
| M A Vinoth Kumar–Frontend Dashboard | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in M A Vinoth Kumar Frontend Dashboard allows Stored XSS. This issue affects Frontend Dashboard: from n/a through 2.2.8. | 2025-06-06 | 6.5 | CVE-2025-49310 |
| Mage people team–Booking and Rental Manager | Missing Authorization vulnerability in Mage people team Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through 2.3.8. | 2025-06-02 | 6.5 | CVE-2025-47585 |
| magepeopleteam–Event Manager and Tickets Selling Plugin for WooCommerce WpEvently WordPress Plugin | The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-07 | 6.4 | CVE-2025-5568 |
| malcolm-oph–StageShow | The StageShow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘anchor’ parameter in all versions up to, and including, 10.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-06 | 6.4 | CVE-2025-5703 |
| Marchetti Design–Next Event Calendar | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Marchetti Design Next Event Calendar allows Stored XSS. This issue affects Next Event Calendar: from n/a through 1.2. | 2025-06-06 | 5.9 | CVE-2023-26001 |
| Mario Peshev–WP-CRM System | Missing Authorization vulnerability in Mario Peshev WP-CRM System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-CRM System: from n/a through 3.4.2. | 2025-06-06 | 5.3 | CVE-2025-49270 |
| mariusz88atelierweb–Atelier Create CV | Cross-Site Request Forgery (CSRF) vulnerability in mariusz88atelierweb Atelier Create CV allows Cross Site Request Forgery. This issue affects Atelier Create CV: from n/a through 1.1.2. | 2025-06-06 | 4.3 | CVE-2025-49439 |
| Marvie Pons–Pinterest Verify Meta Tag | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Marvie Pons Pinterest Verify Meta Tag allows Stored XSS. This issue affects Pinterest Verify Meta Tag: from n/a through 1.3. | 2025-06-06 | 5.9 | CVE-2025-30941 |
| Matt Pramschufer–AppBanners | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Matt Pramschufer AppBanners allows Stored XSS. This issue affects AppBanners: from n/a through 1.5.14. | 2025-06-06 | 5.9 | CVE-2025-30625 |
| Matthias Nordwig–Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant | Cross-Site Request Forgery (CSRF) vulnerability in Matthias Nordwig Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant allows Cross Site Request Forgery. This issue affects Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant: from n/a through 4.1.1. | 2025-06-06 | 4.3 | CVE-2025-49283 |
| mcitar–Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms | The Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.7. This is due to missing or incorrect nonce validation in the ‘ss_option_maint.php’ and ‘ss_user_filter_list’ files. This makes it possible for unauthenticated attackers to delete pending comments, and re-enable a previously blocked user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-06-06 | 5.4 | CVE-2025-2935 |
| melipayamak–Melipayamak | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in melipayamak Melipayamak allows Stored XSS. This issue affects Melipayamak: from n/a through 2.2.12. | 2025-06-06 | 5.9 | CVE-2025-30940 |
| mhallmann–SEPA Girocode | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in mhallmann SEPA Girocode allows Stored XSS. This issue affects SEPA Girocode: from n/a through 0.5.1. | 2025-06-06 | 6.5 | CVE-2025-49450 |
| Michael Cannon–Custom Bulk/Quick Edit | Cross-Site Request Forgery (CSRF) vulnerability in Michael Cannon Custom Bulk/Quick Edit allows Cross Site Request Forgery. This issue affects Custom Bulk/Quick Edit: from n/a through 1.6.10. | 2025-06-06 | 4.3 | CVE-2025-30946 |
| Miguel Fuentes–Payment QR WooCommerce | Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payment QR WooCommerce: from n/a through 1.1.6. | 2025-06-06 | 5.3 | CVE-2025-31000 |
| minhlaobao–Admin Notes | Cross-Site Request Forgery (CSRF) vulnerability in minhlaobao Admin Notes allows Cross Site Request Forgery. This issue affects Admin Notes: from n/a through 1.1. | 2025-06-06 | 4.3 | CVE-2025-49446 |
| Mostafa Shahiri–Simple Nested Menu | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mostafa Shahiri Simple Nested Menu allows Stored XSS. This issue affects Simple Nested Menu: from n/a through 1.0. | 2025-06-06 | 6.5 | CVE-2025-49442 |
| Multilaser–Sirius RE016 | A vulnerability was found in Multilaser Sirius RE016 MLT1.0. It has been rated as problematic. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 5.3 | CVE-2025-5436 |
| Multilaser–Sirius RE016 | A vulnerability classified as critical has been found in Multilaser Sirius RE016 MLT1.0. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 5.3 | CVE-2025-5437 |
| mva7–The Holiday Calendar | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in mva7 The Holiday Calendar allows Stored XSS. This issue affects The Holiday Calendar: from n/a through 1.18.2.1. | 2025-06-06 | 6.5 | CVE-2025-29003 |
| mybb–mybb | MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which allows attackers to determine the existence of hidden (draft, unapproved, or soft-deleted) threads containing specified text in the title. The visibility state (`mybb_threads.visible` integer column) of threads is not validated in internal search queries, whose result is used to output a general success or failure of the search. While MyBB validates permissions when displaying the final search results, a search operation that internally produces at least one result outputs a redirect response (as a HTTP redirect, or a success message page with delayed redirect, depending on configuration). On the other hand, a search operation that internally produces no results outputs a corresponding message in the response without a redirect. This allows a user to determine whether threads matching title search parameters exist, including draft threads (`visible` with a value of `-2`), soft-deleted threads (`visible` with a value of `-1`), and unapproved threads (`visible` with a value of `0`); in addition to displaying generally visible threads (`visible` with a value of `1`). This vulnerability does not affect other layers of permissions. In order to exploit the vulnerability, the user must have access to the search functionality, and general access to forums containing the thread(s). The vulnerability does not expose the message content of posts. MyBB 1.8.39 resolves this issue. | 2025-06-02 | 5.3 | CVE-2025-48941 |
| n/a–ChestnutCMS | A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 6.3 | CVE-2025-5552 |
| n/a–IdeaCMS | A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is able to address this issue. The patch is named 935aceb4c21338633de6d41e13332f7b9db4fa6a. It is recommended to upgrade the affected component. | 2025-06-04 | 6.3 | CVE-2025-5569 |
| n/a–Open5GS | A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2daa44adab762c47a8cef69cc984946973a845b3. It is recommended to apply a patch to fix this issue. | 2025-06-03 | 5.3 | CVE-2025-5501 |
| n/a–Open5GS | A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmm_state_authentication/emm_state_authentication of the component AMF/MME. The manipulation leads to reachable assertion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 9f5d133657850e6167231527514ee1364d37a884. It is recommended to apply a patch to fix this issue. This is a different issue than CVE-2025-1893. | 2025-06-03 | 5.3 | CVE-2025-5520 |
| NasaTheme–Nasa Core | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NasaTheme Nasa Core allows Stored XSS.This issue affects Nasa Core: from n/a before 6.4.1. | 2025-06-06 | 6.5 | CVE-2025-49067 |
| ngel C.–Simple Google Static Map | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ãngel C. Simple Google Static Map allows DOM-Based XSS. This issue affects Simple Google Static Map: from n/a through 1.0.1. | 2025-06-06 | 6.5 | CVE-2025-27334 |
| NickDuncan–Contact Form | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NickDuncan Contact Form allows DOM-Based XSS. This issue affects Contact Form: from n/a through 2.0.12. | 2025-06-06 | 6.5 | CVE-2025-30935 |
| nK–DocsPress | Missing Authorization vulnerability in nK DocsPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DocsPress: from n/a through 2.5.2. | 2025-06-06 | 4.3 | CVE-2025-49240 |
| NTC–WP Page Loading | Cross-Site Request Forgery (CSRF) vulnerability in NTC WP Page Loading allows Cross Site Request Forgery. This issue affects WP Page Loading: from n/a through 1.0.6. | 2025-06-06 | 4.3 | CVE-2025-49317 |
| OceanWP–Ocean Extra | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.4.8. | 2025-06-06 | 6.5 | CVE-2025-49068 |
| OLIVESYSTEM– | Missing Authorization vulnerability in OLIVESYSTEM 診æ–ジェãƒãƒ¬ãƒ¼ã‚¿ä½œæˆãƒ—ラグイン allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects 診æ–ジェãƒãƒ¬ãƒ¼ã‚¿ä½œæˆãƒ—ラグイン: from n/a through 1.4.16. | 2025-06-06 | 5.3 | CVE-2025-30934 |
| onOffice GmbH–onOffice for WP-Websites | Missing Authorization vulnerability in onOffice GmbH onOffice for WP-Websites allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects onOffice for WP-Websites: from n/a through 5.7. | 2025-06-06 | 5.4 | CVE-2025-30958 |
| OpenHarmony–OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. | 2025-06-08 | 6.1 | CVE-2025-27131 |
| OpenHarmony–OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition. | 2025-06-08 | 5.5 | CVE-2025-24493 |
| OpenHarmony–OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. | 2025-06-08 | 5.5 | CVE-2025-26691 |
| OpenHarmony–OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. | 2025-06-08 | 5.5 | CVE-2025-27247 |
| OTWthemes–Post Custom Templates Lite | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in OTWthemes Post Custom Templates Lite allows Stored XSS. This issue affects Post Custom Templates Lite: from n/a through 1.14. | 2025-06-06 | 5.9 | CVE-2025-30942 |
| ovatheme–BRW | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ovatheme BRW allows Stored XSS. This issue affects BRW: from n/a through 1.8.6. | 2025-06-06 | 6.5 | CVE-2025-49314 |
| Pascal Casier–bbPress API | Missing Authorization vulnerability in Pascal Casier bbPress API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects bbPress API: from n/a through 1.0.14. | 2025-06-06 | 5.3 | CVE-2025-24763 |
| PHPGurukul–BP Monitoring Management System | A vulnerability, which was classified as critical, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file /edit-family-member.php. The manipulation of the argument memberage leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 6.3 | CVE-2025-5761 |
| PHPGurukul–Complaint Management System | A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function of the file /admin/between-date-complaintreport.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5652 |
| PHPGurukul–Complaint Management System | A vulnerability has been found in PHPGurukul Complaint Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/between-date-userreport.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5653 |
| PHPGurukul–Complaint Management System | A vulnerability was found in PHPGurukul Complaint Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-state.php. The manipulation of the argument description leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5654 |
| PHPGurukul–Complaint Management System | A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument subcategory leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5655 |
| PHPGurukul–Complaint Management System | A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-category.php. The manipulation of the argument description leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5656 |
| PHPGurukul–Complaint Management System | A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument uid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5657 |
| PHPGurukul–Complaint Management System | A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function of the file /admin/updatecomplaint.php. The manipulation of the argument Status leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5658 |
| PHPGurukul–Complaint Management System | A vulnerability classified as critical was found in PHPGurukul Complaint Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /user/profile.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5659 |
| PHPGurukul–Complaint Management System | A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 2.0. Affected by this issue is some unknown functionality of the file /user/register-complaint.php. The manipulation of the argument noc leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5660 |
| PHPGurukul–Daily Expense Tracker System | A vulnerability classified as critical was found in PHPGurukul Daily Expense Tracker System 1.1. This vulnerability affects unknown code of the file /expense-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-03 | 6.3 | CVE-2025-5546 |
| PHPGurukul–Employee Record Management System | A vulnerability, which was classified as critical, has been found in PHPGurukul Employee Record Management System 1.3. Affected by this issue is some unknown functionality of the file /resetpassword.php. The manipulation of the argument newpassword leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 6.3 | CVE-2025-5782 |
| PHPGurukul–Employee Record Management System | A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. This affects an unknown part of the file /editmyexp.php. The manipulation of the argument emp3workduration leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 6.3 | CVE-2025-5783 |
| PHPGurukul–Employee Record Management System | A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This vulnerability affects unknown code of the file /myexp.php. The manipulation of the argument emp3ctc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 6.3 | CVE-2025-5784 |
| PHPGurukul–Employee Record Management System | A vulnerability classified as critical has been found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file /admin/allemployees.php. The manipulation of the argument delid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-07 | 6.3 | CVE-2025-5837 |
| PHPGurukul–Employee Record Management System | A vulnerability classified as critical was found in PHPGurukul Employee Record Management System 1.3. Affected by this vulnerability is an unknown functionality of the file /admin/adminprofile.php. The manipulation of the argument AdminName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-07 | 6.3 | CVE-2025-5838 |
| PHPGurukul–Human Metapneumovirus Testing Management System | A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5693 |
| PHPGurukul–Human Metapneumovirus Testing Management System | A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5694 |
| PHPGurukul–Medical Card Generation System | A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/readenq.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5668 |
| PHPGurukul–Medical Card Generation System | A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0. This vulnerability affects unknown code of the file /admin/unreadenq.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5669 |
| PHPGurukul–Medical Card Generation System | A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/manage-card.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5670 |
| PHPGurukul–Notice Board System | A vulnerability classified as critical has been found in PHPGurukul Notice Board System 1.0. This affects an unknown part of the file /search-notice.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 6.3 | CVE-2025-5566 |
| PHPGurukul–Notice Board System | A vulnerability has been found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-06-05 | 6.3 | CVE-2025-5638 |
| PHPGurukul–Online Fire Reporting System | A vulnerability has been found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This vulnerability affects unknown code of the file /reporting.php. The manipulation of the argument fullname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-06-04 | 6.3 | CVE-2025-5612 |
| PHPGurukul–Online Fire Reporting System | A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This issue affects some unknown processing of the file /request-details.php. The manipulation of the argument requestid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 6.3 | CVE-2025-5613 |
| PHPGurukul–Online Fire Reporting System | A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 6.3 | CVE-2025-5614 |
| PHPGurukul–Online Fire Reporting System | A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /details.php. The manipulation of the argument requestid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 6.3 | CVE-2025-5615 |
| PHPGurukul–Online Fire Reporting System | A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-06-04 | 6.3 | CVE-2025-5616 |
| PHPGurukul–Online Fire Reporting System | A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown part of the file /admin/manage-teams.php. The manipulation of the argument teamid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 6.3 | CVE-2025-5617 |
| PHPGurukul–Online Fire Reporting System | A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. This vulnerability affects unknown code of the file /admin/edit-team.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 6.3 | CVE-2025-5618 |
| PHPGurukul–Rail Pass Management System | A vulnerability, which was classified as critical, has been found in PHPGurukul Rail Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pass-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 6.3 | CVE-2025-5554 |
| PHPGurukul–Teacher Subject Allocation Management System | A vulnerability, which was classified as critical, was found in PHPGurukul Teacher Subject Allocation Management System 1.0. This affects an unknown part of the file /admin/edit-teacher-info.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 6.3 | CVE-2025-5556 |
| PHPGurukul–Teacher Subject Allocation Management System | A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-course.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 6.3 | CVE-2025-5557 |
| PHPGurukul–Teacher Subject Allocation Management System | A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 6.3 | CVE-2025-5558 |
| PickPlugins–Job Board Manager | Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Job Board Manager: from n/a through 2.1.60. | 2025-06-06 | 5.3 | CVE-2025-49324 |
| PickPlugins–Wishlist | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PickPlugins Wishlist allows Stored XSS.This issue affects Wishlist: from n/a through 1.0.43. | 2025-06-06 | 6.5 | CVE-2025-49075 |
| POSIMYTH Innovations–The Plus Addons for Elementor Page Builder Lite | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in POSIMYTH Innovations The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 6.2.7. | 2025-06-06 | 6.5 | CVE-2025-49076 |
| PowieT–Powie’s Uptime Robot | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PowieT Powie’s Uptime Robot allows Stored XSS. This issue affects Powie’s Uptime Robot: from n/a through 0.9.7. | 2025-06-06 | 5.9 | CVE-2025-30638 |
| pozzad–Global Translator | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in pozzad Global Translator allows Stored XSS. This issue affects Global Translator: from n/a through 2.0.2. | 2025-06-06 | 5.9 | CVE-2025-30630 |
| pozzad–Global Translator | Cross-Site Request Forgery (CSRF) vulnerability in pozzad Global Translator allows Cross Site Request Forgery. This issue affects Global Translator: from n/a through 2.0.2. | 2025-06-06 | 5.4 | CVE-2025-30632 |
| Python Software Foundation–CPython | Allows modifying some file metadata (e.g. last modified) with filter=”data” or file permissions (chmod) with filter=”tar” of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of “data” or “tar”. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don’t include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from “no filtering” to `”data”, so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it’s important to avoid installing source distributions with suspicious links. | 2025-06-03 | 5.3 | CVE-2024-12718 |
| Qualcomm, Inc.–Snapdragon | Memory corruption may occur while processing voice call registration with user. | 2025-06-03 | 6.6 | CVE-2024-53013 |
| Qualcomm, Inc.–Snapdragon | Memory corruption while processing IOCTL command to handle buffers associated with a session. | 2025-06-03 | 6.6 | CVE-2024-53015 |
| Qualcomm, Inc.–Snapdragon | Memory corruption while processing I2C settings in Camera driver. | 2025-06-03 | 6.6 | CVE-2024-53016 |
| Qualcomm, Inc.–Snapdragon | Memory corruption while handling test pattern generator IOCTL command. | 2025-06-03 | 6.6 | CVE-2024-53017 |
| Qualcomm, Inc.–Snapdragon | Memory corruption may occur while processing the OIS packet parser. | 2025-06-03 | 6.6 | CVE-2024-53018 |
| quequnlong–shiyi-blog | A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-03 | 6.3 | CVE-2025-5509 |
| quequnlong–shiyi-blog | A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-03 | 6.3 | CVE-2025-5510 |
| quequnlong–shiyi-blog | A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-03 | 5.3 | CVE-2025-5511 |
| QuickcabWP–QuickCab | Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3. | 2025-06-06 | 5.3 | CVE-2025-48337 |
| raychat–Raychat | Missing Authorization vulnerability in raychat Raychat allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Raychat: from n/a through 2.1.0. | 2025-06-06 | 5.3 | CVE-2025-49236 |
| Red Hat–Red Hat | A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again. | 2025-06-06 | 6.6 | CVE-2025-0620 |
| regolithsjk–Elegant Visitor Counter | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in regolithsjk Elegant Visitor Counter allows Stored XSS. This issue affects Elegant Visitor Counter: from n/a through 3.1. | 2025-06-06 | 5.9 | CVE-2025-30627 |
| rjarry–aerc | aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part, | 2025-06-05 | 5.8 | CVE-2025-49466 |
| Rometheme–RTMKit Addons for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rometheme RTMKit Addons for Elementor allows Stored XSS. This issue affects RTMKit Addons for Elementor: from n/a through 1.6.0. | 2025-06-06 | 6.5 | CVE-2025-49235 |
| rsemeteys–Freemind Viewer | The Freemind Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘freemind’ shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-06 | 6.4 | CVE-2025-5536 |
| Rustaurius–Ultimate WP Mail | Missing Authorization vulnerability in Rustaurius Ultimate WP Mail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate WP Mail: from n/a through 1.3.5. | 2025-06-06 | 4.3 | CVE-2025-49288 |
| Ryan Burnette–Abbie Expander | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ryan Burnette Abbie Expander allows Stored XSS. This issue affects Abbie Expander: from n/a through 1.0.1. | 2025-06-06 | 6.5 | CVE-2025-49427 |
| Ryan Burnette–Video Embeds | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ryan Burnette Video Embeds allows Stored XSS. This issue affects Video Embeds: from n/a through 0.1.1. | 2025-06-06 | 6.5 | CVE-2025-49429 |
| Samsung Mobile–Samsung Internet | Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files. | 2025-06-04 | 4.5 | CVE-2025-20994 |
| Samsung Mobile–Samsung Internet | Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to read and write arbitrary files. | 2025-06-04 | 4.9 | CVE-2025-20995 |
| Samsung Mobile–Samsung Mobile Devices | Improper access control in AudioService prior to SMR Jun-2025 Release 1 allows local attackers to access sensitive information. | 2025-06-04 | 6.2 | CVE-2025-20981 |
| Samsung Mobile–Samsung Mobile Devices | Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch. | 2025-06-04 | 6.8 | CVE-2025-20984 |
| Samsung Mobile–Samsung Mobile Devices | Improper privilege management in ThemeManager prior to SMR Jun-2025 Release 1 allows local privileged attackers to reuse trial items. | 2025-06-04 | 5.5 | CVE-2025-20985 |
| Samsung Mobile–Samsung Mobile Devices | Improper access control in ScreenCapture for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to take screenshots. | 2025-06-04 | 5.5 | CVE-2025-20986 |
| Samsung Mobile–Samsung Mobile Devices | Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a auth_token. | 2025-06-04 | 5.2 | CVE-2025-20987 |
| Samsung Mobile–Samsung Mobile Devices | Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory. | 2025-06-04 | 5.5 | CVE-2025-20988 |
| Samsung Mobile–Samsung Mobile Devices | Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmac_key. | 2025-06-04 | 5.2 | CVE-2025-20989 |
| Samsung Mobile–Samsung Mobile Devices | Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable. | 2025-06-04 | 4 | CVE-2025-20991 |
| Samsung Mobile–Samsung Mobile Devices | Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory. | 2025-06-04 | 4 | CVE-2025-20992 |
| Samsung Mobile–Samsung Mobile Devices | Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory. | 2025-06-04 | 4 | CVE-2025-20993 |
| Samsung Mobile–Smart Switch | Improper authorization in Smart Switch installed on non-Samsung Device prior to version 3.7.64.10 allows local attackers to read data with the privilege of Smart Switch. User interaction is required for triggering this vulnerability. | 2025-06-04 | 5 | CVE-2025-20996 |
| SeaTheme–Art Theme | The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the ‘arttheme_theme_option_restore’ AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the theme option. | 2025-06-06 | 4.3 | CVE-2025-1778 |
| SeaTheme–BM Content Builder | The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘ux_cb_page_options_save’ function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-06 | 6.4 | CVE-2025-1777 |
| SeedProd–404 Page by SeedProd | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a. | 2025-06-06 | 5.9 | CVE-2025-49322 |
| Seerox–WP Media File Type Manager | Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager allows Cross Site Request Forgery. This issue affects WP Media File Type Manager: from n/a through 2.3.0. | 2025-06-06 | 4.3 | CVE-2025-27359 |
| sergiotrinity–Trinity Audio | Missing Authorization vulnerability in sergiotrinity Trinity Audio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trinity Audio: from n/a through 5.20.0. | 2025-06-06 | 4.3 | CVE-2025-49272 |
| sevenspark–Bellows Accordion Menu | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sevenspark Bellows Accordion Menu allows Stored XSS. This issue affects Bellows Accordion Menu: from n/a through 1.4.3. | 2025-06-06 | 6.5 | CVE-2025-49242 |
| sevenspark–ShiftNav Responsive Mobile Menu | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sevenspark ShiftNav – Responsive Mobile Menu allows Stored XSS. This issue affects ShiftNav – Responsive Mobile Menu: from n/a through 1.8. | 2025-06-06 | 6.5 | CVE-2025-49243 |
| Shahjada–Premium Packages | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Shahjada Premium Packages allows Stored XSS. This issue affects Premium Packages: from n/a through 6.0.2. | 2025-06-06 | 6.5 | CVE-2025-30991 |
| Shamil Shafeev–« DaData.ru | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Shamil Shafeev «ПодÑказки» от DaData.ru allows Stored XSS. This issue affects «ПодÑказки» от DaData.ru: from n/a through 1.0.6. | 2025-06-06 | 5.9 | CVE-2025-30931 |
| ShawonPro–SocialMark | Server-Side Request Forgery (SSRF) vulnerability in ShawonPro SocialMark allows Server Side Request Forgery. This issue affects SocialMark: from n/a through 2.0.7. | 2025-06-06 | 4.9 | CVE-2025-29008 |
| Shenzhen Dashi Tongzhou Information Technology–AgileBPM | A vulnerability classified as critical has been found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected is the function parseStrByFreeMarker of the file /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. The manipulation of the argument str leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5679 |
| Shenzhen Dashi Tongzhou Information Technology–AgileBPM | A vulnerability classified as critical was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected by this vulnerability is the function executeScript of the file /src/main/java/com/dstz/sys/rest/controller/SysScriptController.java of the component Groovy Script Handler. The manipulation of the argument script leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 6.3 | CVE-2025-5680 |
| slackero–phpwcms | A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been declared as critical. This vulnerability affects unknown code of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. The manipulation of the argument cnt_text leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component. | 2025-06-03 | 6.3 | CVE-2025-5497 |
| slackero–phpwcms | A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the function file_get_contents/is_file of the file include/inc_lib/content/cnt21.readform.inc.php of the component Custom Source Tab. The manipulation of the argument cpage_custom leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component. | 2025-06-03 | 5.5 | CVE-2025-5498 |
| SmartDataSoft–Car Repair Services | Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car Repair Services allows Server Side Request Forgery. This issue affects Car Repair Services: from n/a through 5.0. | 2025-06-06 | 5.4 | CVE-2025-30997 |
| smartwpress–Music Player for Elementor Audio Player & Podcast Player | The Music Player for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘album_buy_url’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-03 | 6.4 | CVE-2025-5340 |
| Soft8Soft LLC–Verge3D | Missing Authorization vulnerability in Soft8Soft LLC Verge3D allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Verge3D: from n/a through 4.9.4. | 2025-06-06 | 5.3 | CVE-2025-49268 |
| SolaPlugins–Sola Support Ticket | Missing Authorization vulnerability in SolaPlugins Sola Support Ticket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sola Support Ticket: from n/a through 3.17. | 2025-06-06 | 6.5 | CVE-2023-25997 |
| SoluesCoop–iSoluesWEB | A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Information Update. The manipulation of the argument nomeArquivo leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | 2025-06-06 | 4.3 | CVE-2025-5714 |
| SourceCodester–Open Source Clinic Management System | A vulnerability classified as critical was found in SourceCodester Open Source Clinic Management System 1.0. This vulnerability affects unknown code of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 6.3 | CVE-2025-5728 |
| SourceCodester–Student Result Management System | A vulnerability classified as critical has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /admin/core/new_user of the component Register Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 5.3 | CVE-2025-5649 |
| Splunk–Splunk Enterprise | In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the “admin” or “power” Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user. | 2025-06-02 | 4.3 | CVE-2025-20297 |
| stefanledin–Responsify WP | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in stefanledin Responsify WP allows Stored XSS. This issue affects Responsify WP: from n/a through 1.9.11. | 2025-06-06 | 5.9 | CVE-2025-30937 |
| Stiofan–BlockStrap Page Builder – Bootstrap Blocks | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Stiofan BlockStrap Page Builder – Bootstrap Blocks allows Stored XSS. This issue affects BlockStrap Page Builder – Bootstrap Blocks: from n/a through 0.1.36. | 2025-06-06 | 6.5 | CVE-2025-30951 |
| storepro–Subscription Renewal Reminders for WooCommerce | Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce allows Cross Site Request Forgery. This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through 1.3.7. | 2025-06-06 | 4.3 | CVE-2025-28984 |
| switcorp–Profiler What Slowing Down Your WP | The Profiler – What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsd_plugin_control() function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to reactivate previously deactivated plugins after accessing the “Profiler” page. | 2025-06-07 | 5.3 | CVE-2025-5814 |
| taskbuilder–Taskbuilder | Missing Authorization vulnerability in taskbuilder Taskbuilder allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Taskbuilder: from n/a through 4.0.3. | 2025-06-06 | 5.3 | CVE-2025-30945 |
| techjewel–Ninja Tables Easy Data Table Builder | The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute arbitrary functions, though it does not allow user supplied parameters only single functions can be called so the impact is limited. | 2025-06-03 | 5.6 | CVE-2025-2939 |
| Tenda–AC18 | A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 6.3 | CVE-2025-5606 |
| Tenda–AC9 | A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-07 | 6.3 | CVE-2025-5836 |
| Tenda–CP3 | A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and classified as critical. Affected by this vulnerability is the function sub_F3C8C of the file apollo. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 4.7 | CVE-2025-5763 |
| tggfref–WP-Recall | Cross-Site Request Forgery (CSRF) vulnerability in tggfref WP-Recall allows Privilege Escalation. This issue affects WP-Recall: from n/a through 16.26.14. | 2025-06-06 | 6.3 | CVE-2025-30981 |
| Thad Allender–GPP Slideshow | Missing Authorization vulnerability in Thad Allender GPP Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GPP Slideshow: from n/a through 1.3.5. | 2025-06-06 | 4.3 | CVE-2025-28996 |
| themeatelier–Domain For Sale, Domain appraisal, Domain auction, Domain marketplace Best Domain For sale Plugin for WordPress | The Domain For Sale plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 3.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-06 | 6.4 | CVE-2025-5239 |
| ThemeHigh–Dynamic Pricing and Discount Rules | Cross-Site Request Forgery (CSRF) vulnerability in ThemeHigh Dynamic Pricing and Discount Rules allows Cross Site Request Forgery.This issue affects Dynamic Pricing and Discount Rules: from n/a through 2.2.9. | 2025-06-06 | 4.3 | CVE-2025-49077 |
| ThemeHunk–ThemeHunk | Missing Authorization vulnerability in ThemeHunk ThemeHunk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThemeHunk: from n/a through 1.1.1. | 2025-06-06 | 4.3 | CVE-2025-30990 |
| themehunk–Vayu Blocks Gutenberg Blocks for WordPress & WooCommerce | The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerWidth’ parameter in all versions up to, and including, 1.3.1 due to a missing capability check on the vayu_blocks_option_panel_callback() function and insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-03 | 6.4 | CVE-2025-4420 |
| ThemesGrove–WidgetKit | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemesGrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.5.4. | 2025-06-06 | 6.5 | CVE-2025-49074 |
| TOTOLINK–X15 | A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-03 | 6.3 | CVE-2025-5502 |
| TOTOLINK–X2000R | A vulnerability has been found in TOTOLINK X2000R 1.0.0-B20230726.1108 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWsc. The manipulation of the argument peerRptPin leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-03 | 6.3 | CVE-2025-5504 |
| TOTOLINK–X2000R | A vulnerability, which was classified as critical, has been found in TOTOLINK X2000R 1.0.0-B20230726.1108. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel. The manipulation of the argument devicemac1 leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-03 | 6.3 | CVE-2025-5515 |
| tushargohel–WordPress Ajax Load More and Infinite Scroll | The WordPress Ajax Load More and Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-06 | 6.4 | CVE-2025-5586 |
| tychesoftwares–Print Invoice & Delivery Notes for WooCommerce | Cross-Site Request Forgery (CSRF) vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce allows Cross Site Request Forgery. This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 5.5.0. | 2025-06-06 | 5.4 | CVE-2025-49239 |
| umbraco–Umbraco-CMS | Umbraco is an ASP.NET content management system (CMS). Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it’s possible to upload a file that doesn’t adhere with the configured allowable file extensions via a manipulated API request. The issue is patched in versions 15.4.2 and 16.0.0. No known workarounds are available. | 2025-06-03 | 5.5 | CVE-2025-48953 |
| Uncanny Owl–Uncanny Automator | Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through 6.4.0.2. | 2025-06-05 | 6.5 | CVE-2025-48133 |
| Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T750/T765/T760/T770/T820/S8000/T8300/T9300 | In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed. | 2025-06-03 | 5.1 | CVE-2025-31711 |
| Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T750/T765/T760/T770/T820/S8000/T8300/T9300 | In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. | 2025-06-03 | 5.1 | CVE-2025-31712 |
| Unisoc (Shanghai) Technologies Co., Ltd.–SC9863A/T606/T612/T616/T750/T765/T760/T770/T820/S8000/T8300/T9300 | In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. | 2025-06-03 | 5.9 | CVE-2025-31710 |
| Unreal Themes–ACF: Yandex Maps Field | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Unreal Themes ACF: Yandex Maps Field allows Stored XSS. This issue affects ACF: Yandex Maps Field: from n/a through 1.1. | 2025-06-06 | 5.9 | CVE-2025-30930 |
| vicchi–WP Biographia | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in vicchi WP Biographia allows Stored XSS. This issue affects WP Biographia: from n/a through 4.0.0. | 2025-06-06 | 5.9 | CVE-2025-30928 |
| viralloops–Viral Loops WP Integration | Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1. | 2025-06-06 | 5.3 | CVE-2025-28995 |
| viralloops–Viral Loops WP Integration | Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1. | 2025-06-06 | 4.3 | CVE-2025-28994 |
| VMware–VMware NSX | VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation. | 2025-06-04 | 6.9 | CVE-2025-22244 |
| VMware–VMware NSX | VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation. | 2025-06-04 | 5.9 | CVE-2025-22245 |
| Vova–Shortcodes Ultimate | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Vova Shortcodes Ultimate allows Stored XSS. This issue affects Shortcodes Ultimate: from n/a through 7.3.5. | 2025-06-06 | 6.5 | CVE-2025-49244 |
| Vuong Nguyen–WP Security Master | Cross-Site Request Forgery (CSRF) vulnerability in Vuong Nguyen WP Security Master allows Cross Site Request Forgery. This issue affects WP Security Master: from n/a through 1.0.2. | 2025-06-06 | 4.3 | CVE-2025-49440 |
| WAGO–Fully Managed Switches 0852-0303 | A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970. | 2025-06-02 | 4.3 | CVE-2025-1235 |
| weblizar–HR Management Lite | Cross-Site Request Forgery (CSRF) vulnerability in weblizar HR Management Lite allows Cross Site Request Forgery. This issue affects HR Management Lite: from n/a through 3.3. | 2025-06-06 | 4.3 | CVE-2025-29005 |
| webnus/–Modern Events Calendar Lite | The Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 7.21.9. This is due improper or insufficient validation of the id property when exporting calendars. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2025-06-06 | 5.3 | CVE-2025-5733 |
| webpack–webpack-dev-server | webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users’ source code may be stolen when you access a malicious web site with non-Chromium based browser. The `Origin` header is checked to prevent Cross-site WebSocket hijacking from happening, which was reported by CVE-2018-14732. But webpack-dev-server always allows IP address `Origin` headers. This allows websites that are served on IP addresses to connect WebSocket. An attacker can obtain source code via a method similar to that used to exploit CVE-2018-14732. Version 5.2.1 contains a patch for the issue. | 2025-06-03 | 6.5 | CVE-2025-30360 |
| webpack–webpack-dev-server | webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users’ source code may be stolen when they access a malicious web site. Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject a malicious script in their site and run the script. Note that the attacker has to know the port and the output entrypoint script path. Combined with prototype pollution, the attacker can get a reference to the webpack runtime variables. By using `Function::toString` against the values in `__webpack_modules__`, the attacker can get the source code. Version 5.2.1 contains a patch for the issue. | 2025-06-03 | 5.3 | CVE-2025-30359 |
| WebToffee–Product Feed for WooCommerce | Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Feed for WooCommerce: from n/a through 2.2.8. | 2025-06-06 | 4.3 | CVE-2025-49287 |
| webtoffee–WordPress Comments Import & Export | The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings parameters. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts on the plugin settings page that will execute whenever an administrative user accesses an injected page. The vulnerability was partially fixed in version 2.4.3 and fully fixed in version 2.4.4 | 2025-06-02 | 6.4 | CVE-2025-3919 |
| whassan–KI Live Video Conferences | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences allows Retrieve Embedded Sensitive Data. This issue affects KI Live Video Conferences: from n/a through 5.5.15. | 2025-06-06 | 5.3 | CVE-2025-23969 |
| whassan–KI Live Video Conferences | Missing Authorization vulnerability in whassan KI Live Video Conferences allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects KI Live Video Conferences: from n/a through 5.5.15. | 2025-06-06 | 5.3 | CVE-2025-23971 |
| Wordapp Team–Wordapp | Missing Authorization vulnerability in Wordapp Team Wordapp allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wordapp: from n/a through 1.7.0. | 2025-06-06 | 4.3 | CVE-2025-30927 |
| WordLift–WordLift | Missing Authorization vulnerability in WordLift WordLift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordLift: from n/a through 3.54.4. | 2025-06-06 | 4.3 | CVE-2025-30624 |
| WP Compress–WP Compress for MainWP | Missing Authorization vulnerability in WP Compress WP Compress for MainWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Compress for MainWP: from n/a through 6.30.32. | 2025-06-06 | 5.4 | CVE-2025-30932 |
| WP Corner–Quick Event Calendar | Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar allows Cross Site Request Forgery. This issue affects Quick Event Calendar: from n/a through 1.4.9. | 2025-06-06 | 4.3 | CVE-2025-27360 |
| WP Legal Pages–WP Cookie Notice for GDPR, CCPA & ePrivacy Consent | Cross-Site Request Forgery (CSRF) vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent allows Cross Site Request Forgery. This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through 3.8.0. | 2025-06-06 | 4.3 | CVE-2025-49285 |
| WP Map Plugins–Interactive Regional Map of Africa | Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive Regional Map of Africa allows Cross Site Request Forgery. This issue affects Interactive Regional Map of Africa: from n/a through 1.0. | 2025-06-06 | 4.3 | CVE-2025-49449 |
| WP Map Plugins–Interactive Regional Map of Florida | Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Interactive Regional Map of Florida: from n/a through 1.0. | 2025-06-06 | 5.3 | CVE-2025-49441 |
| WP Map Plugins–Interactive UK Regional Map | Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive UK Regional Map allows Cross Site Request Forgery. This issue affects Interactive UK Regional Map: from n/a through 2.0. | 2025-06-06 | 4.3 | CVE-2025-49445 |
| WP Table Builder–WP Table Builder | Cross-Site Request Forgery (CSRF) vulnerability in WP Table Builder WP Table Builder allows Cross Site Request Forgery. This issue affects WP Table Builder: from n/a through 2.0.6. | 2025-06-06 | 4.3 | CVE-2025-49286 |
| WP Wham–All Currencies for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Wham All Currencies for WooCommerce allows Stored XSS. This issue affects All Currencies for WooCommerce: from n/a through 2.4.4. | 2025-06-06 | 6.5 | CVE-2025-30950 |
| wp-buy–WP Maintenance Mode & Site Under Construction | Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Maintenance Mode & Site Under Construction allows Cross Site Request Forgery. This issue affects WP Maintenance Mode & Site Under Construction: from n/a through 4.3. | 2025-06-06 | 4.3 | CVE-2025-49284 |
| wp.insider–Simple Membership | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wp.insider Simple Membership allows Stored XSS. This issue affects Simple Membership: from n/a through 4.6.3. | 2025-06-06 | 5.9 | CVE-2025-49333 |
| wpdevteam–Essential Addons for Elementor Popular Elementor Templates and Widgets | The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_event_details_text parameter of Event Calendar Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-07 | 6.4 | CVE-2024-9993 |
| wpdevteam–Essential Addons for Elementor Popular Elementor Templates and Widgets | The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_pricing_item_tooltip_content parameter of the Pricing Table Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-07 | 6.4 | CVE-2024-9994 |
| wpdive–Nexa Blocks | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpdive Nexa Blocks allows Stored XSS. This issue affects Nexa Blocks: from n/a through 1.1.0. | 2025-06-06 | 6.5 | CVE-2025-30952 |
| wpdive–Nexa Blocks | Server-Side Request Forgery (SSRF) vulnerability in wpdive Nexa Blocks allows Server Side Request Forgery. This issue affects Nexa Blocks: from n/a through 1.1.0. | 2025-06-06 | 4.9 | CVE-2025-30976 |
| WPlugged.com–WebHotelier | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPlugged.com WebHotelier allows Stored XSS. This issue affects WebHotelier: from n/a through 1.9.2. | 2025-06-06 | 6.5 | CVE-2025-49299 |
| wpmudev–Broken Link Checker | The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view the plugin’s status. | 2025-06-03 | 4.3 | CVE-2025-4047 |
| wpmudev–Forminator Forms Contact Form, Payment Form & Custom Form Builder | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and ‘data-size’ parameters in all versions up to, and including, 1.44.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-06-05 | 6.4 | CVE-2025-5341 |
| wpsoul–Greenshift | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpsoul Greenshift allows DOM-Based XSS. This issue affects Greenshift: from n/a through 11.5.5. | 2025-06-06 | 6.5 | CVE-2025-49301 |
| wpswings–Ultimate Gift Cards for WooCommerce | The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the ‘default_price’ and ‘product_id’ parameters in all versions up to, and including, 3.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-06-03 | 4.9 | CVE-2025-5103 |
| WPtouch–WPtouch | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPtouch WPtouch allows Stored XSS. This issue affects WPtouch: from n/a through 4.3.60. | 2025-06-06 | 5.9 | CVE-2025-49318 |
| WSO2–WSO2 Enterprise Integrator | An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server. By leveraging this vulnerability, an attacker could upload a specially crafted payload, potentially achieving remote code execution (RCE) on the server. Exploitation requires valid admin credentials, limiting its impact to authorized but potentially malicious users. | 2025-06-02 | 6.8 | CVE-2024-7074 |
| WSO2–WSO2 Enterprise Integrator | A reflected cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser to execute arbitrary JavaScript in the context of the vulnerable page. This vulnerability may allow UI manipulation, redirection to malicious websites, or data exfiltration from the browser. However, since all session-related sensitive cookies are protected with the httpOnly flag, session hijacking is not possible. | 2025-06-02 | 5.2 | CVE-2024-8008 |
| WSO2–WSO2 Enterprise Integrator | A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative access to the Management Console. If successful, the actor could inject persistent JavaScript payloads, enabling the theft of user data or execution of unauthorized actions on behalf of other users. While this issue enables persistent client-side script execution, session-related cookies remain protected with the httpOnly flag, preventing session hijacking. | 2025-06-02 | 4.3 | CVE-2024-3509 |
| WSO2–WSO2 Identity Server | An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users to an attacker-controlled site. By exploiting this vulnerability, an attacker may trick users into visiting a malicious page, enabling phishing attacks to harvest sensitive information or perform other harmful actions. | 2025-06-02 | 5.4 | CVE-2024-1440 |
| WSO2–WSO2 Identity Server as Key Manager | A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal and external resources available through the network or filesystem. Exploitation of this vulnerability could lead to unauthorized access to sensitive data and systems, including resources within private networks, as long as they are reachable by the affected product. | 2025-06-02 | 6.5 | CVE-2024-7073 |
| WuKongOpenSource–WukongCRM | A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-03 | 4.3 | CVE-2025-5521 |
Low Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| authzed–spicedb | SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. Version 1.44.2 fixes the issue. As a workaround, do not use caveats in the schema over an arrow’ed relation. | 2025-06-06 | 3.7 | CVE-2025-49011 |
| Cisco–Cisco Unified Contact Center Express | A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by sending a crafted Java object to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root. | 2025-06-04 | 3.8 | CVE-2025-20276 |
| Cisco–Cisco Unified Contact Center Express | A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper limitation of a pathname to a restricted directory (path traversal). An attacker could exploit this vulnerability by sending a crafted web request to an affected device, followed by a specific command through an SSH session. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root. | 2025-06-04 | 3.4 | CVE-2025-20277 |
| code-projects–Laundry System | A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/insert_laundry.php. The manipulation of the argument Customer leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 3.5 | CVE-2025-5764 |
| code-projects–Laundry System | A vulnerability was found in code-projects Laundry System 1.0. It has been classified as problematic. This affects an unknown part of the file /data/edit_laundry.php. The manipulation of the argument Customer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 3.5 | CVE-2025-5765 |
| code-projects–Laundry System | A vulnerability has been found in code-projects Laundry System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /data/edit_type.php. The manipulation of the argument Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 3.5 | CVE-2025-5796 |
| code-projects–Laundry System | A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. This issue affects some unknown processing of the file /data/insert_type.php. The manipulation of the argument Type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 3.5 | CVE-2025-5797 |
| code-projects–Traffic Offense Reporting System | A vulnerability, which was classified as problematic, has been found in code-projects Traffic Offense Reporting System 1.0. This issue affects some unknown processing of the file saveuser.php. The manipulation of the argument user_id/username/email/name/position leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 3.5 | CVE-2025-5651 |
| code-projects–Traffic Offense Reporting System | A vulnerability was found in code-projects Traffic Offense Reporting System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /save-reported.php. The manipulation of the argument offence_id/vehicle_no/driver_license/name/address/gender/officer_reporting/offence leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 3.5 | CVE-2025-5757 |
| code-projects–Traffic Offense Reporting System | A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument site_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 2.4 | CVE-2025-5661 |
| enilu–web-flash | A vulnerability classified as problematic has been found in enilu web-flash 1.0. This affects the function fileService.upload of the file src/main/java/cn/enilu/flash/api/controller/FileController/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-03 | 3.5 | CVE-2025-5523 |
| inventree–InvenTree | InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in `label-sheet` plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a denial-of-service via memory exhaustion. the issue is fixed in versions 0.17.13 and higher. No workaround is available aside from upgrading to the patched version. | 2025-06-03 | 3.5 | CVE-2025-49000 |
| juzaweb–CMS | A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Upload leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-02 | 3.5 | CVE-2025-5420 |
| n/a–PX4-Autopilot | A vulnerability was found in PX4-Autopilot 1.12.3. It has been classified as problematic. This affects the function MavlinkReceiver::handle_message_trajectory_representation_waypoints of the file mavlink_receiver.cpp of the component TRAJECTORY_REPRESENTATION_WAYPOINTS Message Handler. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 3.3 | CVE-2025-5640 |
| n/a–Radare2 | A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function r_cons_is_breaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. An additional warning regarding threading support has been added. | 2025-06-05 | 2.5 | CVE-2025-5641 |
| n/a–Radare2 | A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added. | 2025-06-05 | 2.5 | CVE-2025-5642 |
| n/a–Radare2 | A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function cons_stack_load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added. | 2025-06-05 | 2.5 | CVE-2025-5643 |
| n/a–Radare2 | A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added. | 2025-06-05 | 2.5 | CVE-2025-5644 |
| n/a–Radare2 | A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added. | 2025-06-05 | 2.5 | CVE-2025-5645 |
| n/a–Radare2 | A vulnerability has been found in Radare2 5.9.9 and classified as problematic. This vulnerability affects the function r_cons_rainbow_free in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added. | 2025-06-05 | 2.5 | CVE-2025-5646 |
| n/a–Radare2 | A vulnerability was found in Radare2 5.9.9 and classified as problematic. This issue affects the function r_cons_context_break_pop in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added. | 2025-06-05 | 2.5 | CVE-2025-5647 |
| n/a–Radare2 | A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added. | 2025-06-05 | 2.5 | CVE-2025-5648 |
| OpenHarmony–OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion. | 2025-06-08 | 3.3 | CVE-2025-20063 |
| OpenHarmony–OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion. | 2025-06-08 | 3.3 | CVE-2025-21082 |
| OpenHarmony–OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read. | 2025-06-08 | 3.3 | CVE-2025-23235 |
| OpenHarmony–OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. | 2025-06-08 | 3.3 | CVE-2025-25217 |
| OpenHarmony–OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. | 2025-06-08 | 3.3 | CVE-2025-26693 |
| OpenHarmony–OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. | 2025-06-08 | 3.3 | CVE-2025-27242 |
| OpenHarmony–OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. | 2025-06-08 | 3.3 | CVE-2025-27563 |
| PHPGurukul–Hospital Management System | A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been classified as problematic. Affected is an unknown function of the file /doctor/edit-patient.php?editid=2 of the component POST Parameter Handler. The manipulation of the argument patname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-04 | 2.4 | CVE-2025-5584 |
| quequnlong–shiyi-blog | A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-03 | 3.5 | CVE-2025-5513 |
| Signal–App | A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-06 | 3.8 | CVE-2025-5715 |
| SoluesCoop–iSoluesWEB | A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250519 and classified as problematic. Affected by this issue is some unknown functionality of the file /fluxos-dashboard of the component Flow Handler. The manipulation of the argument Descrição da solicitação leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | 2025-06-06 | 3.5 | CVE-2025-5713 |
| SourceCodester–Food Menu Manager | A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-05 | 3.5 | CVE-2025-5628 |
| SourceCodester–Student Result Management System | A vulnerability, which was classified as problematic, was found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/core/update_profile of the component Profile Setting Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 2.4 | CVE-2025-5721 |
| SourceCodester–Student Result Management System | A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /script/academic/terms of the component Add Academic Term. The manipulation of the argument Academic Term leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 2.4 | CVE-2025-5722 |
| SourceCodester–Student Result Management System | A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/academic/classes of the component Classes Page. The manipulation of the argument Class Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 2.4 | CVE-2025-5723 |
| SourceCodester–Student Result Management System | A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /script/academic/subjects of the component Subjects Page. The manipulation of the argument Subject leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 2.4 | CVE-2025-5724 |
| SourceCodester–Student Result Management System | A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/academic/grading-system of the component Grading System Page. The manipulation of the argument Remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 2.4 | CVE-2025-5725 |
| SourceCodester–Student Result Management System | A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /script/academic/division-system of the component Division System Page. The manipulation of the argument Division leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 2.4 | CVE-2025-5726 |
| SourceCodester–Student Result Management System | A vulnerability classified as problematic has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/announcement of the component Announcement Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-06 | 2.4 | CVE-2025-5727 |
| TOTOLINK–A3002RU | A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011 and classified as problematic. This issue affects some unknown processing of the file /boafrm/formPortFw of the component Virtual Server Page. The manipulation of the argument service_type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-03 | 2.4 | CVE-2025-5505 |
| TOTOLINK–A3002RU | A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been classified as problematic. Affected is an unknown function of the component NAT Mapping Page. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-03 | 2.4 | CVE-2025-5506 |
| TOTOLINK–A3002RU | A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-03 | 2.4 | CVE-2025-5507 |
| TOTOLINK–A3002RU | A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Port Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-03 | 2.4 | CVE-2025-5508 |
| TOTOLINK–X2000R | A vulnerability, which was classified as problematic, was found in TOTOLINK X2000R 1.0.0-B20230726.1108. This affects an unknown part of the file /boafrm/formFilter of the component URL Filtering Page. The manipulation of the argument URL Address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-06-03 | 2.4 | CVE-2025-5516 |
| TOTOLINK–X2000R | A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formPortFw of the component Virtual Server Page. The manipulation of the argument service_type leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-06-03 | 2.4 | CVE-2025-5542 |
| TOTOLINK–X2000R | A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page. The manipulation of the argument Device Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-06-03 | 2.4 | CVE-2025-5543 |
| Valkey–Valkey | setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size – prev->used. | 2025-06-02 | 3.1 | CVE-2025-49112 |
Severity Not Yet Assigned
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1Panel-dev–MaxKB | MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as `/bin,/usr/bin`, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directories to carry out attacks. Version 1.10.8-lts fixes the issue. | 2025-06-03 | not yet calculated | CVE-2025-48950 |
| 2BrightSparks–SyncBackFree | 2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 2BrightSparks SyncBackFree. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator is also required. The specific flaw exists within the Mirror functionality. By creating a junction, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26962. | 2025-06-06 | not yet calculated | CVE-2025-5474 |
| 70mai–A510 | 70mai A510 Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of 70mai A510. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default configuration of user accounts. The configuration contains default password. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the root. Was ZDI-CAN-24996. | 2025-06-06 | not yet calculated | CVE-2025-2766 |
| Acronis–Acronis Cyber Protect 16 | Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938. | 2025-06-04 | not yet calculated | CVE-2025-48960 |
| Acronis–Acronis Cyber Protect 16 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39938. | 2025-06-04 | not yet calculated | CVE-2025-48961 |
| Acronis–Acronis Cyber Protect 16 | Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938. | 2025-06-04 | not yet calculated | CVE-2025-48962 |
| Acronis–Acronis Cyber Protect Cloud Agent | Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077. | 2025-06-04 | not yet calculated | CVE-2025-30415 |
| Acronis–Acronis Cyber Protect Cloud Agent | Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077. | 2025-06-04 | not yet calculated | CVE-2025-48959 |
| Action1–Action1 | Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26767. | 2025-06-06 | not yet calculated | CVE-2025-5480 |
| Allegra–Allegra | Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the extractFileFromZip method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26524. | 2025-06-06 | not yet calculated | CVE-2025-3485 |
| Amazon–FreeRTOS | We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled. Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes. | 2025-06-04 | not yet calculated | CVE-2025-5688 |
| Apache Software Foundation–Apache InLong | Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 before 2.1.0, this issue would allow an authenticated attacker to read arbitrary files by double writing the param. Users are recommended to upgrade to version 2.1.0, which fixes the issue. | 2025-06-06 | not yet calculated | CVE-2025-27531 |
| Apache Software Foundation–Apache Pekko Management | If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes this issue. | 2025-06-03 | not yet calculated | CVE-2025-46548 |
| Arm Ltd–Bifrost GPU Kernel Driver | Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r44p0 through r49p3, from r50p0 through r51p0; Valhall GPU Kernel Driver: from r44p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r49p3, from r50p0 through r54p0. | 2025-06-02 | not yet calculated | CVE-2025-0819 |
| Arm Ltd–Bifrost GPU Userspace Driver | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including via WebGL or WebGPU, to access outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r18p0 through r49p3, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r28p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r49p3, from r50p0 through r54p0. | 2025-06-02 | not yet calculated | CVE-2025-1246 |
| Arm Ltd–Valhall GPU Kernel Driver | Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r53p0 before r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r53p0 before r54p0. | 2025-06-02 | not yet calculated | CVE-2025-0073 |
| Atheos–Atheos | Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of `escapeshellcmd()` in `/components/codegit/traits/execute.php` allows argument injection, leading to arbitrary command execution. Atheos administrators and users of vulnerable versions are at risk of data breaches or server compromise. Version 6.0.4 introduces a `Common::safe_execute` function that sanitizes all arguments using `escapeshellarg()` prior to execution and migrated all components potentially vulnerable to similar exploits to use this new templated execution system. | 2025-06-05 | not yet calculated | CVE-2025-49008 |
| auth0–auth0-PHP | Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.3.1 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Applications using the Auth0-PHP SDK are affected, as are applications using the Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs, because those SDKsrely on the Auth0-PHP SDK versions from 8.0.0-BETA3 until 8.14.0. Version 8.3.1 contains a patch for the issue. | 2025-06-03 | not yet calculated | CVE-2025-48951 |
| auth0–nextjs-auth0 | The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, `__session` cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for someone to be affected by the vulnerability: Applications using the NextJS-Auth0 SDK, versions between 4.0.1 to 4.6.0, applications using CDN or edge caching that caches responses with the Set-Cookie header, and if the Cache-Control header is not properly set for sensitive responses. Users should upgrade auth0/nextjs-auth0 to v4.6.1 to receive a patch. | 2025-06-04 | not yet calculated | CVE-2025-48947 |
| B. Braun Melsungen AG–OnlineSuite | A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server. | 2025-06-06 | not yet calculated | CVE-2025-3321 |
| B. Braun Melsungen AG–OnlineSuite | An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server. | 2025-06-06 | not yet calculated | CVE-2025-3322 |
| curl–curl | Due to a mistake in libcurl’s WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS libcurl-using application. | 2025-06-07 | not yet calculated | CVE-2025-5399 |
| dataease–dataease | DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. No known workarounds are available. | 2025-06-03 | not yet calculated | CVE-2025-48998 |
| dataease–dataease | DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566’s patch exists in versions prior to 2.10.10. In a malicious payload, `getUrlType()` retrieves `hostName`. Since the judgment statement returns false, it will not enter the if statement and will not be filtered. The payload can be directly concatenated at the replace location to construct a malicious JDBC statement. Version 2.10.10 contains a patch for the issue. | 2025-06-03 | not yet calculated | CVE-2025-48999 |
| dataease–dataease | DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available. | 2025-06-03 | not yet calculated | CVE-2025-49001 |
| dataease–dataease | DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in v2.10.10. No known workarounds are available. | 2025-06-03 | not yet calculated | CVE-2025-49002 |
| Delta Electronics–CNCSoft | Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | 2025-06-04 | not yet calculated | CVE-2025-47724 |
| Delta Electronics–CNCSoft | Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | 2025-06-04 | not yet calculated | CVE-2025-47725 |
| Delta Electronics–CNCSoft | Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | 2025-06-04 | not yet calculated | CVE-2025-47726 |
| Delta Electronics–CNCSoft | Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | 2025-06-04 | not yet calculated | CVE-2025-47727 |
| Delta Electronics–CNCSoft-G2 | Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | 2025-06-04 | not yet calculated | CVE-2025-47728 |
| denoland–deno | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno correctly threw errors in such cases, as does Node.js. Without authentication tag verification, AES-GCM degrades to essentially CTR mode, removing integrity protection. Authenticated data set with set_aad is also affected, as it is incorporated into the GCM hash (ghash) but this too is not validated, rendering AAD checks ineffective. Version 2.1.7 includes a patch that addresses this issue. | 2025-06-03 | not yet calculated | CVE-2025-24015 |
| denoland–deno | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, `deno run –allow-read –deny-read main.ts` results in allowed, even though ‘deny’ should be stronger. The result is the same with all global unary permissions given as `–allow-* –deny-*`. This only affects a nonsensical combination of flags, so there shouldn’t be a real impact on the userbase. Users may upgrade to version 2.1.13, 2.2.13, or 2.3.2 to receive a patch. | 2025-06-04 | not yet calculated | CVE-2025-48888 |
| denoland–deno | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the `Deno.env.toObject` method ignores any variables listed in the `–deny-env` option of the `deno run` command. When looking at the documentation of the `–deny-env` option this might lead to a false impression that variables listed in the option are impossible to read. Software relying on the combination of both flags to allow access to most environment variables except a few sensitive ones will be vulnerable to malicious code trying to steal secrets using the `Deno.env.toObject()` method. Versions 2.1.13 and 2.2.13 contains a patch. | 2025-06-04 | not yet calculated | CVE-2025-48934 |
| denoland–deno | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno’s permission read/write db permission check by using `ATTACH DATABASE` statement. Version 2.2.5 contains a patch for the issue. | 2025-06-04 | not yet calculated | CVE-2025-48935 |
| Devolutions–Server | Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the “Edit permission” permission by bypassing the client side validation. | 2025-06-05 | not yet calculated | CVE-2025-0691 |
| Devolutions–Server | Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable. | 2025-06-05 | not yet calculated | CVE-2025-3768 |
| Devolutions–Server | Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA. | 2025-06-05 | not yet calculated | CVE-2025-5382 |
| Diviotec–nbr222p | The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are used. | 2025-06-02 | not yet calculated | CVE-2025-5113 |
| expressjs–multer | Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available. | 2025-06-03 | not yet calculated | CVE-2025-48997 |
| Forceu–Gokapi | Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename. After upload and every time someone opens the upload list, the script is then parsed. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users using a version prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A possible workaround would be to disable end-to-end encryption. | 2025-06-02 | not yet calculated | CVE-2025-48494 |
| Forceu–Gokapi | Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users of versions prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A workaround would be to not open the API page if it is possible that another user might have injected code. | 2025-06-02 | not yet calculated | CVE-2025-48495 |
| FreshRSS–FreshRSS | FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server by checking if certain directories exist. An attacker can, for example, check if older PHP versions are installed or if certain software is installed on the server and potentially use that information to further attack the server. Version 1.26.2 contains a patch for the issue. | 2025-06-04 | not yet calculated | CVE-2025-31134 |
| GIMP–GIMP | GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26752. | 2025-06-06 | not yet calculated | CVE-2025-5473 |
| Google–Chrome | Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2025-06-02 | not yet calculated | CVE-2025-5068 |
| Google–Chrome | Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-06-02 | not yet calculated | CVE-2025-5419 |
| Hewlett Packard Enterprise (HPE)–HPE StoreOnce Software | A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | 2025-06-02 | not yet calculated | CVE-2025-37089 |
| Hewlett Packard Enterprise (HPE)–HPE StoreOnce Software | A server-side request forgery vulnerability exists in HPE StoreOnce Software. | 2025-06-02 | not yet calculated | CVE-2025-37090 |
| Hewlett Packard Enterprise (HPE)–HPE StoreOnce Software | A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | 2025-06-02 | not yet calculated | CVE-2025-37092 |
| Hewlett Packard Enterprise (HPE)–HPE StoreOnce Software | A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software. | 2025-06-02 | not yet calculated | CVE-2025-37095 |
| Hewlett Packard Enterprise (HPE)–HPE StoreOnce Software | A command injection remote code execution vulnerability exists in HPE StoreOnce Software. | 2025-06-02 | not yet calculated | CVE-2025-37096 |
| HP, Inc.–HP Support Assistant | A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. | 2025-06-05 | not yet calculated | CVE-2025-43026 |
| https://github.com/yrutschle/sslh/releases/tag/v2.2.4–sslh | A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4. | 2025-06-02 | not yet calculated | CVE-2025-46806 |
| https://github.com/yrutschle/sslh/releases/tag/v2.2.4–sslh | A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh before 2.2.4. | 2025-06-02 | not yet calculated | CVE-2025-46807 |
| i-PRO Co., Ltd.–Surveillance cameras provided by i-PRO Co., Ltd. | Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd.. If a user views a crafted page while logged in to the affected product, unintended operations may be performed. | 2025-06-06 | not yet calculated | CVE-2025-36513 |
| Imagination Technologies–Graphics DDK | Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. | 2025-06-02 | not yet calculated | CVE-2025-25179 |
| Jenkins Project–Jenkins Gatling Plugin | Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling reports in a manner that bypasses the Content-Security-Policy protection introduced in Jenkins 1.641 and 1.625, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to change report content. | 2025-06-06 | not yet calculated | CVE-2025-5806 |
| kafbat–kafka-ui | Kafbat UI is a web user interface for managing Apache Kafka clusters. An unsafe deserialization vulnerability in version 1.0.0 allows any unauthenticated user to execute arbitrary code on the server. Version 1.1.0 fixes the issue. | 2025-06-06 | not yet calculated | CVE-2025-49127 |
| Keiyo System Co., LTD–PC Time Tracer | Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker. | 2025-06-03 | not yet calculated | CVE-2025-46355 |
| Keiyo System Co., LTD–TimeWorks | Improper limitation of a pathname to a restricted directory (‘Path Traversal’) issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker. | 2025-06-03 | not yet calculated | CVE-2025-41428 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the child qdisc’s peek() operation before incrementing sch->q.qlen and sch->qstats.backlog. If the child qdisc uses qdisc_peek_dequeued(), this may trigger an immediate dequeue and potential packet drop. In such cases, qdisc_tree_reduce_backlog() is called, but the HFSC qdisc’s qlen and backlog have not yet been updated, leading to inconsistent queue accounting. This can leave an empty HFSC class in the active list, causing further consequences like use-after-free. This patch fixes the bug by moving the increment of sch->q.qlen and sch->qstats.backlog before the call to the child qdisc’s peek() operation. This ensures that queue length and backlog are always accurate when packet drops or dequeues are triggered during the peek. | 2025-06-06 | not yet calculated | CVE-2025-38000 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: “We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to determine whether it is the first insertion or not [2], but this field is only incremented by init_vf [3]. By using HFSC_RSC (which uses init_ed) [4], it is possible to bypass the check and insert the class twice in the eltree. Under normal conditions, this would lead to an infinite loop in hfsc_dequeue for the reasons we already explained in this report [5]. However, if TBF is added as root qdisc and it is configured with a very low rate, it can be utilized to prevent packets from being dequeued. This behavior can be exploited to perform subsequent insertions in the HFSC eltree and cause a UAF.” To fix both the UAF and the infinite loop, with netem as an hfsc child, check explicitly in hfsc_enqueue whether the class is already in the eltree whenever the HFSC_RSC flag is set. [1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=141d34391abbb315d68556b7c67ad97885407547 [2] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1572 [3] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L677 [4] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1574 [5] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/T/#u | 2025-06-06 | not yet calculated | CVE-2025-38001 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo() Not everything requires locking in there, which is why the ‘has_lock’ variable exists. But enough does that it’s a bit unwieldy to manage. Wrap the whole thing in a ->uring_lock trylock, and just return with no output if we fail to grab it. The existing trylock() will already have greatly diminished utility/output for the failure case. This fixes an issue with reading the SQE fields, if the ring is being actively resized at the same time. | 2025-06-06 | not yet calculated | CVE-2025-38002 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the removal of bcm_op’s is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection. | 2025-06-08 | not yet calculated | CVE-2025-38003 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at runtime where the ‘currframe’ counter is then set to zero. Although this appeared to be a safe operation the updates of ‘currframe’ can be triggered from user space and hrtimer context in bcm_can_tx(). Anderson Nascimento created a proof of concept that triggered a KASAN slab-out-of-bounds read access which can be prevented with a spin_lock_bh. At the rework of bcm_can_tx() the ‘count’ variable has been moved into the protected section as this variable can be modified from both contexts too. | 2025-06-08 | not yet calculated | CVE-2025-38004 |
| mafintosh–tar-fs | tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories. | 2025-06-02 | not yet calculated | CVE-2025-48387 |
| MediaTek, Inc.–MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 | In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739. | 2025-06-02 | not yet calculated | CVE-2025-20678 |
| MediaTek, Inc.–MT6890, MT6990, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, MT7993 | In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303. | 2025-06-02 | not yet calculated | CVE-2025-20674 |
| MediaTek, Inc.–MT7902, MT7921, MT7922, MT7925, MT7927 | In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412257; Issue ID: MSV-3292. | 2025-06-02 | not yet calculated | CVE-2025-20672 |
| MediaTek, Inc.–MT7902, MT7921, MT7922, MT7925, MT7927 | In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413200; Issue ID: MSV-3304. | 2025-06-02 | not yet calculated | CVE-2025-20673 |
| MediaTek, Inc.–MT7902, MT7921, MT7922, MT7925, MT7927 | In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413201; Issue ID: MSV-3302. | 2025-06-02 | not yet calculated | CVE-2025-20675 |
| MediaTek, Inc.–MT7902, MT7921, MT7922, MT7925, MT7927 | In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412240; Issue ID: MSV-3293. | 2025-06-02 | not yet calculated | CVE-2025-20676 |
| MediaTek, Inc.–MT7902, MT7921, MT7922, MT7925, MT7927 | In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412256; Issue ID: MSV-3284. | 2025-06-02 | not yet calculated | CVE-2025-20677 |
| MIM Software–MIM Admin Service | CVE-2025-1701 is a high-severity vulnerability in the MIM Admin service. An attacker could exploit this vulnerability by sending a specially crafted request over the RMI interface to execute arbitrary code with the privileges of the MIM Admin service. The RMI interface is only accessible locally (listening on 127.0.0.1), limiting the attack vector to the local machine. This means that in a properly configured hospital environment, an attacker must have already compromised the network and additionally compromised the system where the MIM Admin service is running. From there, attackers with sufficient knowledge of MIM’s implementation, library usage, and functionality with access to extend the MIM RMI library could force the MIM Admin service to run commands on the local machine with its privileges. Users of MIM Software products exposed via RDP or multi-user application virtualization system should take note that the system being exposed is the environment hosting the virtualized MIM client. This issue affects MIM Admin Service: before 7.2.13, 7.3.8, 7.4.3 | 2025-06-04 | not yet calculated | CVE-2025-1701 |
| MOPS–moPS | In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword. | 2025-06-07 | not yet calculated | CVE-2024-55585 |
| n/a–n/a | A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the “language” cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information. | 2025-06-02 | not yet calculated | CVE-2024-40112 |
| n/a–n/a | Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials. | 2025-06-02 | not yet calculated | CVE-2024-40113 |
| n/a–n/a | A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code. | 2025-06-02 | not yet calculated | CVE-2024-40114 |
| n/a–n/a | A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands. | 2025-06-02 | not yet calculated | CVE-2024-57459 |
| n/a–n/a | An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation. | 2025-06-04 | not yet calculated | CVE-2025-23095 |
| n/a–n/a | An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation. | 2025-06-04 | not yet calculated | CVE-2025-23096 |
| n/a–n/a | An issue was discovered in Samsung Mobile Processor Exynos 1380. The lack of a length check leads to out-of-bounds writes. | 2025-06-03 | not yet calculated | CVE-2025-23097 |
| n/a–n/a | An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380. A Use-After-Free in the mobile processor leads to privilege escalation. | 2025-06-03 | not yet calculated | CVE-2025-23098 |
| n/a–n/a | An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes. | 2025-06-02 | not yet calculated | CVE-2025-23099 |
| n/a–n/a | An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. The absence of a NULL check leads to a Denial of Service. | 2025-06-03 | not yet calculated | CVE-2025-23100 |
| n/a–n/a | An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation. | 2025-06-04 | not yet calculated | CVE-2025-23101 |
| n/a–n/a | An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, and 1380. A Double Free in the mobile processor leads to privilege escalation. | 2025-06-03 | not yet calculated | CVE-2025-23102 |
| n/a–n/a | An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes. | 2025-06-03 | not yet calculated | CVE-2025-23103 |
| n/a–n/a | An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation. | 2025-06-02 | not yet calculated | CVE-2025-23104 |
| n/a–n/a | An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation. | 2025-06-02 | not yet calculated | CVE-2025-23105 |
| n/a–n/a | An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation. | 2025-06-04 | not yet calculated | CVE-2025-23106 |
| n/a–n/a | An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes. | 2025-06-03 | not yet calculated | CVE-2025-23107 |
| n/a–n/a | A local privilege escalation in the razer_elevation_service.exe in Razer Synapse 4 through 4.0.86.2502180127 allows a local attacker to escalate their privileges via a vulnerable COM interface in the target service. | 2025-06-04 | not yet calculated | CVE-2025-27811 |
| n/a–n/a | An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component. | 2025-06-02 | not yet calculated | CVE-2025-27953 |
| n/a–n/a | An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx. | 2025-06-02 | not yet calculated | CVE-2025-27954 |
| n/a–n/a | Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code. | 2025-06-02 | not yet calculated | CVE-2025-27955 |
| n/a–n/a | Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter. | 2025-06-02 | not yet calculated | CVE-2025-27956 |
| n/a–n/a | File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/Gallery/Images component. | 2025-06-04 | not yet calculated | CVE-2025-29093 |
| n/a–n/a | Cross Site Scripting vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Marketing/Forms, Marketing/Offers and Content/Pages components. | 2025-06-04 | not yet calculated | CVE-2025-29094 |
| n/a–n/a | A buffer overflow in the the Sangoma IMG2020 HTTP server through 2.3.9.6 allows an unauthenticated user to achieve remote code execution. | 2025-06-03 | not yet calculated | CVE-2025-32105 |
| n/a–n/a | In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user’s ability to execute unauthorized code. | 2025-06-03 | not yet calculated | CVE-2025-32106 |
| n/a–n/a | An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation. | 2025-06-03 | not yet calculated | CVE-2025-43923 |
| n/a–n/a | Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends), entered by an admin, allow stored XSS. | 2025-06-03 | not yet calculated | CVE-2025-43924 |
| n/a–n/a | An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data. | 2025-06-03 | not yet calculated | CVE-2025-43925 |
| n/a–n/a | A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting. | 2025-06-02 | not yet calculated | CVE-2025-44115 |
| n/a–n/a | Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component | 2025-06-03 | not yet calculated | CVE-2025-44148 |
| n/a–n/a | Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. | 2025-06-02 | not yet calculated | CVE-2025-44172 |
| n/a–n/a | osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php. | 2025-06-02 | not yet calculated | CVE-2025-45387 |
| n/a–n/a | SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries. | 2025-06-02 | not yet calculated | CVE-2025-45542 |
| n/a–n/a | An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of erupt v1.12.19 allows attackers to execute arbitrary code via uploading a crafted file. | 2025-06-03 | not yet calculated | CVE-2025-45855 |
| n/a–n/a | Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges. | 2025-06-04 | not yet calculated | CVE-2025-46011 |
| n/a–n/a | Foxcms v1.25 has a SQL time injection in the $_POST[‘dbname’] parameter of installdb.php. | 2025-06-03 | not yet calculated | CVE-2025-46154 |
| n/a–n/a | An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint. | 2025-06-04 | not yet calculated | CVE-2025-46203 |
| n/a–n/a | An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint. | 2025-06-04 | not yet calculated | CVE-2025-46204 |
| n/a–n/a | In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. | 2025-06-05 | not yet calculated | CVE-2025-47827 |
| NAVER–billboard.js | billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | 2025-06-04 | not yet calculated | CVE-2025-49223 |
| nekernel-org–nekernel | NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in `rt_copy_memory`, which unconditionally wrote a null terminator at `dst[len]`. When `len` equals the size of the destination buffer (256 bytes), that extra `’\0’` write overruns the buffer by one byte. To avoid breaking existing callers or changing the public API, the patch in commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee takes a minimal approach: it simply removes the overflow-causing line without adding bounds checks or altering the function signature. | 2025-06-02 | not yet calculated | CVE-2025-48990 |
| Netcomm–NTC 6200 | The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with elevated privileges. | 2025-06-02 | not yet calculated | CVE-2025-4010 |
| QNAP Systems Inc.–File Station 5 | An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later | 2025-06-06 | not yet calculated | CVE-2025-22484 |
| QNAP Systems Inc.–File Station 5 | An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later | 2025-06-06 | not yet calculated | CVE-2025-22486 |
| QNAP Systems Inc.–File Station 5 | A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later | 2025-06-06 | not yet calculated | CVE-2025-22490 |
| QNAP Systems Inc.–File Station 5 | An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later | 2025-06-06 | not yet calculated | CVE-2025-29871 |
| QNAP Systems Inc.–File Station 5 | An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later | 2025-06-06 | not yet calculated | CVE-2025-29872 |
| QNAP Systems Inc.–File Station 5 | A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later | 2025-06-06 | not yet calculated | CVE-2025-29873 |
| QNAP Systems Inc.–File Station 5 | A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later | 2025-06-06 | not yet calculated | CVE-2025-29876 |
| QNAP Systems Inc.–File Station 5 | A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later | 2025-06-06 | not yet calculated | CVE-2025-29877 |
| QNAP Systems Inc.–File Station 5 | An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later | 2025-06-06 | not yet calculated | CVE-2025-29883 |
| QNAP Systems Inc.–File Station 5 | An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later | 2025-06-06 | not yet calculated | CVE-2025-29884 |
| QNAP Systems Inc.–File Station 5 | An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later | 2025-06-06 | not yet calculated | CVE-2025-29885 |
| QNAP Systems Inc.–File Station 5 | An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later | 2025-06-06 | not yet calculated | CVE-2025-30279 |
| QNAP Systems Inc.–File Station 5 | An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later | 2025-06-06 | not yet calculated | CVE-2025-33031 |
| QNAP Systems Inc.–File Station 5 | A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later | 2025-06-06 | not yet calculated | CVE-2025-33035 |
| QNAP Systems Inc.–License Center | A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: License Center 1.9.49 and later | 2025-06-06 | not yet calculated | CVE-2024-50406 |
| QNAP Systems Inc.–Qsync Central | A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later | 2025-06-06 | not yet calculated | CVE-2025-22482 |
| QNAP Systems Inc.–Qsync Central | An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later | 2025-06-06 | not yet calculated | CVE-2025-29892 |
| QNAP Systems Inc.–QTS | A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later | 2025-06-06 | not yet calculated | CVE-2024-56805 |
| QNAP Systems Inc.–QTS | A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later | 2025-06-06 | not yet calculated | CVE-2025-22481 |
| QNAP Systems Inc.–QuRouter | A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later | 2025-06-06 | not yet calculated | CVE-2024-13087 |
| QNAP Systems Inc.–QuRouter | An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QuRouter 2.5.0.140 and later | 2025-06-06 | not yet calculated | CVE-2024-13088 |
| rack–rack | Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. Version 3.1.16 contains a patch for the vulnerability. | 2025-06-04 | not yet calculated | CVE-2025-49007 |
| RCLAMP–File::Find::Rule | File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename. A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed. Example: $ mkdir /tmp/poc; echo > “/tmp/poc/|id” $ perl -MFile::Find::Rule \ -E ‘File::Find::Rule->grep(“foo”)->in(“/tmp/poc”)’ uid=1000(user) gid=1000(user) groups=1000(user),100(users) | 2025-06-05 | not yet calculated | CVE-2011-10007 |
| rsjoomla.com–RSBlog component for Joomla | A stored XSS vulnerability in RSBlog! component 1.11.6 – 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin’s resource. The injected payload is stored by the application and later executed when other users view the affected content. | 2025-06-05 | not yet calculated | CVE-2025-27754 |
| rsjoomla.com–RSFirewall component for Joomla | A path traversal vulnerability in RSFirewall component 2.9.7 – 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files | 2025-06-05 | not yet calculated | CVE-2025-27445 |
| rsjoomla.com–RSform!Pro component for Joomla | A reflected XSS vulnerability in RSform!Pro component 3.0.0 – 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filter[dateFrom] GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin or editor privileges to inject arbitrary JavaScript code by crafting a malicious URL. | 2025-06-04 | not yet calculated | CVE-2025-27444 |
| rsjoomla.com–RSMail! component for Joomla | A stored XSS vulnerability in RSMail! component 1.19.20 – 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard. | 2025-06-05 | not yet calculated | CVE-2025-30084 |
| rsjoomla.com–RSMediaGallery component for Joomla | A SQLi vulnerability in RSMediaGallery component 1.7.4 – 2.1.6 for Joomla was discovered. The vulnerability is due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker to inject malicious SQL code through unsanitized input fields, which are used directly in SQL queries. Exploiting this flaw can lead to unauthorized database access, data leakage, or modification of records. | 2025-06-05 | not yet calculated | CVE-2025-27753 |
| run-llama–run-llama/llama_index | An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code execution (RCE). | 2025-06-02 | not yet calculated | CVE-2025-1750 |
| run-llama–run-llama/llama_index | Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application. | 2025-06-05 | not yet calculated | CVE-2025-1793 |
| Sante–DICOM Viewer Pro | Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26168. | 2025-06-06 | not yet calculated | CVE-2025-5481 |
| Soar Cloud System CO., LTD.–HRD Human Resource Management System | A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object. | 2025-06-06 | not yet calculated | CVE-2025-48780 |
| Soar Cloud System CO., LTD.–HRD Human Resource Management System | An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths. | 2025-06-06 | not yet calculated | CVE-2025-48781 |
| Soar Cloud System CO., LTD.–HRD Human Resource Management System | An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file. | 2025-06-06 | not yet calculated | CVE-2025-48782 |
| Soar Cloud System CO., LTD.–HRD Human Resource Management System | An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths. | 2025-06-06 | not yet calculated | CVE-2025-48783 |
| Soar Cloud System CO., LTD.–HRD Human Resource Management System | A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization. | 2025-06-06 | not yet calculated | CVE-2025-48784 |
| Soar Cloud System CO., LTD.–HRD Human Resource Management System | A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions. | 2025-06-06 | not yet calculated | CVE-2025-5192 |
| Sonos–Era 300 | Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865. | 2025-06-02 | not yet calculated | CVE-2025-1051 |
| The GNU C Library–glibc | The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program. | 2025-06-05 | not yet calculated | CVE-2025-5702 |
| The GNU C Library–glibc | The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program. | 2025-06-05 | not yet calculated | CVE-2025-5745 |
| The Qt Company–Qt | An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a “charset” parameter that lacked a value (such as “data:charset,”), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1. | 2025-06-02 | not yet calculated | CVE-2025-5455 |
| The Qt Company–Qt | When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1. | 2025-06-05 | not yet calculated | CVE-2025-5683 |
| Trol InterMedia–2ClickPortal | Improper neutralization of input provided by an unauthorized user into changes__reference_id parameter in URL allows for boolean-based Blind SQL Injection attacks. | 2025-06-05 | not yet calculated | CVE-2025-4568 |
| Unknown–FancyBox for WordPress | The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries’ caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escalated it to an Unauthenticated Stored XSS | 2025-06-03 | not yet calculated | CVE-2025-3662 |
| Unknown–File Provider | The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | 2025-06-04 | not yet calculated | CVE-2025-4578 |
| Unknown–File Provider | The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2025-06-04 | not yet calculated | CVE-2025-4580 |
| Unknown–Newsletter | The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-06-03 | not yet calculated | CVE-2025-3584 |
| Unknown–Post Slider and Post Carousel with Post Vertical Scrolling Widget | The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-06-03 | not yet calculated | CVE-2025-4567 |
| Unknown–Real Cookie Banner: GDPR & ePrivacy Cookie Consent | The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-06-02 | not yet calculated | CVE-2025-1485 |
| Unknown–Short URL | The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site, like subscribers. | 2025-06-06 | not yet calculated | CVE-2023-2921 |
| Unknown–WP-Optimize | The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations. | 2025-06-02 | not yet calculated | CVE-2025-3951 |
| vivo–SystemUI | SystemUI has an incorrect component protection setting, which allows access to specific information. | 2025-06-06 | not yet calculated | CVE-2024-46941 |
| vivo–Wallet | The wallet has an authentication bypass vulnerability that allows access to specific pages. | 2025-06-06 | not yet calculated | CVE-2025-5719 |
| WF Steuerungstechnik GmbH–airleader MASTER | Improper Authentication vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Authentication Bypass.This issue affects airleader MASTER: 3.00571. | 2025-06-04 | not yet calculated | CVE-2025-5597 |
| WF Steuerungstechnik GmbH–airleader MASTER | Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Retrieve Embedded Sensitive Data.This issue affects airleader MASTER: 3.0046. | 2025-06-04 | not yet calculated | CVE-2025-5598 |
| WOLFBOX–Level 2 EV Charger | WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command frames received by the MCU. When parsing frames, the process does not properly detect the start of a frame, which can lead to misinterpretation of input. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26501. | 2025-06-06 | not yet calculated | CVE-2025-5747 |
| WOLFBOX–Level 2 EV Charger | WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tuya communications module software. The issue results from the exposure of a method allowing the upload of crafted software images to the module. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26349. | 2025-06-06 | not yet calculated | CVE-2025-5748 |
| WOLFBOX–Level 2 EV Charger | WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of cryptographic keys used in vendor-specific encrypted communications. The issue results from the lack of proper initialization of a variable prior to accessing it. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26295. | 2025-06-06 | not yet calculated | CVE-2025-5749 |
| WOLFBOX–Level 2 EV Charger | WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the secKey, localKey, stdTimeZone and devId parameters. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26294. | 2025-06-06 | not yet calculated | CVE-2025-5750 |
| WOLFBOX–Level 2 EV Charger | WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of management cards. The issue results from the lack of personalization of management cards. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26292. | 2025-06-06 | not yet calculated | CVE-2025-5751 |
| XML-Security–signxml | SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=…`), versions of SignXML prior to 4.0.4 are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature algorithms using the `signxml.XMLVerifier.verify(expect_config=…)` setting, an attacker may supply a signature unexpectedly signed with a key other than the provided HMAC key, using a different (asymmetric key) signature algorithm. Starting with SignXML 4.0.4, specifying `hmac_key` causes the set of accepted signature algorithms to be restricted to HMAC only, if not already restricted by the user. | 2025-06-02 | not yet calculated | CVE-2025-48994 |
| XML-Security–signxml | SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=…`), versions of SignXML prior to 4.0.4 are vulnerable to a potential timing attack. The verifier may leak information about the correct HMAC when comparing it with the user supplied hash, allowing users to reconstruct the correct HMAC for any data. | 2025-06-02 | not yet calculated | CVE-2025-48995 |
| Yandex–Telemost | Yandex Telemost for Desktop before 2.7.0 has a DLL Hijacking Vulnerability because an untrusted search path is used. | 2025-06-02 | not yet calculated | CVE-2024-12168 |
| yiisoft–yii2-redis | The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue. | 2025-06-05 | not yet calculated | CVE-2025-48493 |
| ZIV–IDF and ZLF | Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The device is vulnerable to a packet flooding denial of service attack. | 2025-06-06 | not yet calculated | CVE-2025-41360 |
| ZIV–IDF and ZLF | Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The devices improperly handle TLS requests associated with PROCOME sockets, so TLS requests sent to those PROCOME ports could cause the device to reboot and result in a denial of service. To exploit this vulnerability, PROCOME ports must be configured and active, with communications encryption active. | 2025-06-06 | not yet calculated | CVE-2025-41361 |
| ZIV–IDF and ZLF | Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim’s browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission. | 2025-06-06 | not yet calculated | CVE-2025-41362 |
| ZIV–IDF and ZLF | In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission. | 2025-06-06 | not yet calculated | CVE-2025-41363 |
| ZIV–IDF and ZLF | Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim’s browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission. | 2025-06-06 | not yet calculated | CVE-2025-41364 |
| ZIV–IDF and ZLF | Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim’s browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed only with permissions higher than the view permission. | 2025-06-06 | not yet calculated | CVE-2025-41365 |
| ZIV–IDF and ZLF | In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission. | 2025-06-06 | not yet calculated | CVE-2025-41366 |
| ZIV–IDF and ZLF | Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim’s browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission. | 2025-06-06 | not yet calculated | CVE-2025-41367 |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
