Vulnerability Summary for the Week of June 2, 2025

June 9, 2025 Yanac

High Vulnerabilities

PrimaryVendor — Product
Description
Published
CVSS Score
Source Info

1000 Projects–ABC Courier Management System
A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. Affected is an unknown function of the file /adminSQL. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
7.3
CVE-2025-5778

1000projects–Online Notice Board
A vulnerability classified as critical was found in 1000projects Online Notice Board 1.0. This vulnerability affects unknown code of the file /register.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
2025-06-05
7.3
CVE-2025-5650

ABB–EIBPORT V3 KNX
This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web Server of EIBPORT. This issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9.8.
2025-06-04
8.8
CVE-2024-13967

Adrian Hanft–Konami Easter Egg
Cross-Site Request Forgery (CSRF) vulnerability in Adrian Hanft Konami Easter Egg allows Stored XSS. This issue affects Konami Easter Egg: from n/a through v0.4.
2025-06-06
7.1
CVE-2025-49425

Aem Solutions–CMS
A vulnerability was found in Aem Solutions CMS up to 1.0. It has been classified as critical. This affects an unknown part of the file /page.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
7.3
CVE-2025-5434

Agile Logix–Store Locator WordPress
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Agile Logix Store Locator WordPress allows SQL Injection. This issue affects Store Locator WordPress: from n/a through 1.5.1.
2025-06-06
7.6
CVE-2025-49328

alexpinel–Dot
The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs.
2025-06-02
8.1
CVE-2024-57783

AncoraThemes–Mr. Murphy
Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy allows Object Injection.This issue affects Mr. Murphy: from n/a before 1.2.12.1.
2025-06-06
9.8
CVE-2025-49072

Andrei Filonov–WP Text Expander
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Andrei Filonov WP Text Expander allows SQL Injection. This issue affects WP Text Expander: from n/a through 1.0.1.
2025-06-06
7.6
CVE-2025-49421

anssilaitila–Shared Files Frontend File Upload Form & Secure File Sharing
The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitize_file() function. This makes it possible for unauthenticated attackers to bypass the plugin’s MIME-only checks and inject arbitrary web scripts in pages that will execute whenever a user accesses the html file.
2025-06-03
7.2
CVE-2025-4392

AstrBotDevs–AstrBot
AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. The vulnerability has been addressed in Pull Request #1676 and is included in version 3.5.13. As a workaround, users can edit the `cmd_config.json` file to disable the dashboard feature as a temporary workaround. However, it is strongly recommended to upgrade to version v3.5.13 or later to fully resolve this issue.
2025-06-02
7.5
CVE-2025-48957

Autodesk–Revit
A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
2025-06-02
7.8
CVE-2025-5036

Axiomthemes–Sweet Dessert
Deserialization of Untrusted Data vulnerability in Axiomthemes Sweet Dessert allows Object Injection.This issue affects Sweet Dessert: from n/a before 1.1.13.
2025-06-06
9.8
CVE-2025-49073

Axis Communications AB–AXIS OS
The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.
2025-06-02
9.4
CVE-2025-0324

Axis Communications AB–AXIS OS
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.
2025-06-02
8.8
CVE-2025-0358

B. Braun Melsungen AG–OnlineSuite
A missing protection against path traversal allows to access any file on the server.
2025-06-06
9.8
CVE-2025-3365

Campcodes–Hospital Management System
A vulnerability, which was classified as critical, was found in Campcodes Hospital Management System 1.0. Affected is an unknown function of the file /admin/registration.php. The manipulation of the argument full_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5602

Campcodes–Hospital Management System
A vulnerability has been found in Campcodes Hospital Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /registration.php. The manipulation of the argument full_name/username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5603

Campcodes–Hospital Management System
A vulnerability was found in Campcodes Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user-login.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5604

Campcodes–Online Recruitment Management System
A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
7.3
CVE-2025-5676

Campcodes–Online Recruitment Management System
A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/ajax.php?action=save_application. The manipulation of the argument position_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
7.3
CVE-2025-5677

Campcodes–Online Teacher Record Management System
A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /search-teacher.php. The manipulation of the argument searchteacher leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
7.3
CVE-2025-5625

Campcodes–Online Teacher Record Management System
A vulnerability classified as critical has been found in Campcodes Online Teacher Record Management System 1.0. Affected is an unknown function of the file /admin/edit-subjects-detail.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
7.3
CVE-2025-5626

Campcodes–Online Teacher Record Management System
A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /trms/admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
7.3
CVE-2025-5675

catdoc–catdoc
An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
2025-06-02
8.4
CVE-2024-52035

catdoc–catdoc
An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
2025-06-02
8.4
CVE-2024-54028

choicehomemortgage–AI Mortgage Calculator
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in choicehomemortgage AI Mortgage Calculator allows PHP Local File Inclusion. This issue affects AI Mortgage Calculator: from n/a through 1.0.1.
2025-06-06
7.5
CVE-2023-25995

Christiaan Pieterse–MaxiBlocks
Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through 2.1.0.
2025-06-07
8.8
CVE-2025-47601

Cisco–Cisco Data Center Network Manager
A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials.
2025-06-04
8.7
CVE-2025-20163

Cisco–Cisco Identity Services Engine Software
A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected.
2025-06-04
9.9
CVE-2025-20286

Cisco–Cisco Unified Computing System (Managed)
A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device.
2025-06-04
8.8
CVE-2025-20261

code-projects–Content Management System
A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been classified as critical. Affected is an unknown function of the file /publicposts.php. The manipulation of the argument post leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
7.3
CVE-2025-5631

code-projects–Real Estate Property Management System
A vulnerability was found in code-projects Real Estate Property Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /Admin/User.php. The manipulation of the argument txtUserName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
7.3
CVE-2025-5704

code-projects–Real Estate Property Management System
A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Admin/Property.php. The manipulation of the argument cmbCat leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
7.3
CVE-2025-5705

code-projects–Real Estate Property Management System
A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /Admin/NewsReport.php. The manipulation of the argument txtFrom leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
7.3
CVE-2025-5708

code-projects–Real Estate Property Management System
A vulnerability classified as critical was found in code-projects Real Estate Property Management System 1.0. This vulnerability affects unknown code of the file /Admin/InsertCategory.php. The manipulation of the argument txtCategoryName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
7.3
CVE-2025-5709

code-projects–Real Estate Property Management System
A vulnerability, which was classified as critical, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/InsertState.php. The manipulation of the argument txtStateName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
7.3
CVE-2025-5710

code-projects–Real Estate Property Management System
A vulnerability, which was classified as critical, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /Admin/InsertCity.php. The manipulation of the argument cmbState leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
7.3
CVE-2025-5711

code-projects–Real Estate Property Management System
A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/EditCity.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
7.3
CVE-2025-5756

CodeAstro–Real Estate Management System
A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5580

CodeAstro–Real Estate Management System
A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5581

CodeAstro–Real Estate Management System
A vulnerability classified as critical has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /register.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5583

codedraft–Mediabay – WordPress Media Library Folders
Cross-Site Request Forgery (CSRF) vulnerability in codedraft Mediabay – WordPress Media Library Folders allows Reflected XSS. This issue affects Mediabay – WordPress Media Library Folders: from n/a through 1.4.
2025-06-06
7.1
CVE-2025-28948

coredns–coredns
CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticated attacker could open a large number of streams, leading to uncontrolled memory consumption and eventually causing an Out Of Memory (OOM) crash – especially in containerized or memory-constrained environments. The patch in version 1.12.2 introduces two key mitigation mechanisms: `max_streams`, which caps the number of concurrent QUIC streams per connection with a default value of `256`; and `worker_pool_size`, which Introduces a server-wide, bounded worker pool to process incoming streams with a default value of `1024`. This eliminates the 1:1 stream-to-goroutine model and ensures that CoreDNS remains resilient under high concurrency. Some workarounds are available for those who are unable to upgrade. Disable QUIC support by removing or commenting out the `quic://` block in the Corefile, use container runtime resource limits to detect and isolate excessive memory usage, and/or monitor QUIC connection patterns and alert on anomalies.
2025-06-06
7.5
CVE-2025-47950

D-Link–DCS-932L
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
2025-06-04
8.8
CVE-2025-5572

D-Link–DIR-816
A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
2025-06-05
9.8
CVE-2025-5622

D-Link–DIR-816
A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
2025-06-05
9.8
CVE-2025-5623

D-Link–DIR-816
A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
2025-06-05
9.8
CVE-2025-5624

D-Link–DIR-816
A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
2025-06-05
9.8
CVE-2025-5630

D-Link–DIR-816
A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
2025-06-04
7.3
CVE-2025-5620

D-Link–DIR-816
A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
2025-06-04
7.3
CVE-2025-5621

Daman Jeet–Real Time Validation for Gravity Forms
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Daman Jeet Real Time Validation for Gravity Forms allows Reflected XSS.This issue affects Real Time Validation for Gravity Forms: from n/a through 1.7.0.
2025-06-06
7.1
CVE-2025-48329

Dassault Systmes–DELMIA Apriso
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.
2025-06-02
9
CVE-2025-5086

David Shabtai–Post Author
Cross-Site Request Forgery (CSRF) vulnerability in David Shabtai Post Author allows Stored XSS. This issue affects Post Author: from n/a through 1.1.1.
2025-06-06
7.1
CVE-2025-28950

Dell–Encryption Admin Utilities
Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.
2025-06-03
7.8
CVE-2025-36564

dilemma123–Recent Posts Slider Responsive
Cross-Site Request Forgery (CSRF) vulnerability in dilemma123 Recent Posts Slider Responsive allows Stored XSS. This issue affects Recent Posts Slider Responsive: from n/a through 1.0.1.
2025-06-06
7.1
CVE-2025-28966

dr_scythe–WP Email Debug
The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled address and then trigger a password reset for an administrator to gain access to an administrator account.
2025-06-06
9.8
CVE-2025-5486

enituretechnology–LTL Freight Quotes Freightview Edition
The LTL Freight Quotes – Freightview Edition, LTL Freight Quotes – Daylight Edition and LTL Freight Quotes – Day & Ross Edition plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the expiry_date parameter in all versions up to, and including, 1.0.11, 2.2.6 and 2.1.10 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-07
7.2
CVE-2025-5303

Fahad Mahmood–WP Shopify
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Fahad Mahmood WP Shopify allows PHP Local File Inclusion. This issue affects WP Shopify: from n/a through 1.5.3.
2025-06-06
7.5
CVE-2025-30999

FreeFloat–FTP Server
A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown processing of the component CDUP Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5547

FreeFloat–FTP Server
A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5548

FreeFloat–FTP Server
A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component PASV Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5549

FreeFloat–FTP Server
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component PBSZ Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5550

FreeFloat–FTP Server
A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. This affects an unknown part of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5551

FreeFloat–FTP Server
A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component PASSIVE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5592

FreeFloat–FTP Server
A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component HOST Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5593

FreeFloat–FTP Server
A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component SET Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5594

FreeFloat–FTP Server
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component PROGRESS Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5595

FreeFloat–FTP Server
A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component REGET Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5596

FreeFloat–FTP Server
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RESTART Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
7.3
CVE-2025-5664

FreeFloat–FTP Server
A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component XCWD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
7.3
CVE-2025-5665

FreeFloat–FTP Server
A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component XMKD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
7.3
CVE-2025-5666

FreeFloat–FTP Server
A vulnerability was found in FreeFloat FTP Server 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component REIN Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
7.3
CVE-2025-5667

FreshRSS–FreshRSS
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse proxy, it’s possible to impersonate any user either via the `Remote-User` header or the `X-WebAuth-User` header by making specially crafted requests via the add feed functionality and obtaining the CSRF token via XPath scraping. The attacker has to know the IP address of the proxied FreshRSS instance and the admin’s username, while also having an account on the instance. An attacker can send specially crafted requests in order to gain unauthorized access to internal services. This can also lead to privilege escalation like in the demonstrated scenario, although users that have setup OIDC are not affected by privilege escalation. Version 1.26.2 contains a patch for the issue.
2025-06-04
7.1
CVE-2025-46341

Grafana–Grafana
A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: – Viewers can view all dashboards/folders regardless of permissions – Editors can view/edit/delete all dashboards/folders regardless of permissions – Editors can create dashboards in any folder regardless of permissions – Anonymous users with viewer/editor roles are similarly affected Organization isolation boundaries remain intact. The vulnerability only affects dashboard access and does not grant access to datasources.
2025-06-02
8.3
CVE-2025-3260

gVectors–wpForo + wpForo Advanced Attachments
The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-03
7.2
CVE-2025-4224

Hewlett Packard Enterprise (HPE)–HPE StoreOnce Software
An authentication bypass vulnerability exists in HPE StoreOnce Software.
2025-06-02
9.8
CVE-2025-37093

Hewlett Packard Enterprise (HPE)–HPE StoreOnce Software
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
2025-06-02
7.2
CVE-2025-37091

Hibernate–Hibernate Validator
Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data.
2025-06-03
7.3
CVE-2025-35036

hivesupport–Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update_ai_chat_settings() and hive_lite_support_get_all_binbox() functions in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read and overwrite the site’s OpenAI API key and inspection data or modify AI-chat prompts and behavior. This vulnerability is potentially a duplicate of CVE-2025-32208 or/and CVE-2025-32242.
2025-06-06
7.1
CVE-2025-5018

Huawei–HarmonyOS
Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types.
2025-06-06
8.1
CVE-2025-48905

Huawei–HarmonyOS
Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability.
2025-06-06
8.8
CVE-2025-48906

Huawei–HarmonyOS
Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability.
2025-06-06
8.2
CVE-2025-48911

Huawei–HarmonyOS
Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability.
2025-06-06
7.8
CVE-2025-48903

Huawei–HarmonyOS
Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentiality.
2025-06-06
7.1
CVE-2025-48909

IBM–QRadar Suite Software
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files.
2025-06-03
9.6
CVE-2025-25022

IBM–QRadar Suite Software
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code.
2025-06-03
7.2
CVE-2025-25021

jack0240 –bskms
A vulnerability was found in jack0240 é bskms è“å¤©å¹¼å„¿å›ç®¡ç†ç³»ç»Ÿ up to dffe6640b5b54d8e29da6f060e0493fea74b3fad. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sa/addUser of the component User Creation Handler. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
2025-06-03
7.3
CVE-2025-5522

Jatinder Pal Singh–BP Profile as Homepage
Cross-Site Request Forgery (CSRF) vulnerability in Jatinder Pal Singh BP Profile as Homepage allows Stored XSS. This issue affects BP Profile as Homepage: from n/a through 1.1.
2025-06-06
7.1
CVE-2025-49453

JEHc–JEHC-BPM
/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams.
2025-06-03
10
CVE-2025-45854

jupyter–jupyter_core
Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).
2025-06-03
7.3
CVE-2025-30167

Kunbus–Revolution Pi webstatus
An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device
2025-06-06
9.8
CVE-2025-41646

Magazine3–WP Multilang
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Magazine3 WP Multilang allows PHP Local File Inclusion. This issue affects WP Multilang: from n/a through 2.4.19.
2025-06-06
7.5
CVE-2025-49307

mail250–Free WP Mail SMTP
Cross-Site Request Forgery (CSRF) vulnerability in mail250 Free WP Mail SMTP allows Stored XSS. This issue affects Free WP Mail SMTP: from n/a through 1.0.
2025-06-06
7.1
CVE-2025-28974

mangup–Personal Favicon
Cross-Site Request Forgery (CSRF) vulnerability in mangup Personal Favicon allows Stored XSS. This issue affects Personal Favicon: from n/a through 2.0.
2025-06-06
7.1
CVE-2025-28964

Marwal Infotech–CMS
A vulnerability was found in Marwal Infotech CMS 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /page.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
7.3
CVE-2025-5435

Microhard–IPn4Gii / Bullet-LTE Firmware
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.
2025-06-08
7.1
CVE-2025-35004

Microhard–IPn4Gii / Bullet-LTE Firmware
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.
2025-06-08
7.1
CVE-2025-35005

Microhard–IPn4Gii / Bullet-LTE Firmware
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFPORTFWD command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.
2025-06-08
7.1
CVE-2025-35006

Microhard–IPn4Gii / Bullet-LTE Firmware
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFRULE command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.
2025-06-08
7.1
CVE-2025-35007

Microhard–IPn4Gii / Bullet-LTE Firmware
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MMNAME command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.
2025-06-08
7.1
CVE-2025-35008

Microhard–IPn4Gii / Bullet-LTE Firmware
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.
2025-06-08
7.1
CVE-2025-35009

Microhard–IPn4Gii / Bullet-LTE Firmware
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNPINGTM command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.
2025-06-08
7.1
CVE-2025-35010

Microsoft–Power Automate for Desktop
Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network.
2025-06-05
9.8
CVE-2025-47966

mybb–mybb
MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion (LFI) via a specially crafted parameter value. In order to exploit the vulnerability, the installer must be unlocked (no `install/lock` file present) and the upgrade script must be accessible (by re-installing the forum via access to `install/index.php`; when the forum has not yet been installed; or the attacker is authenticated as a forum administrator). MyBB 1.8.39 resolves this issue.
2025-06-02
7.2
CVE-2025-48940

Netgear–WNR614
A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The manipulation with the input %00currentsetting.htm leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue appears to have been circulating as an 0day since 2024.
2025-06-03
7.3
CVE-2025-5495

Nir–Complete Google Seo Scan
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Nir Complete Google Seo Scan allows SQL Injection. This issue affects Complete Google Seo Scan: from n/a through 3.5.1.
2025-06-06
7.6
CVE-2025-26590

ON Semiconductor–Quantenna Wi-Fi chipset
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, “Missing Authentication for Critical Function,” and is estimated as a CVSS 9.1 ( CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.
2025-06-08
9.1
CVE-2025-3461

ON Semiconductor–Quantenna Wi-Fi chipset
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.
2025-06-08
7.7
CVE-2025-32455

ON Semiconductor–Quantenna Wi-Fi chipset
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.
2025-06-08
7.7
CVE-2025-32456

ON Semiconductor–Quantenna Wi-Fi chipset
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.
2025-06-08
7.7
CVE-2025-32457

ON Semiconductor–Quantenna Wi-Fi chipset
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.
2025-06-08
7.7
CVE-2025-32458

ON Semiconductor–Quantenna Wi-Fi chipset
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.
2025-06-08
7.7
CVE-2025-32459

ON Semiconductor–Quantenna Wi-Fi chipset
The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.
2025-06-08
7.7
CVE-2025-3459

ON Semiconductor–Quantenna Wi-Fi chipset
The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.
2025-06-08
7.7
CVE-2025-3460

OTWthemes–Widgetize Pages Light
Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Widgetize Pages Light allows Stored XSS. This issue affects Widgetize Pages Light: from n/a through 3.0.
2025-06-06
7.1
CVE-2025-30995

ovatheme–BRW
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ovatheme BRW allows PHP Local File Inclusion. This issue affects BRW: from n/a through 1.8.6.
2025-06-06
7.5
CVE-2025-49313

owasp-modsecurity–ModSecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg` (and `sanitizeArg` – this is the same action but an alias) is vulnerable to adding an excessive number of arguments, thereby leading to denial of service. Version 2.9.10 fixes the issue. As a workaround, avoid using rules that contain the `sanitiseArg` (or `sanitizeArg`) action.
2025-06-02
7.5
CVE-2025-48866

Parallels–Parallels Desktop for Mac
A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation.
2025-06-03
8.8
CVE-2025-31359

Parallels–Parallels Desktop for Mac
A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation.
2025-06-03
7.8
CVE-2024-36486

Parallels–Parallels Desktop for Mac
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change the ownership of files owned by root to a lower-privilege user, potentially leading to privilege escalation.
2025-06-03
7.8
CVE-2024-52561

Parallels–Parallels Desktop for Mac
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary file, potentially leading to privilege escalation.
2025-06-03
7.8
CVE-2024-54189

PCMan–FTP Server
A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
7.3
CVE-2025-5634

PCMan–FTP Server
A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component PLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
7.3
CVE-2025-5635

PCMan–FTP Server
A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SET Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
7.3
CVE-2025-5636

PCMan–FTP Server
A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
7.3
CVE-2025-5637

PersianScript–Persian Woocommerce SMS
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in PersianScript Persian Woocommerce SMS allows SQL Injection. This issue affects Persian Woocommerce SMS: from n/a through 7.0.10.
2025-06-06
7.6
CVE-2025-49315

PHOENIX CONTACT–ILC 131
An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device.
2025-06-04
7.5
CVE-2018-25112

PHPGurukul–Auto Taxi Stand Management System
A vulnerability has been found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search-autoortaxi.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
7.3
CVE-2025-5663

PHPGurukul–Curfew e-Pass Management System
A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5560

PHPGurukul–Curfew e-Pass Management System
A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5561

PHPGurukul–Curfew e-Pass Management System
A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/edit-category-detail.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5562

PHPGurukul–Dairy Farm Shop Management System
A vulnerability classified as critical has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This affects an unknown part of the file /add-company.php. The manipulation of the argument companyname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5574

PHPGurukul–Dairy Farm Shop Management System
A vulnerability classified as critical was found in PHPGurukul Dairy Farm Shop Management System 1.3. This vulnerability affects unknown code of the file /add-product.php. The manipulation of the argument productname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5575

PHPGurukul–Dairy Farm Shop Management System
A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This issue affects some unknown processing of the file /bwdate-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5576

PHPGurukul–Dairy Farm Shop Management System
A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System 1.3. Affected is an unknown function of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5577

PHPGurukul–Dairy Farm Shop Management System
A vulnerability has been found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sales-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5578

PHPGurukul–Dairy Farm Shop Management System
A vulnerability was found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this issue is some unknown functionality of the file /search-product.php. The manipulation of the argument productname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5579

PHPGurukul–Human Metapneumovirus Testing Management System
A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /new-user-testing.php. The manipulation of the argument state leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
2025-06-06
7.3
CVE-2025-5706

PHPGurukul–Human Metapneumovirus Testing Management System
A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registered-user-testing.php. The manipulation of the argument testtype leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
2025-06-06
7.3
CVE-2025-5707

PHPGurukul–Local Services Search Engine Management System
A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. This vulnerability affects unknown code of the file /admin/edit-person-detail.php?editid=2. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
7.3
CVE-2025-5759

PHPGurukul–Notice Board System
A vulnerability was found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
7.3
CVE-2025-5639

PHPGurukul–Rail Pass Management System
A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5553

PHPGurukul–Student Result Management System
A vulnerability classified as critical was found in PHPGurukul Student Result Management System 1.3. This vulnerability affects unknown code of the file /editmyexp.php. The manipulation of the argument emp1ctc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
7.3
CVE-2025-5599

POEditor–POEditor
Cross-Site Request Forgery (CSRF) vulnerability in POEditor POEditor allows Path Traversal. This issue affects POEditor: from n/a through 0.9.10.
2025-06-06
7.4
CVE-2025-49237

Python Software Foundation–CPython
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter=”data”. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of “data” or “tar”. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from “no filtering” to `”data”, so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it’s important to avoid installing source distributions with suspicious links.
2025-06-03
9.4
CVE-2025-4517

Python Software Foundation–CPython
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of “data” or “tar”. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from “no filtering” to `”data”, so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it’s important to avoid installing source distributions with suspicious links.
2025-06-03
7.5
CVE-2025-4138

Python Software Foundation–CPython
When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped.
2025-06-03
7.5
CVE-2025-4435

Qualcomm, Inc.–Snapdragon
Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.
2025-06-03
8.2
CVE-2024-53019

Qualcomm, Inc.–Snapdragon
Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
2025-06-03
8.2
CVE-2024-53020

Qualcomm, Inc.–Snapdragon
Information disclosure may occur while processing goodbye RTCP packet from network.
2025-06-03
8.2
CVE-2024-53021

Qualcomm, Inc.–Snapdragon
Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
2025-06-03
8.2
CVE-2024-53026

Qualcomm, Inc.–Snapdragon
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
2025-06-03
8.6
CVE-2025-21479

Qualcomm, Inc.–Snapdragon
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
2025-06-03
8.6
CVE-2025-21480

Qualcomm, Inc.–Snapdragon
Memory corruption may occur while attaching VM when the HLOS retains access to VM.
2025-06-03
7.8
CVE-2024-53010

Qualcomm, Inc.–Snapdragon
Transient DOS while processing the EHT operation IE in the received beacon frame.
2025-06-03
7.5
CVE-2025-21463

Qualcomm, Inc.–Snapdragon
Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.
2025-06-03
7.8
CVE-2025-21485

Qualcomm, Inc.–Snapdragon
Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
2025-06-03
7.8
CVE-2025-21486

Qualcomm, Inc.–Snapdragon
Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.
2025-06-03
7.5
CVE-2025-27029

Qualcomm, Inc.–Snapdragon
memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.
2025-06-03
7.8
CVE-2025-27031

Qualcomm, Inc.–Snapdragon
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
2025-06-03
7.5
CVE-2025-27038

quequnlong–shiyi-blog
A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administrator Backend. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-03
7.3
CVE-2025-5512

quic-go–quic-go
quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different remote addresses (thereby triggering the newly added path validation logic: the server sends path probe packets), and then sending ACKs for packets received from the server specifically crafted to trigger the nil-pointer dereference. v0.50.1 contains a patch that fixes the vulnerability. This release contains a test that generates random sequences of sent packets (both regular and path probe packets), that was used to verify that the patch actually covers all corner cases. No known workarounds are available.
2025-06-02
7.5
CVE-2025-29785

Realtek–Bluetooth HCI Adaptor
Bluetooth HCI Adaptor from Realtek has a Link Following vulnerability. Local attackers with regular privileges can create a symbolic link with the same name as a specific file, causing the product to delete arbitrary files pointed to by the link. Subsequently, attackers can leverage arbitrary file deletion to privilege escalation.
2025-06-02
7.8
CVE-2024-11857

Red Hat–Red Hat Enterprise Linux 10
A flaw was found in the user’s crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.
2025-06-06
7.1
CVE-2025-5791

Renzo Tejada–Libro de Reclamaciones y Quejas
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Renzo Tejada Libro de Reclamaciones y Quejas allows SQL Injection. This issue affects Libro de Reclamaciones y Quejas: from n/a through 0.9.
2025-06-06
7.6
CVE-2025-30989

Roundcube–Webmail
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
2025-06-02
9.9
CVE-2025-49113

Ruben Garcia–GamiPress
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ruben Garcia GamiPress allows SQL Injection. This issue affects GamiPress: from n/a through 7.4.5.
2025-06-06
7.6
CVE-2025-49326

Ruben Garcia–ShortLinks Pro
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ruben Garcia ShortLinks Pro allows SQL Injection. This issue affects ShortLinks Pro: from n/a through 1.0.7.
2025-06-06
7.6
CVE-2025-49327

shaonsina–Sina Extension for Elementor
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in shaonsina Sina Extension for Elementor allows Stored XSS. This issue affects Sina Extension for Elementor: from n/a through 3.6.1.
2025-06-06
7.6
CVE-2025-49262

siteheart–HyperComments
The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
2025-06-05
9.8
CVE-2025-5701

Skyvern–Skyvern
Skyvern through 0.1.85 has a Jinja runtime leak in sdk/workflow/models/block.py.
2025-06-07
8.5
CVE-2025-49619

slackero–phpwcms
A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function is_file/getimagesize of the file image_resized.php. The manipulation of the argument imgfile leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component.
2025-06-03
7.3
CVE-2025-5499

SolarWinds–Dameware Mini Remote Control Service
The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability.
2025-06-02
7.8
CVE-2025-26396

Soli–WP Mail Options
Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Options allows Stored XSS. This issue affects WP Mail Options: from n/a through 0.2.3.
2025-06-06
7.1
CVE-2025-28981

SourceCodester–Client Database Management System
A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_update_customer_order.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to initiate the attack remotely.
2025-06-07
7.3
CVE-2025-5840

SourceCodester–Open Source Clinic Management System
A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /appointment.php. The manipulation of the argument patient leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
7.3
CVE-2025-5712

SourceCodester–Open Source Clinic Management System
A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
7.3
CVE-2025-5716

SourceCodester–Open Source Clinic Management System
A vulnerability was found in SourceCodester Open Source Clinic Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /email_config.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
7.3
CVE-2025-5755

SourceCodester–Open Source Clinic Management System
A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. This affects an unknown part of the file /doctor.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
2025-06-06
7.3
CVE-2025-5758

Splunk–Splunk/UniversalForwarder for Windows
In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:Program FilesSplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents.
2025-06-02
8
CVE-2025-20298

StylemixThemes–Motors – Events
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in StylemixThemes Motors – Events allows PHP Local File Inclusion.This issue affects Motors – Events: from n/a through 1.4.7.
2025-06-06
9
CVE-2025-47586

sunshinephotocart–Sunshine Photo Cart: Free Client Photo Galleries for Photographers
The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user’s passwords through the password reset functionality, including administrators, and leverage that to reset the user’s password and gain access to their account.
2025-06-04
8.8
CVE-2025-5482

Teastudio.pl–WP Posts Carousel
Deserialization of Untrusted Data vulnerability in Teastudio.Pl WP Posts Carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through 1.3.12.
2025-06-06
8.8
CVE-2025-39358

Tenda–AC10
A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
8.8
CVE-2025-5629

Tenda–AC15
A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-08
8.8
CVE-2025-5848

Tenda–AC15
A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been classified as critical. This affects the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-08
8.8
CVE-2025-5849

Tenda–AC15
A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of the component HTTP POST Request Handler. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-08
8.8
CVE-2025-5850

Tenda–AC15
A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-08
8.8
CVE-2025-5851

Tenda–AC18
A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
8.8
CVE-2025-5607

Tenda–AC18
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
8.8
CVE-2025-5608

Tenda–AC18
A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
8.8
CVE-2025-5609

Tenda–AC5
A vulnerability, which was classified as critical, has been found in Tenda AC5 15.03.06.47. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
8.8
CVE-2025-5794

Tenda–AC5
A vulnerability, which was classified as critical, was found in Tenda AC5 1.0/15.03.06.47. This affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
8.8
CVE-2025-5795

Tenda–AC8
A vulnerability was found in Tenda AC8 16.03.34.09. It has been classified as critical. Affected is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeType leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
8.8
CVE-2025-5798

Tenda–AC8
A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
8.8
CVE-2025-5799

Tenda–AC9
A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-07
8.8
CVE-2025-5839

Tenda–AC9
A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-08
8.8
CVE-2025-5847

Tenda–CH22
A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
8.8
CVE-2025-5619

Tenda–CH22
A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
8.8
CVE-2025-5685

Tenda–RX3
A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been rated as critical. This issue affects the function save_staticroute_data of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-03
8.8
CVE-2025-5527

Themefic–Hydra Booking
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themefic Hydra Booking allows SQL Injection. This issue affects Hydra Booking: from n/a through 1.1.10.
2025-06-06
8.5
CVE-2025-49323

ThemeGoods–Photography
Deserialization of Untrusted Data vulnerability in ThemeGoods Photography.This issue affects Photography: from n/a through 7.5.2.
2025-06-06
8.5
CVE-2025-47584

TOTOLINK–EX1200T
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
9.8
CVE-2025-5600

TOTOLINK–EX1200T
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
8.8
CVE-2025-5792

TOTOLINK–EX1200T
A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
8.8
CVE-2025-5793

TOTOLINK–N302R Plus
A vulnerability, which was classified as critical, was found in TOTOLINK N302R Plus up to 3.4.0-B20201028. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
8.8
CVE-2025-5671

TOTOLINK–N302R Plus
A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
8.8
CVE-2025-5672

TOTOLINK–X15
A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. This affects the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-03
8.8
CVE-2025-5503

TOTOLINK–X15
A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
8.8
CVE-2025-5734

TOTOLINK–X15
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formSetLg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
8.8
CVE-2025-5735

TOTOLINK–X15
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
8.8
CVE-2025-5736

TOTOLINK–X15
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
8.8
CVE-2025-5737

TOTOLINK–X15
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
8.8
CVE-2025-5738

TOTOLINK–X15
A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
8.8
CVE-2025-5739

TOTOLINK–X15
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
8.8
CVE-2025-5785

TOTOLINK–X15
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
8.8
CVE-2025-5786

TOTOLINK–X15
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
8.8
CVE-2025-5787

TOTOLINK–X15
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
8.8
CVE-2025-5788

TOTOLINK–X15
A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
8.8
CVE-2025-5789

TOTOLINK–X15
A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. This vulnerability affects unknown code of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
8.8
CVE-2025-5790

uxper–Golo – City Travel Guide WordPress Theme
The Golo – City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not properly validating a user’s identity prior to setting an authorization cookie. This makes it possible for unauthenticated attackers to log in as any user, including administrators, provided they know the user’s email address.
2025-06-03
9.8
CVE-2025-4797

Vadim Bogaiskov–Bg Orthodox Calendar
Cross-Site Request Forgery (CSRF) vulnerability in Vadim Bogaiskov Bg Orthodox Calendar allows Stored XSS. This issue affects Bg Orthodox Calendar: from n/a through 0.13.10.
2025-06-06
7.1
CVE-2025-28958

vipul Jariwala–WP Post Corrector
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in vipul Jariwala WP Post Corrector allows SQL Injection. This issue affects WP Post Corrector: from n/a through 1.0.2.
2025-06-06
7.6
CVE-2023-26003

VMware–VMware NSX
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
2025-06-04
7.5
CVE-2025-22243

WCVendors–WC Vendors Marketplace
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WCVendors WC Vendors Marketplace allows Blind SQL Injection. This issue affects WC Vendors Marketplace: from n/a through 2.5.6.
2025-06-06
7.6
CVE-2025-49263

Webaholicson–Epicwin Plugin
Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwin Plugin allows SQL Injection. This issue affects Epicwin Plugin: from n/a through 1.5.
2025-06-06
8.2
CVE-2025-28986

wedevs–WP User Frontend Pro
The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. Please note that this requires the ‘Private Message’ module to be enabled and the Business version of the PRO software to be in use.
2025-06-05
8.8
CVE-2025-3054

wedevs–WP User Frontend Pro
The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_avatar_ajax() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
2025-06-05
8.1
CVE-2025-3055

Wireshark Foundation–Wireshark
Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file
2025-06-04
7.8
CVE-2025-5601

WP Travel Engine–WP Travel Engine
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.5.1.
2025-06-06
7.5
CVE-2025-49308

wphobby–Backwp
Cross-Site Request Forgery (CSRF) vulnerability in wphobby Backwp allows Path Traversal. This issue affects Backwp: from n/a through 2.0.2.
2025-06-06
7.4
CVE-2025-28954

xls2csv–xls2csv
A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
2025-06-02
8.4
CVE-2024-48877

Zscaler–Client Connector
An improper verification of a loaded library in Zscaler Client Connector on Mac < 4.2.0.241 may allow a local attacker to elevate their privileges.
2025-06-04
7.3
CVE-2024-31127

Medium Vulnerabilities

PrimaryVendor — Product
Description
Published
CVSS Score
Source Info

6Storage–6Storage Rentals
Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 6Storage Rentals: from n/a through 2.19.5.
2025-06-06
4.3
CVE-2023-26002

_CreativeMedia_–Elite Video Player
Cross-Site Request Forgery (CSRF) vulnerability in _CreativeMedia_ Elite Video Player allows Cross Site Request Forgery. This issue affects Elite Video Player: from n/a through 10.0.5.
2025-06-06
5.4
CVE-2025-30986

aaluoxiang–oa_system
A vulnerability was found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. It has been rated as problematic. Affected by this issue is the function image of the file src/main/java/cn/gson/oasys/controller/user/UserpanelController.java. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
2025-06-03
4.3
CVE-2025-5544

aaluoxiang–oa_system
A vulnerability classified as problematic has been found in aaluoxiang oa_system up to 5b445a6227b51cee287bd0c7c33ed94b801a82a5. This affects the function image of the file src/main/java/cn/gson/oasys/controller/process/ProcedureController.java. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
2025-06-03
4.3
CVE-2025-5545

Ability, Inc–Accessibility Suite
Missing Authorization vulnerability in Ability, Inc Accessibility Suite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Suite: from n/a through 4.19.
2025-06-06
5.4
CVE-2025-30636

add-ons.org–PDF for WPForms
Missing Authorization vulnerability in add-ons.org PDF for WPForms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for WPForms: from n/a through 5.5.0.
2025-06-06
5
CVE-2025-49289

Agile Logix–Store Locator WordPress
Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress allows Upload a Web Shell to a Web Server. This issue affects Store Locator WordPress: from n/a through 1.5.2.
2025-06-06
6.6
CVE-2025-49329

ajay–Knowledge Base
The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘kbalert’ shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-06
6.4
CVE-2025-5533

Akhtarujjaman Shuvo–Post Grid Master
Missing Authorization vulnerability in Akhtarujjaman Shuvo Post Grid Master allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Grid Master: from n/a through 3.4.13.
2025-06-06
4.3
CVE-2025-30974

Alessandro Piconi–Simple Keyword to Link
Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link allows Cross Site Request Forgery. This issue affects Simple Keyword to Link: from n/a through 1.5.
2025-06-06
4.3
CVE-2025-30980

andreyk–Paged Gallery
The Paged Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘gallery’ shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-06
6.4
CVE-2025-5686

Anton Vanyukov–Market Exporter
Cross-Site Request Forgery (CSRF) vulnerability in Anton Vanyukov Market Exporter allows Cross Site Request Forgery. This issue affects Market Exporter: from n/a through 2.0.22.
2025-06-06
4.3
CVE-2025-49269

arildur–Read More Login
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in arildur Read More Login allows Stored XSS. This issue affects Read More Login: from n/a through 2.0.3.
2025-06-06
5.9
CVE-2025-28989

Arris–VIP1113
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename.
2025-06-02
6.4
CVE-2025-49162

Arris–VIP1113
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file.
2025-06-02
6.7
CVE-2025-49163

Arris–VIP1113
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.
2025-06-02
4.3
CVE-2025-49164

AssamLook–CMS
A vulnerability, which was classified as critical, has been found in AssamLook CMS 1.0. This issue affects some unknown processing of the file /product.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5430

AssamLook–CMS
A vulnerability, which was classified as critical, was found in AssamLook CMS 1.0. Affected is an unknown function of the file /department-profile.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5431

AssamLook–CMS
A vulnerability has been found in AssamLook CMS 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_tender.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5432

Automattic–Newspack Newsletters
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Automattic Newspack Newsletters allows Phishing. This issue affects Newspack Newsletters: from n/a through 3.13.0.
2025-06-06
4.7
CVE-2025-49325

Axis Communications AB–AXIS OS
A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device.
2025-06-02
4.3
CVE-2025-0325

Baison–Channel Middleware Product
A vulnerability was found in Baison Channel Middleware Product 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file /e3api/api/main/ToJsonByControlName. The manipulation of the argument data leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-03
6.3
CVE-2025-5493

Bastien Ho–Event post
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Bastien Ho Event post allows Stored XSS. This issue affects Event post: from n/a through 5.10.1.
2025-06-06
6.5
CVE-2025-49298

BdThemes–Element Pack Pro
Missing Authorization vulnerability in BdThemes Element Pack Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a before 8.0.0.
2025-06-05
5.4
CVE-2025-46258

BdThemes–Element Pack Pro
Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0.
2025-06-05
4.3
CVE-2025-46257

Bill Minozzi–WP Tools
Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi WP Tools allows Cross Site Request Forgery. This issue affects WP Tools: from n/a through 5.24.
2025-06-06
4.3
CVE-2025-49273

bitpressadmin–Bit File Manager 100% Free & Open Source File Manager and Code Editor for WordPress
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
2025-06-03
6.4
CVE-2025-1725

Blocksera–Image Hover Effects Block
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Blocksera Image Hover Effects Block allows Stored XSS. This issue affects Image Hover Effects Block: from n/a through 1.4.5.
2025-06-06
6.5
CVE-2025-31025

bobbingwide–oik
Missing Authorization vulnerability in bobbingwide oik allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects oik: from n/a through 4.15.1.
2025-06-06
5.3
CVE-2025-49241

Booqable Rental Software–Booqable Rental
Cross-Site Request Forgery (CSRF) vulnerability in Booqable Rental Software Booqable Rental allows Cross Site Request Forgery. This issue affects Booqable Rental: from n/a through 2.4.20.
2025-06-06
4.3
CVE-2025-30956

brikou–WP Plugin Info Card
The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerid’ parameter in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This issue is due to an incomplete patch for CVE-2025-31835.
2025-06-03
6.4
CVE-2025-5116

Brilliance–Golden Link Secondary System
A vulnerability classified as critical was found in Brilliance Golden Link Secondary System up to 20250424. This vulnerability affects unknown code of the file /storagework/rentChangeCheckInfoPage.htm. The manipulation of the argument clientname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5696

Brilliance–Golden Link Secondary System
A vulnerability, which was classified as critical, has been found in Brilliance Golden Link Secondary System up to 20250424. This issue affects some unknown processing of the file /reprotframework/tcCustDeferPosiQuery.htm. The manipulation of the argument custTradeId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5697

Brilliance–Golden Link Secondary System
A vulnerability, which was classified as critical, was found in Brilliance Golden Link Secondary System up to 20250424. Affected is an unknown function of the file /sysframework/logSelect.htm. The manipulation of the argument nodename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5698

broadly–Broadly for WordPress
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in broadly Broadly for WordPress allows Stored XSS. This issue affects Broadly for WordPress: from n/a through 3.0.2.
2025-06-06
5.9
CVE-2025-30938

BuddyDev–Activity Plus Reloaded for BuddyPress
Missing Authorization vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Activity Plus Reloaded for BuddyPress: from n/a through 1.1.2.
2025-06-06
5.4
CVE-2025-30957

cais–BNS Featured Category
The BNS Featured Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘bnsfc’ shortcode in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-06
6.4
CVE-2025-5538

calebzahnd–ESV Bible Shortcode for WordPress
The ESV Bible Shortcode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘esv’ shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-06
6.4
CVE-2025-5534

catchsquare–WP Social Widget
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in catchsquare WP Social Widget allows Stored XSS. This issue affects WP Social Widget: from n/a through 2.3.
2025-06-06
6.5
CVE-2025-49306

CE-PhoenixCart–PhoenixCart
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner (admin) approves the testimonial, the script executes in the context of any user visiting the testimonial page. Because the session cookies are not marked with the `HttpOnly` flag, they can be exfiltrated by the attacker – potentially leading to account takeover. Version 1.1.0.3 fixes the issue.
2025-06-02
6.3
CVE-2025-47289

CE-PhoenixCart–PhoenixCart
The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with temporary access to an authenticated session (e.g., on a shared/public machine) could permanently delete the user’s account without knowledge of the password. This bypass of re-authentication puts users at risk of account loss and data disruption. Version 1.1.0.3 contains a patch for the issue.
2025-06-02
5.5
CVE-2025-47272

centangle–Direct Checkout for WooCommerce Lite
Missing Authorization vulnerability in centangle Direct Checkout for WooCommerce Lite allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Direct Checkout for WooCommerce Lite: from n/a through 1.0.3.
2025-06-06
5.3
CVE-2025-29006

Chaport Live Chat–WP Live Chat + Chatbots Plugin for WordPress Chaport
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Chaport Live Chat WP Live Chat + Chatbots Plugin for WordPress – Chaport allows Stored XSS. This issue affects WP Live Chat + Chatbots Plugin for WordPress – Chaport: from n/a through 1.1.5.
2025-06-06
5.9
CVE-2025-30977

CHR Designer–YouTube Simple Gallery
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CHR Designer YouTube Simple Gallery allows Stored XSS. This issue affects YouTube Simple Gallery: from n/a through 2.2.0.
2025-06-06
6.5
CVE-2025-29011

Chris McCoy–Bacon Ipsum
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Chris McCoy Bacon Ipsum allows Stored XSS. This issue affects Bacon Ipsum: from n/a through 2.4.
2025-06-06
6.5
CVE-2025-49443

Cimatti Consulting–Contact Forms by Cimatti
Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Cross Site Request Forgery.This issue affects Contact Forms by Cimatti: from n/a through 1.9.8.
2025-06-02
4.3
CVE-2025-49069

Cisco–Cisco Finesse
A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
2025-06-04
6
CVE-2025-20278

Cisco–Cisco Identity Services Engine Software
A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system.
2025-06-04
4.9
CVE-2025-20130

Cisco–Cisco SocialMiner
A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.
2025-06-04
4.3
CVE-2025-20129

Cisco–Cisco ThousandEyes Endpoint Agent
Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These vulnerabilities are due to improper access controls on files that are in the local file system. An attacker could exploit these vulnerabilities by using a symbolic link to perform an agent upgrade that redirects the delete operation of any protected file. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.
2025-06-04
5.3
CVE-2025-20259

Cisco–Cisco Unified Contact Center Express
A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected device.  This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by persuading an authenticated, local user to open a crafted .aef file. A successful exploit could allow the attacker to execute arbitrary code on the host that is running the editor application with the privileges of the user who launched it.
2025-06-04
5.3
CVE-2025-20275

Cisco–Cisco Unified Contact Center Express
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper sanitization of user input to the web-based management interface. An attacker could exploit this vulnerability by submitting a malicious script through the interface. A successful exploit could allow the attacker to conduct a stored XSS attack on the affected system.
2025-06-04
4.8
CVE-2025-20279

Cisco–Cisco Unified Intelligent Contact Management Enterprise
A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
2025-06-04
6.1
CVE-2025-20273

cmoreira–Team Showcase
Missing Authorization vulnerability in cmoreira Team Showcase allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team Showcase: from n/a through n/a.
2025-06-06
4.3
CVE-2025-49248

cmoreira–Team Showcase
Improper Control of Generation of Code (‘Code Injection’) vulnerability in cmoreira Team Showcase allows Code Injection. This issue affects Team Showcase: from n/a through n/a.
2025-06-06
4.3
CVE-2025-49250

cmoreira–Testimonials Showcase
Missing Authorization vulnerability in cmoreira Testimonials Showcase allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Testimonials Showcase: from n/a through 1.9.16.
2025-06-06
4.3
CVE-2025-49246

cmsMinds–Pay with Contact Form 7
Cross-Site Request Forgery (CSRF) vulnerability in cmsMinds Pay with Contact Form 7 allows Cross Site Request Forgery. This issue affects Pay with Contact Form 7: from n/a through 1.0.4.
2025-06-06
5.4
CVE-2025-24772

code-projects–Content Management System
A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument change_to_admin leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5632

code-projects–Content Management System
A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/users.php. The manipulation of the argument delete leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5633

code-projects–Health Center Patient Record Management System
A vulnerability, which was classified as critical, was found in code-projects Health Center Patient Record Management System 1.0. Affected is an unknown function of the file /birthing_record.php. The manipulation of the argument itr_no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
6.3
CVE-2025-5729

code-projects–Laundry System
A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
4.3
CVE-2025-5766

code-projects–Patient Record Management System
A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /sputum_form.php. The manipulation of the argument itr_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5627

code-projects–Patient Record Management System
A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file urinalysis_form.php. The manipulation of the argument urinalysis_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5674

code-projects–Patient Record Management System
A vulnerability, which was classified as critical, was found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file view_hematology.php. The manipulation of the argument itr_no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
6.3
CVE-2025-5762

code-projects–Patient Record Management System
A vulnerability has been found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /birthing.php. The manipulation of the argument itr_no/comp_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
6.3
CVE-2025-5779

code-projects–Patient Record Management System
A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view_dental.php. The manipulation of the argument itr_no leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
6.3
CVE-2025-5780

code-projects–Traffic Offense Reporting System
A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
4.3
CVE-2025-5732

CodeAstro–Real Estate Management System
A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
6.3
CVE-2025-5582

CodeAstro–Real Estate Management System
A vulnerability, which was classified as critical, has been found in CodeAstro Real Estate Management System 1.0. Affected by this issue is some unknown functionality of the file /submitpropertydelete.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
6.3
CVE-2025-5610

CodeAstro–Real Estate Management System
A vulnerability, which was classified as critical, was found in CodeAstro Real Estate Management System 1.0. This affects an unknown part of the file /submitpropertyupdate.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
6.3
CVE-2025-5611

Codehaveli–Bitly URL Shortener
Cross-Site Request Forgery (CSRF) vulnerability in Codehaveli Bitly URL Shortener allows Cross Site Request Forgery. This issue affects Bitly URL Shortener: from n/a through 1.3.3.
2025-06-06
4.3
CVE-2025-30629

codelobster–Responsive Flipbooks
Missing Authorization vulnerability in codelobster Responsive Flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Flipbooks: from n/a through 1.0.
2025-06-06
5.4
CVE-2025-24776

CodeManas–Search with Typesense
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodeManas Search with Typesense allows Stored XSS. This issue affects Search with Typesense: from n/a through 2.0.10.
2025-06-06
6.5
CVE-2025-49304

codepeople–Calculated Fields Form
Cross-Site Request Forgery (CSRF) vulnerability in codepeople Calculated Fields Form allows Cross Site Request Forgery. This issue affects Calculated Fields Form: from n/a through 5.3.58.
2025-06-06
4.3
CVE-2025-49291

codepeople–WP Time Slots Booking Form
Cross-Site Request Forgery (CSRF) vulnerability in codepeople WP Time Slots Booking Form allows Cross Site Request Forgery. This issue affects WP Time Slots Booking Form: from n/a through 1.2.30.
2025-06-06
4.3
CVE-2025-49332

CodeRevolution–Crawlomatic Multisite Scraper Post Generator
Insertion of Sensitive Information Into Sent Data vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator allows Retrieve Embedded Sensitive Data. This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through 2.6.8.2.
2025-06-06
5.3
CVE-2025-49294

CodeRevolution–Crawlomatic Multisite Scraper Post Generator
Missing Authorization vulnerability in CodeRevolution Crawlomatic Multisite Scraper Post Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crawlomatic Multisite Scraper Post Generator: from n/a through 2.6.8.2.
2025-06-06
4.3
CVE-2025-49293

CoolHappy–The Events Calendar Countdown Addon
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CoolHappy The Events Calendar Countdown Addon allows Stored XSS. This issue affects The Events Calendar Countdown Addon: from n/a through 1.4.9.
2025-06-06
6.5
CVE-2025-49311

Cozmoslabs–Profile Builder
Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder allows Phishing. This issue affects Profile Builder: from n/a through 3.13.8.
2025-06-06
4.3
CVE-2025-49292

cozmoslabs–User Profile Builder Beautiful User Registration Forms, User Profiles & User Role Editor
The Profile Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s user_meta and compare shortcodes in all versions up to, and including, 3.13.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-03
6.4
CVE-2025-4671

CRM Perks–WP Gravity Forms Constant Contact Plugin
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin allows Phishing. This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through 1.1.0.
2025-06-06
4.7
CVE-2025-30954

CRM Perks–WP Gravity Forms Salesforce
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in CRM Perks WP Gravity Forms Salesforce allows Phishing. This issue affects WP Gravity Forms Salesforce: from n/a through 1.4.7.
2025-06-06
4.7
CVE-2025-30953

CyberChimps–Responsive Plus
Missing Authorization vulnerability in CyberChimps Responsive Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through 3.2.0.
2025-06-06
5.4
CVE-2025-48335

cyberscorp–WP-Addpub
The WP-Addpub plugin for WordPress is vulnerable to SQL Injection via the ‘wp-addpub’ shortcode in all versions up to, and including, 1.2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2025-06-06
6.5
CVE-2025-5563

D-Link–DCS-932L
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
2025-06-04
6.3
CVE-2025-5571

D-Link–DCS-932L
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
2025-06-04
6.3
CVE-2025-5573

D-Link–DI-500WF-WT
A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub_456DE8 of the file /msp_info.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack can be launched remotely.
2025-06-03
6.3
CVE-2025-5492

DALIBO–PostgreSQL Anonymizer
PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the –insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1
2025-06-04
6.5
CVE-2025-5690

Daman Jeet–Real Time Validation for Gravity Forms
Cross-Site Request Forgery (CSRF) vulnerability in Daman Jeet Real Time Validation for Gravity Forms allows Cross Site Request Forgery.This issue affects Real Time Validation for Gravity Forms: from n/a through 1.7.0.
2025-06-06
4.3
CVE-2025-48328

danieliser–Popup Maker Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder
The Popup Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘popupID’ parameter in all versions up to, and including, 1.20.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-03
6.4
CVE-2025-4205

De paragon–No Spam At All
Missing Authorization vulnerability in De paragon No Spam At All allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects No Spam At All: from n/a through 1.3.
2025-06-06
5.4
CVE-2025-24778

Debashish–IFrame Widget
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Debashish IFrame Widget allows Stored XSS. This issue affects IFrame Widget: from n/a through 4.1.
2025-06-06
5.9
CVE-2025-30939

Deetronix–Booking Ultra Pro
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Deetronix Booking Ultra Pro allows Stored XSS. This issue affects Booking Ultra Pro: from n/a through 1.1.20.
2025-06-06
5.9
CVE-2025-30637

djangoproject–Django
An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
2025-06-05
4
CVE-2025-48432

Dor Zuberi–Slack Notifications by dorzki
Missing Authorization vulnerability in Dor Zuberi Slack Notifications by dorzki allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slack Notifications by dorzki: from n/a through 2.0.7.
2025-06-06
4.3
CVE-2025-30978

Elastic Email–Elastic Email Subscribe Form
Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elastic Email Subscribe Form: from n/a through 1.2.2.
2025-06-06
5.4
CVE-2025-28985

eleopard–Behance Portfolio Manager
Missing Authorization vulnerability in eleopard Behance Portfolio Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Behance Portfolio Manager: from n/a through 1.7.4.
2025-06-06
4.3
CVE-2025-29010

emarket-design–Campus Directory Faculty, Staff & Student Directory Plugin for WordPress
The Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ’emd_mb_meta’ shortcode in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-04
6.4
CVE-2025-5532

emarket-design–Employee Directory Staff Listing & Team Directory Plugin for WordPress
The Employee Directory – Staff Listing & Team Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ’emd_mb_meta’ shortcode in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-04
6.4
CVE-2025-5531

emarket-design–Simple Contact Form Plugin for WordPress WP Easy Contact
The Simple Contact Form Plugin for WordPress – WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ’emd_mb_meta’ shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-04
6.4
CVE-2025-5539

Emraan Cheema–CubeWP All-in-One Dynamic Content Framework
Cross-Site Request Forgery (CSRF) vulnerability in Emraan Cheema CubeWP – All-in-One Dynamic Content Framework allows Cross Site Request Forgery. This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.23.
2025-06-06
4.3
CVE-2025-30994

Erudika–para
Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require logging for debugging or system health purposes. Version 1.50.8 fixes the issue.
2025-06-02
6.2
CVE-2025-48955

Erudika–para
Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in `FacebookAuthFilter.java` results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user’s access token in plain text. Since WARN-level logs are often retained in production and accessible to operators or log aggregation systems, this poses a risk of token exposure. Version 1.50.8 fixes the issue.
2025-06-05
6.2
CVE-2025-49009

esigngenie–Foxit eSign for WordPress
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n/a through 2.0.3.
2025-06-06
5.5
CVE-2025-49419

eskapism–Simple History Track, Log, and Audit WordPress Changes
The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password-related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third-party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user whose actions generate a login event will have their password recorded; an administrator (or anyone with database read access) can then read those logs and retrieve every captured password.
2025-06-06
4.9
CVE-2025-5760

everestthemes–Everest Backup
Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup allows Cross Site Request Forgery. This issue affects Everest Backup: from n/a through 2.3.3.
2025-06-06
4.3
CVE-2025-49238

EXEIdeas International–WP AutoKeyword
Missing Authorization vulnerability in EXEIdeas International WP AutoKeyword allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP AutoKeyword: from n/a through 1.0.
2025-06-06
5.3
CVE-2025-28997

faaiq–Custom Category/Post Type Post order
Missing Authorization vulnerability in faaiq Custom Category/Post Type Post order allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Custom Category/Post Type Post order: from n/a through 1.5.9.
2025-06-06
5.4
CVE-2025-29013

facturaone–TicketBAI Facturas para WooCommerce
Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TicketBAI Facturas para WooCommerce: from n/a through 3.19.
2025-06-06
5.4
CVE-2025-24762

FasterThemes–FastBook
Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook allows Cross Site Request Forgery. This issue affects FastBook: from n/a through 1.1.
2025-06-06
4.3
CVE-2025-26593

FasterXML–jackson-core
Jackson-core contains core low-level incremental (“streaming”) parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core’s `JsonLocation._appendSourceDesc` method allows up to 500 bytes of unintended memory content to be included in exception messages. When parsing JSON from a byte array with an offset and length, the exception message incorrectly reads from the beginning of the array instead of the logical payload start. This results in possible information disclosure in systems using pooled or reused buffers, like Netty or Vert.x. This issue was silently fixed in jackson-core version 2.13.0, released on September 30, 2021, via PR #652. All users should upgrade to version 2.13.0 or later. If upgrading is not immediately possible, applications can mitigate the issue by disabling exception message exposure to clients to avoid returning parsing exception messages in HTTP responses and/or disabling source inclusion in exceptions to prevent Jackson from embedding any source content in exception messages, avoiding leakage.
2025-06-06
4
CVE-2025-49128

Fengoffice–Feng Office
A vulnerability was found in Fengoffice Feng Office 3.5.1.5 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php?c=account&a=set_timezone. The manipulation of the argument tz_offset leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5433

FLIR–AX8
A vulnerability classified as critical has been found in FLIR AX8 up to 1.46.16. This affects the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscriptions.php of the component Backend. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.55.16 is able to address this issue. It is recommended to upgrade the affected component.
2025-06-05
4.7
CVE-2025-5695

fraudlabspro–FraudLabs Pro for WooCommerce
Missing Authorization vulnerability in fraudlabspro FraudLabs Pro for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FraudLabs Pro for WooCommerce: from n/a through 2.22.11.
2025-06-06
5.3
CVE-2025-49320

FreshRSS–FreshRSS
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it’s possible to run arbitrary JavaScript on the feeds page. This occurs by combining a cross-site scripting (XSS) issue that occurs in `f.php` when SVG favicons are downloaded from an attacker-controlled feed containing `<script>` tags inside of them that aren’t sanitized, with the lack of CSP in `f.php` by embedding the malicious favicon in an iframe (that has `sandbox=”allow-scripts allow-same-origin”` set as its attribute). An attacker needs to control one of the feeds that the victim is subscribed to, and also must have an account on the FreshRSS instance. Other than that, the iframe payload can be embedded as one of two options. The first payload requires user interaction (the user clicking on the malicious feed entry) with default user configuration, and the second payload fires instantly right after the user adds the feed or logs into the account while the feed entry is still visible. This is because of lazy image loading functionality, which the second payload bypasses. An attacker can gain access to the victim’s account by exploiting this vulnerability. If the victim is an admin it would be possible to delete all users (cause damage) or execute arbitrary code on the server by modifying the update URL using fetch() via the XSS. Version 1.26.2 has a patch for the issue.
2025-06-04
6.7
CVE-2025-31136

FreshRSS–FreshRSS
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `<iframe srcdoc>` attribute, which leads to cross-site scripting (XSS) by loading an attacker’s UserJS inside `<script src>`. In order to execute the attack, the attacker needs to control one of the victim’s feeds and have an account on the FreshRSS instance that the victim is using. An attacker can gain access to the victim’s account by exploiting this vulnerability. If the victim is an admin it would be possible to delete all users (cause damage) or execute arbitrary code on the server by modifying the update URL using fetch() via the XSS. Version 1.26.2 contains a patch for the issue.
2025-06-04
6.7
CVE-2025-32015

FreshRSS–FreshRSS
FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue.
2025-06-04
4.3
CVE-2025-31482

FreshRSS–FreshRSS
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it’s possible to poison feed favicons by adding a given URL as a feed with the proxy set to an attacker-controlled one and disabled SSL verifying. The favicon hash is computed by hashing the feed URL and the salt, whilst not including the following variables: proxy address, proxy protocol, and whether SSL should be verified. Therefore it’s possible to poison a favicon of a given feed by simply intercepting the response of the feed, and changing the website URL to one where a threat actor controls the feed favicon. Feed favicons can be replaced for all users by anyone. Version 1.26.2 fixes the issue.
2025-06-04
4.3
CVE-2025-46339

frold–Runners Log
The Runners Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘runnerslog’ shortcode in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-06
6.4
CVE-2025-5541

froxlor–Froxlor
Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue.
2025-06-02
5.5
CVE-2025-48958

Giraphix Creative–Layouts for Elementor
Cross-Site Request Forgery (CSRF) vulnerability in Giraphix Creative Layouts for Elementor allows Cross Site Request Forgery. This issue affects Layouts for Elementor: from n/a through 1.11.
2025-06-06
4.3
CVE-2025-30948

Google–AngularJS
Improper sanitization of the value of the ‘href’ and ‘xlink:href’ attributes in ‘<image>’ SVG elements in AngularJS’s ‘ngSanitize’ module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing and also negatively affect the application’s performance and behavior by using too large or slow-to-load images. This issue affects AngularJS versions greater than or equal to 1.3.1. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
2025-06-04
4.8
CVE-2025-2336

Grafana–Grafana
This vulnerability in Grafana’s datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily affects datasources that implement route-specific permissions, including Alertmanager and certain Prometheus-based datasources.
2025-06-02
5
CVE-2025-3454

gsaraiva–Developer Formatter
The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
2025-06-06
5.5
CVE-2025-5699

hanhdo205–Bang tinh vay
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in hanhdo205 Bang tinh vay allows Stored XSS. This issue affects Bang tinh vay: from n/a through 1.0.1.
2025-06-06
5.9
CVE-2023-26000

Hasina77–Wp Easy Allopass
Cross-Site Request Forgery (CSRF) vulnerability in Hasina77 Wp Easy Allopass allows Cross Site Request Forgery. This issue affects Wp Easy Allopass: from n/a through 4.1.1.
2025-06-06
4.3
CVE-2025-49435

haxtheweb–issues
HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the `haxPsuUsage` API endpoint, related to a flat present in open-apis versions up to and including 10.0.2. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. When chained with other authorization issues (e.g., HAX-3), this could assist in targeted attacks such as unauthorized content modification or deletion. Commit 06c2e1fbb7131a8fe66aa0600f38dcacae6b7ac7 patches the vulnerability.
2025-06-02
5.3
CVE-2025-48996

heateor–Social Sharing Plugin Sassy Social Share
The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.75 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action, such as clicking on a link.
2025-06-07
6.1
CVE-2025-5528

Hewlett Packard Enterprise (HPE)–HPE StoreOnce Software
A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.
2025-06-02
5.5
CVE-2025-37094

High-Logic–FontCreator
An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability.
2025-06-02
6.5
CVE-2025-20001

himmelblau-idm–himmelblau
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using group display names instead of object IDs. Starting in version 0.9.0, Himmelblau introduced support for specifying group names in the `pam_allow_groups` configuration option. However, Microsoft Entra ID permits the creation of multiple groups with the same `displayName` via the Microsoft Graph API-even by non-admin users, depending on tenant settings. As a result, a user could create a personal group with the same name as a legitimate access group (e.g., `”Allow-Linux-Login”`), add themselves to it, and be granted authentication or `sudo` rights by Himmelblau. Because affected Himmelblau versions compare group names by either `displayName` or by the immutable `objectId`, this allows bypassing access control mechanisms intended to restrict login to members of official, centrally-managed groups. This issue is fixed in Himmelblau version **0.9.15** and later. In these versions, group name matching in `pam_allow_groups` has been deprecated and removed, and only group `objectId`s (GUIDs) may be specified for secure group-based filtering. To mitigate the issue without upgrading, replace all entries in `pam_allow_groups` with the objectId of the target Entra ID group(s) and/or audit your tenant for groups with duplicate display names using the Microsoft Graph API.
2025-06-05
5.4
CVE-2025-49012

hivesupport–Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress
The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the hs_update_ai_chat_settings() function. This makes it possible for unauthenticated attackers to reconfigure the plugin’s AI/chat settings (including API keys) and to potentially redirect notifications or leak data to attacker-controlled endpoints via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2025-06-06
5.4
CVE-2025-5019

hk1993–WP Online Users Stats
The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hk_dataset_results() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2025-06-06
6.1
CVE-2025-4966

hk1993–WP Online Users Stats
The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘table_name’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2025-06-06
4.9
CVE-2025-4964

HT Plugins–HT Team Member
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in HT Plugins HT Team Member allows Stored XSS. This issue affects HT Team Member: from n/a through 1.1.7.
2025-06-06
6.5
CVE-2025-49309

Huawei–EG8141A5
Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-V2 devices through V5R021C00S184 allow the Epuser account to disable ONT firewall functionality, e.g., to remove the default blocking of the SSH and TELNET TCP ports, aka HWNO-56Q3.
2025-06-06
4.1
CVE-2025-49599

Huawei–HarmonyOS
Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability.
2025-06-06
6.6
CVE-2025-48902

Huawei–HarmonyOS
Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability.
2025-06-06
6.2
CVE-2025-48907

Huawei–HarmonyOS
Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability.
2025-06-06
6.7
CVE-2025-48908

Huawei–HarmonyOS
Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability.
2025-06-06
5.5
CVE-2025-48910

Huawei–HarmonyOS
Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
2025-06-06
4
CVE-2024-58114

Huawei–HarmonyOS
Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability.
2025-06-06
4.4
CVE-2025-48904

IBM–Application Gateway
IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.
2025-06-03
5.5
CVE-2024-45655

IBM–QRadar Suite Software
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input.
2025-06-03
6.5
CVE-2025-25020

IBM–QRadar Suite Software
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 allows web pages to be stored locally which can be read by another user on the system.
2025-06-03
4
CVE-2025-1334

IBM–QRadar Suite Software
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system.
2025-06-03
4.8
CVE-2025-25019

IBM–Security Verify Governance
IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
2025-06-06
5.9
CVE-2024-22330

IBM–Verify Identity Access Digital Credentials
IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
2025-06-06
4.3
CVE-2024-56342

IBM–Verify Identity Access Digital Credentials
IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request.
2025-06-06
4.3
CVE-2024-56343

impleCode–Product Catalog Simple
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in impleCode Product Catalog Simple allows Stored XSS. This issue affects Product Catalog Simple: from n/a through 1.8.1.
2025-06-06
6.5
CVE-2025-49305

IWEBIX–WP Featured Content Slider
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in IWEBIX WP Featured Content Slider allows Stored XSS. This issue affects WP Featured Content Slider: from n/a through 2.6.
2025-06-06
5.9
CVE-2025-30634

jason-lau–Hide It
The Hide It plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘hideit’ shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-06
6.4
CVE-2025-5565

jokerbr313–Advanced Post List
Cross-Site Request Forgery (CSRF) vulnerability in jokerbr313 Advanced Post List allows Cross Site Request Forgery. This issue affects Advanced Post List: from n/a through 0.5.6.2.
2025-06-06
5.4
CVE-2025-30968

Jonathan Lau–CubePoints
Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Lau CubePoints allows Cross Site Request Forgery. This issue affects CubePoints: from n/a through 3.2.1.
2025-06-06
4.3
CVE-2025-28952

Jrohy–trojan
A vulnerability was found in Jrohy trojan up to 2.15.3. It has been declared as critical. This vulnerability affects the function LogChan of the file trojan/util/linux.go. The manipulation of the argument c leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
2025-06-03
5.6
CVE-2025-5525

juzaweb–CMS
A vulnerability, which was classified as critical, has been found in juzaweb CMS up to 3.4.2. Affected by this issue is some unknown functionality of the file /admin-cp/plugin/editor of the component Plugin Editor Page. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5421

juzaweb–CMS
A vulnerability has been found in juzaweb CMS up to 3.4.2 and classified as critical. This vulnerability affects unknown code of the file /admin-cp/setting/system/general of the component General Setting Page. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5423

juzaweb–CMS
A vulnerability was found in juzaweb CMS up to 3.4.2 and classified as critical. This issue affects some unknown processing of the file /admin-cp/media of the component Media Page. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5424

juzaweb–CMS
A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as critical. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor Page. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5425

juzaweb–CMS
A vulnerability was found in juzaweb CMS up to 3.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-cp/menus of the component Menu Page. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5426

juzaweb–CMS
A vulnerability was found in juzaweb CMS up to 3.4.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin-cp/permalinks of the component Permalinks Page. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5427

juzaweb–CMS
A vulnerability classified as critical has been found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/log-viewer of the component Error Logs Page. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5428

juzaweb–CMS
A vulnerability classified as critical was found in juzaweb CMS up to 3.4.2. This vulnerability affects unknown code of the file /admin-cp/plugin/install of the component Plugins Page. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5429

juzaweb–CMS
A vulnerability, which was classified as problematic, was found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/logs/email of the component Email Logs Page. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
4.3
CVE-2025-5422

kro.run–kro
kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro’s controllers deploy and run attacker-controlled images, resulting in unauthenticated remote code execution on cluster nodes.
2025-06-04
4.1
CVE-2025-48710

Linksys–RE6500
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS of the file /goform/WPS. The manipulation of the argument PIN leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5438

Linksys–RE6500
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the argument uid/accessToken leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5439

Linksys–RE6500
A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5440

Linksys–RE6500
A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5441

Linksys–RE6500
A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ip/nm/gw leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5442

Linksys–RE6500
A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the argument ExtChSelector/24GSelector/5GSelector leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5443

Linksys–RE6500
A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5444

Linksys–RE6500
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5445

Linksys–RE6500
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5446

Linksys–RE6500
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
6.3
CVE-2025-5447

M A Vinoth Kumar–Frontend Dashboard
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in M A Vinoth Kumar Frontend Dashboard allows Stored XSS. This issue affects Frontend Dashboard: from n/a through 2.2.8.
2025-06-06
6.5
CVE-2025-49310

Mage people team–Booking and Rental Manager
Missing Authorization vulnerability in Mage people team Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through 2.3.8.
2025-06-02
6.5
CVE-2025-47585

magepeopleteam–Event Manager and Tickets Selling Plugin for WooCommerce WpEvently WordPress Plugin
The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-07
6.4
CVE-2025-5568

malcolm-oph–StageShow
The StageShow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘anchor’ parameter in all versions up to, and including, 10.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-06
6.4
CVE-2025-5703

Marchetti Design–Next Event Calendar
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Marchetti Design Next Event Calendar allows Stored XSS. This issue affects Next Event Calendar: from n/a through 1.2.
2025-06-06
5.9
CVE-2023-26001

Mario Peshev–WP-CRM System
Missing Authorization vulnerability in Mario Peshev WP-CRM System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-CRM System: from n/a through 3.4.2.
2025-06-06
5.3
CVE-2025-49270

mariusz88atelierweb–Atelier Create CV
Cross-Site Request Forgery (CSRF) vulnerability in mariusz88atelierweb Atelier Create CV allows Cross Site Request Forgery. This issue affects Atelier Create CV: from n/a through 1.1.2.
2025-06-06
4.3
CVE-2025-49439

Marvie Pons–Pinterest Verify Meta Tag
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Marvie Pons Pinterest Verify Meta Tag allows Stored XSS. This issue affects Pinterest Verify Meta Tag: from n/a through 1.3.
2025-06-06
5.9
CVE-2025-30941

Matt Pramschufer–AppBanners
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Matt Pramschufer AppBanners allows Stored XSS. This issue affects AppBanners: from n/a through 1.5.14.
2025-06-06
5.9
CVE-2025-30625

Matthias Nordwig–Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant
Cross-Site Request Forgery (CSRF) vulnerability in Matthias Nordwig Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant allows Cross Site Request Forgery. This issue affects Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant: from n/a through 4.1.1.
2025-06-06
4.3
CVE-2025-49283

mcitar–Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms
The Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.7. This is due to missing or incorrect nonce validation in the ‘ss_option_maint.php’ and ‘ss_user_filter_list’ files. This makes it possible for unauthenticated attackers to delete pending comments, and re-enable a previously blocked user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
2025-06-06
5.4
CVE-2025-2935

melipayamak–Melipayamak
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in melipayamak Melipayamak allows Stored XSS. This issue affects Melipayamak: from n/a through 2.2.12.
2025-06-06
5.9
CVE-2025-30940

mhallmann–SEPA Girocode
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in mhallmann SEPA Girocode allows Stored XSS. This issue affects SEPA Girocode: from n/a through 0.5.1.
2025-06-06
6.5
CVE-2025-49450

Michael Cannon–Custom Bulk/Quick Edit
Cross-Site Request Forgery (CSRF) vulnerability in Michael Cannon Custom Bulk/Quick Edit allows Cross Site Request Forgery. This issue affects Custom Bulk/Quick Edit: from n/a through 1.6.10.
2025-06-06
4.3
CVE-2025-30946

Miguel Fuentes–Payment QR WooCommerce
Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payment QR WooCommerce: from n/a through 1.1.6.
2025-06-06
5.3
CVE-2025-31000

minhlaobao–Admin Notes
Cross-Site Request Forgery (CSRF) vulnerability in minhlaobao Admin Notes allows Cross Site Request Forgery. This issue affects Admin Notes: from n/a through 1.1.
2025-06-06
4.3
CVE-2025-49446

Mostafa Shahiri–Simple Nested Menu
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Mostafa Shahiri Simple Nested Menu allows Stored XSS. This issue affects Simple Nested Menu: from n/a through 1.0.
2025-06-06
6.5
CVE-2025-49442

Multilaser–Sirius RE016
A vulnerability was found in Multilaser Sirius RE016 MLT1.0. It has been rated as problematic. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
5.3
CVE-2025-5436

Multilaser–Sirius RE016
A vulnerability classified as critical has been found in Multilaser Sirius RE016 MLT1.0. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
5.3
CVE-2025-5437

mva7–The Holiday Calendar
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in mva7 The Holiday Calendar allows Stored XSS. This issue affects The Holiday Calendar: from n/a through 1.18.2.1.
2025-06-06
6.5
CVE-2025-29003

mybb–mybb
MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which allows attackers to determine the existence of hidden (draft, unapproved, or soft-deleted) threads containing specified text in the title. The visibility state (`mybb_threads.visible` integer column) of threads is not validated in internal search queries, whose result is used to output a general success or failure of the search. While MyBB validates permissions when displaying the final search results, a search operation that internally produces at least one result outputs a redirect response (as a HTTP redirect, or a success message page with delayed redirect, depending on configuration). On the other hand, a search operation that internally produces no results outputs a corresponding message in the response without a redirect. This allows a user to determine whether threads matching title search parameters exist, including draft threads (`visible` with a value of `-2`), soft-deleted threads (`visible` with a value of `-1`), and unapproved threads (`visible` with a value of `0`); in addition to displaying generally visible threads (`visible` with a value of `1`). This vulnerability does not affect other layers of permissions. In order to exploit the vulnerability, the user must have access to the search functionality, and general access to forums containing the thread(s). The vulnerability does not expose the message content of posts. MyBB 1.8.39 resolves this issue.
2025-06-02
5.3
CVE-2025-48941

n/a–ChestnutCMS
A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
6.3
CVE-2025-5552

n/a–IdeaCMS
A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is able to address this issue. The patch is named 935aceb4c21338633de6d41e13332f7b9db4fa6a. It is recommended to upgrade the affected component.
2025-06-04
6.3
CVE-2025-5569

n/a–Open5GS
A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2daa44adab762c47a8cef69cc984946973a845b3. It is recommended to apply a patch to fix this issue.
2025-06-03
5.3
CVE-2025-5501

n/a–Open5GS
A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmm_state_authentication/emm_state_authentication of the component AMF/MME. The manipulation leads to reachable assertion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 9f5d133657850e6167231527514ee1364d37a884. It is recommended to apply a patch to fix this issue. This is a different issue than CVE-2025-1893.
2025-06-03
5.3
CVE-2025-5520

NasaTheme–Nasa Core
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NasaTheme Nasa Core allows Stored XSS.This issue affects Nasa Core: from n/a before 6.4.1.
2025-06-06
6.5
CVE-2025-49067

ngel C.–Simple Google Static Map
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ãngel C. Simple Google Static Map allows DOM-Based XSS. This issue affects Simple Google Static Map: from n/a through 1.0.1.
2025-06-06
6.5
CVE-2025-27334

NickDuncan–Contact Form
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NickDuncan Contact Form allows DOM-Based XSS. This issue affects Contact Form: from n/a through 2.0.12.
2025-06-06
6.5
CVE-2025-30935

nK–DocsPress
Missing Authorization vulnerability in nK DocsPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DocsPress: from n/a through 2.5.2.
2025-06-06
4.3
CVE-2025-49240

NTC–WP Page Loading
Cross-Site Request Forgery (CSRF) vulnerability in NTC WP Page Loading allows Cross Site Request Forgery. This issue affects WP Page Loading: from n/a through 1.0.6.
2025-06-06
4.3
CVE-2025-49317

OceanWP–Ocean Extra
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.4.8.
2025-06-06
6.5
CVE-2025-49068

OLIVESYSTEM–
Missing Authorization vulnerability in OLIVESYSTEM è¨ºæ–ã‚¸ã‚§ãƒãƒ¬ãƒ¼ã‚¿ä½œæˆãƒ—ãƒ©ã‚°ã‚¤ãƒ³ allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects è¨ºæ–ã‚¸ã‚§ãƒãƒ¬ãƒ¼ã‚¿ä½œæˆãƒ—ãƒ©ã‚°ã‚¤ãƒ³: from n/a through 1.4.16.
2025-06-06
5.3
CVE-2025-30934

onOffice GmbH–onOffice for WP-Websites
Missing Authorization vulnerability in onOffice GmbH onOffice for WP-Websites allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects onOffice for WP-Websites: from n/a through 5.7.
2025-06-06
5.4
CVE-2025-30958

OpenHarmony–OpenHarmony
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
2025-06-08
6.1
CVE-2025-27131

OpenHarmony–OpenHarmony
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.
2025-06-08
5.5
CVE-2025-24493

OpenHarmony–OpenHarmony
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
2025-06-08
5.5
CVE-2025-26691

OpenHarmony–OpenHarmony
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
2025-06-08
5.5
CVE-2025-27247

OTWthemes–Post Custom Templates Lite
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in OTWthemes Post Custom Templates Lite allows Stored XSS. This issue affects Post Custom Templates Lite: from n/a through 1.14.
2025-06-06
5.9
CVE-2025-30942

ovatheme–BRW
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ovatheme BRW allows Stored XSS. This issue affects BRW: from n/a through 1.8.6.
2025-06-06
6.5
CVE-2025-49314

Pascal Casier–bbPress API
Missing Authorization vulnerability in Pascal Casier bbPress API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects bbPress API: from n/a through 1.0.14.
2025-06-06
5.3
CVE-2025-24763

PHPGurukul–BP Monitoring Management System
A vulnerability, which was classified as critical, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file /edit-family-member.php. The manipulation of the argument memberage leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
6.3
CVE-2025-5761

PHPGurukul–Complaint Management System
A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function of the file /admin/between-date-complaintreport.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5652

PHPGurukul–Complaint Management System
A vulnerability has been found in PHPGurukul Complaint Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/between-date-userreport.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5653

PHPGurukul–Complaint Management System
A vulnerability was found in PHPGurukul Complaint Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-state.php. The manipulation of the argument description leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5654

PHPGurukul–Complaint Management System
A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument subcategory leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5655

PHPGurukul–Complaint Management System
A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-category.php. The manipulation of the argument description leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5656

PHPGurukul–Complaint Management System
A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument uid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5657

PHPGurukul–Complaint Management System
A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function of the file /admin/updatecomplaint.php. The manipulation of the argument Status leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5658

PHPGurukul–Complaint Management System
A vulnerability classified as critical was found in PHPGurukul Complaint Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /user/profile.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5659

PHPGurukul–Complaint Management System
A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 2.0. Affected by this issue is some unknown functionality of the file /user/register-complaint.php. The manipulation of the argument noc leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5660

PHPGurukul–Daily Expense Tracker System
A vulnerability classified as critical was found in PHPGurukul Daily Expense Tracker System 1.1. This vulnerability affects unknown code of the file /expense-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-03
6.3
CVE-2025-5546

PHPGurukul–Employee Record Management System
A vulnerability, which was classified as critical, has been found in PHPGurukul Employee Record Management System 1.3. Affected by this issue is some unknown functionality of the file /resetpassword.php. The manipulation of the argument newpassword leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
6.3
CVE-2025-5782

PHPGurukul–Employee Record Management System
A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. This affects an unknown part of the file /editmyexp.php. The manipulation of the argument emp3workduration leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
6.3
CVE-2025-5783

PHPGurukul–Employee Record Management System
A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This vulnerability affects unknown code of the file /myexp.php. The manipulation of the argument emp3ctc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
6.3
CVE-2025-5784

PHPGurukul–Employee Record Management System
A vulnerability classified as critical has been found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file /admin/allemployees.php. The manipulation of the argument delid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-07
6.3
CVE-2025-5837

PHPGurukul–Employee Record Management System
A vulnerability classified as critical was found in PHPGurukul Employee Record Management System 1.3. Affected by this vulnerability is an unknown functionality of the file /admin/adminprofile.php. The manipulation of the argument AdminName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-07
6.3
CVE-2025-5838

PHPGurukul–Human Metapneumovirus Testing Management System
A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5693

PHPGurukul–Human Metapneumovirus Testing Management System
A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5694

PHPGurukul–Medical Card Generation System
A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/readenq.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5668

PHPGurukul–Medical Card Generation System
A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0. This vulnerability affects unknown code of the file /admin/unreadenq.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5669

PHPGurukul–Medical Card Generation System
A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/manage-card.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5670

PHPGurukul–Notice Board System
A vulnerability classified as critical has been found in PHPGurukul Notice Board System 1.0. This affects an unknown part of the file /search-notice.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
6.3
CVE-2025-5566

PHPGurukul–Notice Board System
A vulnerability has been found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
2025-06-05
6.3
CVE-2025-5638

PHPGurukul–Online Fire Reporting System
A vulnerability has been found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This vulnerability affects unknown code of the file /reporting.php. The manipulation of the argument fullname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
2025-06-04
6.3
CVE-2025-5612

PHPGurukul–Online Fire Reporting System
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This issue affects some unknown processing of the file /request-details.php. The manipulation of the argument requestid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
6.3
CVE-2025-5613

PHPGurukul–Online Fire Reporting System
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
6.3
CVE-2025-5614

PHPGurukul–Online Fire Reporting System
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /details.php. The manipulation of the argument requestid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
6.3
CVE-2025-5615

PHPGurukul–Online Fire Reporting System
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
2025-06-04
6.3
CVE-2025-5616

PHPGurukul–Online Fire Reporting System
A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown part of the file /admin/manage-teams.php. The manipulation of the argument teamid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
6.3
CVE-2025-5617

PHPGurukul–Online Fire Reporting System
A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. This vulnerability affects unknown code of the file /admin/edit-team.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
6.3
CVE-2025-5618

PHPGurukul–Rail Pass Management System
A vulnerability, which was classified as critical, has been found in PHPGurukul Rail Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pass-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
6.3
CVE-2025-5554

PHPGurukul–Teacher Subject Allocation Management System
A vulnerability, which was classified as critical, was found in PHPGurukul Teacher Subject Allocation Management System 1.0. This affects an unknown part of the file /admin/edit-teacher-info.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
6.3
CVE-2025-5556

PHPGurukul–Teacher Subject Allocation Management System
A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-course.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
6.3
CVE-2025-5557

PHPGurukul–Teacher Subject Allocation Management System
A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
6.3
CVE-2025-5558

PickPlugins–Job Board Manager
Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Job Board Manager: from n/a through 2.1.60.
2025-06-06
5.3
CVE-2025-49324

PickPlugins–Wishlist
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PickPlugins Wishlist allows Stored XSS.This issue affects Wishlist: from n/a through 1.0.43.
2025-06-06
6.5
CVE-2025-49075

POSIMYTH Innovations–The Plus Addons for Elementor Page Builder Lite
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in POSIMYTH Innovations The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 6.2.7.
2025-06-06
6.5
CVE-2025-49076

PowieT–Powie’s Uptime Robot
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PowieT Powie’s Uptime Robot allows Stored XSS. This issue affects Powie’s Uptime Robot: from n/a through 0.9.7.
2025-06-06
5.9
CVE-2025-30638

pozzad–Global Translator
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in pozzad Global Translator allows Stored XSS. This issue affects Global Translator: from n/a through 2.0.2.
2025-06-06
5.9
CVE-2025-30630

pozzad–Global Translator
Cross-Site Request Forgery (CSRF) vulnerability in pozzad Global Translator allows Cross Site Request Forgery. This issue affects Global Translator: from n/a through 2.0.2.
2025-06-06
5.4
CVE-2025-30632

Python Software Foundation–CPython
Allows modifying some file metadata (e.g. last modified) with filter=”data” or file permissions (chmod) with filter=”tar” of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of “data” or “tar”. See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don’t include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from “no filtering” to `”data”, so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it’s important to avoid installing source distributions with suspicious links.
2025-06-03
5.3
CVE-2024-12718

Qualcomm, Inc.–Snapdragon
Memory corruption may occur while processing voice call registration with user.
2025-06-03
6.6
CVE-2024-53013

Qualcomm, Inc.–Snapdragon
Memory corruption while processing IOCTL command to handle buffers associated with a session.
2025-06-03
6.6
CVE-2024-53015

Qualcomm, Inc.–Snapdragon
Memory corruption while processing I2C settings in Camera driver.
2025-06-03
6.6
CVE-2024-53016

Qualcomm, Inc.–Snapdragon
Memory corruption while handling test pattern generator IOCTL command.
2025-06-03
6.6
CVE-2024-53017

Qualcomm, Inc.–Snapdragon
Memory corruption may occur while processing the OIS packet parser.
2025-06-03
6.6
CVE-2024-53018

quequnlong–shiyi-blog
A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-03
6.3
CVE-2025-5509

quequnlong–shiyi-blog
A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-03
6.3
CVE-2025-5510

quequnlong–shiyi-blog
A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-03
5.3
CVE-2025-5511

QuickcabWP–QuickCab
Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.
2025-06-06
5.3
CVE-2025-48337

raychat–Raychat
Missing Authorization vulnerability in raychat Raychat allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Raychat: from n/a through 2.1.0.
2025-06-06
5.3
CVE-2025-49236

Red Hat–Red Hat
A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.
2025-06-06
6.6
CVE-2025-0620

regolithsjk–Elegant Visitor Counter
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in regolithsjk Elegant Visitor Counter allows Stored XSS. This issue affects Elegant Visitor Counter: from n/a through 3.1.
2025-06-06
5.9
CVE-2025-30627

rjarry–aerc
aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,
2025-06-05
5.8
CVE-2025-49466

Rometheme–RTMKit Addons for Elementor
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Rometheme RTMKit Addons for Elementor allows Stored XSS. This issue affects RTMKit Addons for Elementor: from n/a through 1.6.0.
2025-06-06
6.5
CVE-2025-49235

rsemeteys–Freemind Viewer
The Freemind Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘freemind’ shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-06
6.4
CVE-2025-5536

Rustaurius–Ultimate WP Mail
Missing Authorization vulnerability in Rustaurius Ultimate WP Mail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate WP Mail: from n/a through 1.3.5.
2025-06-06
4.3
CVE-2025-49288

Ryan Burnette–Abbie Expander
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ryan Burnette Abbie Expander allows Stored XSS. This issue affects Abbie Expander: from n/a through 1.0.1.
2025-06-06
6.5
CVE-2025-49427

Ryan Burnette–Video Embeds
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ryan Burnette Video Embeds allows Stored XSS. This issue affects Video Embeds: from n/a through 0.1.1.
2025-06-06
6.5
CVE-2025-49429

Samsung Mobile–Samsung Internet
Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files.
2025-06-04
4.5
CVE-2025-20994

Samsung Mobile–Samsung Internet
Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to read and write arbitrary files.
2025-06-04
4.9
CVE-2025-20995

Samsung Mobile–Samsung Mobile Devices
Improper access control in AudioService prior to SMR Jun-2025 Release 1 allows local attackers to access sensitive information.
2025-06-04
6.2
CVE-2025-20981

Samsung Mobile–Samsung Mobile Devices
Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch.
2025-06-04
6.8
CVE-2025-20984

Samsung Mobile–Samsung Mobile Devices
Improper privilege management in ThemeManager prior to SMR Jun-2025 Release 1 allows local privileged attackers to reuse trial items.
2025-06-04
5.5
CVE-2025-20985

Samsung Mobile–Samsung Mobile Devices
Improper access control in ScreenCapture for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to take screenshots.
2025-06-04
5.5
CVE-2025-20986

Samsung Mobile–Samsung Mobile Devices
Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a auth_token.
2025-06-04
5.2
CVE-2025-20987

Samsung Mobile–Samsung Mobile Devices
Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.
2025-06-04
5.5
CVE-2025-20988

Samsung Mobile–Samsung Mobile Devices
Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmac_key.
2025-06-04
5.2
CVE-2025-20989

Samsung Mobile–Samsung Mobile Devices
Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable.
2025-06-04
4
CVE-2025-20991

Samsung Mobile–Samsung Mobile Devices
Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory.
2025-06-04
4
CVE-2025-20992

Samsung Mobile–Samsung Mobile Devices
Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory.
2025-06-04
4
CVE-2025-20993

Samsung Mobile–Smart Switch
Improper authorization in Smart Switch installed on non-Samsung Device prior to version 3.7.64.10 allows local attackers to read data with the privilege of Smart Switch. User interaction is required for triggering this vulnerability.
2025-06-04
5
CVE-2025-20996

SeaTheme–Art Theme
The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the ‘arttheme_theme_option_restore’ AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the theme option.
2025-06-06
4.3
CVE-2025-1778

SeaTheme–BM Content Builder
The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘ux_cb_page_options_save’ function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-06
6.4
CVE-2025-1777

SeedProd–404 Page by SeedProd
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/a through n/a.
2025-06-06
5.9
CVE-2025-49322

Seerox–WP Media File Type Manager
Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager allows Cross Site Request Forgery. This issue affects WP Media File Type Manager: from n/a through 2.3.0.
2025-06-06
4.3
CVE-2025-27359

sergiotrinity–Trinity Audio
Missing Authorization vulnerability in sergiotrinity Trinity Audio allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Trinity Audio: from n/a through 5.20.0.
2025-06-06
4.3
CVE-2025-49272

sevenspark–Bellows Accordion Menu
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sevenspark Bellows Accordion Menu allows Stored XSS. This issue affects Bellows Accordion Menu: from n/a through 1.4.3.
2025-06-06
6.5
CVE-2025-49242

sevenspark–ShiftNav Responsive Mobile Menu
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sevenspark ShiftNav – Responsive Mobile Menu allows Stored XSS. This issue affects ShiftNav – Responsive Mobile Menu: from n/a through 1.8.
2025-06-06
6.5
CVE-2025-49243

Shahjada–Premium Packages
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Shahjada Premium Packages allows Stored XSS. This issue affects Premium Packages: from n/a through 6.0.2.
2025-06-06
6.5
CVE-2025-30991

Shamil Shafeev–Â« DaData.ru
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Shamil Shafeev Â«ÐŸÐ¾Ð´ÑÐºÐ°Ð·ÐºÐ¸Â» Ð¾Ñ‚ DaData.ru allows Stored XSS. This issue affects Â«ÐŸÐ¾Ð´ÑÐºÐ°Ð·ÐºÐ¸Â» Ð¾Ñ‚ DaData.ru: from n/a through 1.0.6.
2025-06-06
5.9
CVE-2025-30931

ShawonPro–SocialMark
Server-Side Request Forgery (SSRF) vulnerability in ShawonPro SocialMark allows Server Side Request Forgery. This issue affects SocialMark: from n/a through 2.0.7.
2025-06-06
4.9
CVE-2025-29008

Shenzhen Dashi Tongzhou Information Technology–AgileBPM
A vulnerability classified as critical has been found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected is the function parseStrByFreeMarker of the file /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. The manipulation of the argument str leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5679

Shenzhen Dashi Tongzhou Information Technology–AgileBPM
A vulnerability classified as critical was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected by this vulnerability is the function executeScript of the file /src/main/java/com/dstz/sys/rest/controller/SysScriptController.java of the component Groovy Script Handler. The manipulation of the argument script leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
6.3
CVE-2025-5680

slackero–phpwcms
A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been declared as critical. This vulnerability affects unknown code of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. The manipulation of the argument cnt_text leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component.
2025-06-03
6.3
CVE-2025-5497

slackero–phpwcms
A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the function file_get_contents/is_file of the file include/inc_lib/content/cnt21.readform.inc.php of the component Custom Source Tab. The manipulation of the argument cpage_custom leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component.
2025-06-03
5.5
CVE-2025-5498

SmartDataSoft–Car Repair Services
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car Repair Services allows Server Side Request Forgery. This issue affects Car Repair Services: from n/a through 5.0.
2025-06-06
5.4
CVE-2025-30997

smartwpress–Music Player for Elementor Audio Player & Podcast Player
The Music Player for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘album_buy_url’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-03
6.4
CVE-2025-5340

Soft8Soft LLC–Verge3D
Missing Authorization vulnerability in Soft8Soft LLC Verge3D allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Verge3D: from n/a through 4.9.4.
2025-06-06
5.3
CVE-2025-49268

SolaPlugins–Sola Support Ticket
Missing Authorization vulnerability in SolaPlugins Sola Support Ticket allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sola Support Ticket: from n/a through 3.17.
2025-06-06
6.5
CVE-2023-25997

SoluesCoop–iSoluesWEB
A vulnerability was found in SoluÃ§ÃµesCoop iSoluÃ§ÃµesWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Information Update. The manipulation of the argument nomeArquivo leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
2025-06-06
4.3
CVE-2025-5714

SourceCodester–Open Source Clinic Management System
A vulnerability classified as critical was found in SourceCodester Open Source Clinic Management System 1.0. This vulnerability affects unknown code of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
6.3
CVE-2025-5728

SourceCodester–Student Result Management System
A vulnerability classified as critical has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /admin/core/new_user of the component Register Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
5.3
CVE-2025-5649

Splunk–Splunk Enterprise
In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the “admin” or “power” Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user.
2025-06-02
4.3
CVE-2025-20297

stefanledin–Responsify WP
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in stefanledin Responsify WP allows Stored XSS. This issue affects Responsify WP: from n/a through 1.9.11.
2025-06-06
5.9
CVE-2025-30937

Stiofan–BlockStrap Page Builder – Bootstrap Blocks
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Stiofan BlockStrap Page Builder – Bootstrap Blocks allows Stored XSS. This issue affects BlockStrap Page Builder – Bootstrap Blocks: from n/a through 0.1.36.
2025-06-06
6.5
CVE-2025-30951

storepro–Subscription Renewal Reminders for WooCommerce
Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce allows Cross Site Request Forgery. This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through 1.3.7.
2025-06-06
4.3
CVE-2025-28984

switcorp–Profiler What Slowing Down Your WP
The Profiler – What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsd_plugin_control() function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to reactivate previously deactivated plugins after accessing the “Profiler” page.
2025-06-07
5.3
CVE-2025-5814

taskbuilder–Taskbuilder
Missing Authorization vulnerability in taskbuilder Taskbuilder allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Taskbuilder: from n/a through 4.0.3.
2025-06-06
5.3
CVE-2025-30945

techjewel–Ninja Tables Easy Data Table Builder
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute arbitrary functions, though it does not allow user supplied parameters only single functions can be called so the impact is limited.
2025-06-03
5.6
CVE-2025-2939

Tenda–AC18
A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
6.3
CVE-2025-5606

Tenda–AC9
A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-07
6.3
CVE-2025-5836

Tenda–CP3
A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and classified as critical. Affected by this vulnerability is the function sub_F3C8C of the file apollo. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
4.7
CVE-2025-5763

tggfref–WP-Recall
Cross-Site Request Forgery (CSRF) vulnerability in tggfref WP-Recall allows Privilege Escalation. This issue affects WP-Recall: from n/a through 16.26.14.
2025-06-06
6.3
CVE-2025-30981

Thad Allender–GPP Slideshow
Missing Authorization vulnerability in Thad Allender GPP Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GPP Slideshow: from n/a through 1.3.5.
2025-06-06
4.3
CVE-2025-28996

themeatelier–Domain For Sale, Domain appraisal, Domain auction, Domain marketplace Best Domain For sale Plugin for WordPress
The Domain For Sale plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 3.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-06
6.4
CVE-2025-5239

ThemeHigh–Dynamic Pricing and Discount Rules
Cross-Site Request Forgery (CSRF) vulnerability in ThemeHigh Dynamic Pricing and Discount Rules allows Cross Site Request Forgery.This issue affects Dynamic Pricing and Discount Rules: from n/a through 2.2.9.
2025-06-06
4.3
CVE-2025-49077

ThemeHunk–ThemeHunk
Missing Authorization vulnerability in ThemeHunk ThemeHunk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThemeHunk: from n/a through 1.1.1.
2025-06-06
4.3
CVE-2025-30990

themehunk–Vayu Blocks Gutenberg Blocks for WordPress & WooCommerce
The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerWidth’ parameter in all versions up to, and including, 1.3.1 due to a missing capability check on the vayu_blocks_option_panel_callback() function and insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-03
6.4
CVE-2025-4420

ThemesGrove–WidgetKit
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemesGrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.5.4.
2025-06-06
6.5
CVE-2025-49074

TOTOLINK–X15
A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-03
6.3
CVE-2025-5502

TOTOLINK–X2000R
A vulnerability has been found in TOTOLINK X2000R 1.0.0-B20230726.1108 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWsc. The manipulation of the argument peerRptPin leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-03
6.3
CVE-2025-5504

TOTOLINK–X2000R
A vulnerability, which was classified as critical, has been found in TOTOLINK X2000R 1.0.0-B20230726.1108. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel. The manipulation of the argument devicemac1 leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-03
6.3
CVE-2025-5515

tushargohel–WordPress Ajax Load More and Infinite Scroll
The WordPress Ajax Load More and Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-06
6.4
CVE-2025-5586

tychesoftwares–Print Invoice & Delivery Notes for WooCommerce
Cross-Site Request Forgery (CSRF) vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce allows Cross Site Request Forgery. This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 5.5.0.
2025-06-06
5.4
CVE-2025-49239

umbraco–Umbraco-CMS
Umbraco is an ASP.NET content management system (CMS). Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it’s possible to upload a file that doesn’t adhere with the configured allowable file extensions via a manipulated API request. The issue is patched in versions 15.4.2 and 16.0.0. No known workarounds are available.
2025-06-03
5.5
CVE-2025-48953

Uncanny Owl–Uncanny Automator
Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through 6.4.0.2.
2025-06-05
6.5
CVE-2025-48133

Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T750/T765/T760/T770/T820/S8000/T8300/T9300
In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.
2025-06-03
5.1
CVE-2025-31711

Unisoc (Shanghai) Technologies Co., Ltd.–SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T750/T765/T760/T770/T820/S8000/T8300/T9300
In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.
2025-06-03
5.1
CVE-2025-31712

Unisoc (Shanghai) Technologies Co., Ltd.–SC9863A/T606/T612/T616/T750/T765/T760/T770/T820/S8000/T8300/T9300
In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
2025-06-03
5.9
CVE-2025-31710

Unreal Themes–ACF: Yandex Maps Field
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Unreal Themes ACF: Yandex Maps Field allows Stored XSS. This issue affects ACF: Yandex Maps Field: from n/a through 1.1.
2025-06-06
5.9
CVE-2025-30930

vicchi–WP Biographia
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in vicchi WP Biographia allows Stored XSS. This issue affects WP Biographia: from n/a through 4.0.0.
2025-06-06
5.9
CVE-2025-30928

viralloops–Viral Loops WP Integration
Missing Authorization vulnerability in viralloops Viral Loops WP Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Viral Loops WP Integration: from n/a through 3.8.1.
2025-06-06
5.3
CVE-2025-28995

VMware–VMware NSX
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
2025-06-04
6.9
CVE-2025-22244

VMware–VMware NSX
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
2025-06-04
5.9
CVE-2025-22245

Vova–Shortcodes Ultimate
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Vova Shortcodes Ultimate allows Stored XSS. This issue affects Shortcodes Ultimate: from n/a through 7.3.5.
2025-06-06
6.5
CVE-2025-49244

Vuong Nguyen–WP Security Master
Cross-Site Request Forgery (CSRF) vulnerability in Vuong Nguyen WP Security Master allows Cross Site Request Forgery. This issue affects WP Security Master: from n/a through 1.0.2.
2025-06-06
4.3
CVE-2025-49440

WAGO–Fully Managed Switches 0852-0303
A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date of the switch to be set back to January 1st, 1970.
2025-06-02
4.3
CVE-2025-1235

weblizar–HR Management Lite
Cross-Site Request Forgery (CSRF) vulnerability in weblizar HR Management Lite allows Cross Site Request Forgery. This issue affects HR Management Lite: from n/a through 3.3.
2025-06-06
4.3
CVE-2025-29005

webnus/–Modern Events Calendar Lite
The Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 7.21.9. This is due improper or insufficient validation of the id property when exporting calendars. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
2025-06-06
5.3
CVE-2025-5733

webpack–webpack-dev-server
webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users’ source code may be stolen when you access a malicious web site with non-Chromium based browser. The `Origin` header is checked to prevent Cross-site WebSocket hijacking from happening, which was reported by CVE-2018-14732. But webpack-dev-server always allows IP address `Origin` headers. This allows websites that are served on IP addresses to connect WebSocket. An attacker can obtain source code via a method similar to that used to exploit CVE-2018-14732. Version 5.2.1 contains a patch for the issue.
2025-06-03
6.5
CVE-2025-30360

webpack–webpack-dev-server
webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users’ source code may be stolen when they access a malicious web site. Because the request for classic script by a script tag is not subject to same origin policy, an attacker can inject a malicious script in their site and run the script. Note that the attacker has to know the port and the output entrypoint script path. Combined with prototype pollution, the attacker can get a reference to the webpack runtime variables. By using `Function::toString` against the values in `__webpack_modules__`, the attacker can get the source code. Version 5.2.1 contains a patch for the issue.
2025-06-03
5.3
CVE-2025-30359

WebToffee–Product Feed for WooCommerce
Missing Authorization vulnerability in WebToffee Product Feed for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Feed for WooCommerce: from n/a through 2.2.8.
2025-06-06
4.3
CVE-2025-49287

webtoffee–WordPress Comments Import & Export
The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings parameters. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts on the plugin settings page that will execute whenever an administrative user accesses an injected page. The vulnerability was partially fixed in version 2.4.3 and fully fixed in version 2.4.4
2025-06-02
6.4
CVE-2025-3919

whassan–KI Live Video Conferences
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences allows Retrieve Embedded Sensitive Data. This issue affects KI Live Video Conferences: from n/a through 5.5.15.
2025-06-06
5.3
CVE-2025-23969

whassan–KI Live Video Conferences
Missing Authorization vulnerability in whassan KI Live Video Conferences allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects KI Live Video Conferences: from n/a through 5.5.15.
2025-06-06
5.3
CVE-2025-23971

Wordapp Team–Wordapp
Missing Authorization vulnerability in Wordapp Team Wordapp allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wordapp: from n/a through 1.7.0.
2025-06-06
4.3
CVE-2025-30927

WordLift–WordLift
Missing Authorization vulnerability in WordLift WordLift allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordLift: from n/a through 3.54.4.
2025-06-06
4.3
CVE-2025-30624

WP Compress–WP Compress for MainWP
Missing Authorization vulnerability in WP Compress WP Compress for MainWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Compress for MainWP: from n/a through 6.30.32.
2025-06-06
5.4
CVE-2025-30932

WP Corner–Quick Event Calendar
Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar allows Cross Site Request Forgery. This issue affects Quick Event Calendar: from n/a through 1.4.9.
2025-06-06
4.3
CVE-2025-27360

WP Legal Pages–WP Cookie Notice for GDPR, CCPA & ePrivacy Consent
Cross-Site Request Forgery (CSRF) vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent allows Cross Site Request Forgery. This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through 3.8.0.
2025-06-06
4.3
CVE-2025-49285

WP Map Plugins–Interactive Regional Map of Africa
Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive Regional Map of Africa allows Cross Site Request Forgery. This issue affects Interactive Regional Map of Africa: from n/a through 1.0.
2025-06-06
4.3
CVE-2025-49449

WP Map Plugins–Interactive Regional Map of Florida
Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Interactive Regional Map of Florida: from n/a through 1.0.
2025-06-06
5.3
CVE-2025-49441

WP Map Plugins–Interactive UK Regional Map
Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive UK Regional Map allows Cross Site Request Forgery. This issue affects Interactive UK Regional Map: from n/a through 2.0.
2025-06-06
4.3
CVE-2025-49445

WP Table Builder–WP Table Builder
Cross-Site Request Forgery (CSRF) vulnerability in WP Table Builder WP Table Builder allows Cross Site Request Forgery. This issue affects WP Table Builder: from n/a through 2.0.6.
2025-06-06
4.3
CVE-2025-49286

WP Wham–All Currencies for WooCommerce
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Wham All Currencies for WooCommerce allows Stored XSS. This issue affects All Currencies for WooCommerce: from n/a through 2.4.4.
2025-06-06
6.5
CVE-2025-30950

wp-buy–WP Maintenance Mode & Site Under Construction
Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Maintenance Mode & Site Under Construction allows Cross Site Request Forgery. This issue affects WP Maintenance Mode & Site Under Construction: from n/a through 4.3.
2025-06-06
4.3
CVE-2025-49284

wp.insider–Simple Membership
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wp.insider Simple Membership allows Stored XSS. This issue affects Simple Membership: from n/a through 4.6.3.
2025-06-06
5.9
CVE-2025-49333

wpdevteam–Essential Addons for Elementor Popular Elementor Templates and Widgets
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_event_details_text parameter of Event Calendar Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-07
6.4
CVE-2024-9993

wpdevteam–Essential Addons for Elementor Popular Elementor Templates and Widgets
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_pricing_item_tooltip_content parameter of the Pricing Table Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-07
6.4
CVE-2024-9994

wpdive–Nexa Blocks
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpdive Nexa Blocks allows Stored XSS. This issue affects Nexa Blocks: from n/a through 1.1.0.
2025-06-06
6.5
CVE-2025-30952

wpdive–Nexa Blocks
Server-Side Request Forgery (SSRF) vulnerability in wpdive Nexa Blocks allows Server Side Request Forgery. This issue affects Nexa Blocks: from n/a through 1.1.0.
2025-06-06
4.9
CVE-2025-30976

WPlugged.com–WebHotelier
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPlugged.com WebHotelier allows Stored XSS. This issue affects WebHotelier: from n/a through 1.9.2.
2025-06-06
6.5
CVE-2025-49299

wpmudev–Broken Link Checker
The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view the plugin’s status.
2025-06-03
4.3
CVE-2025-4047

wpmudev–Forminator Forms Contact Form, Payment Form & Custom Form Builder
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and ‘data-size’ parameters in all versions up to, and including, 1.44.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
2025-06-05
6.4
CVE-2025-5341

wpsoul–Greenshift
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in wpsoul Greenshift allows DOM-Based XSS. This issue affects Greenshift: from n/a through 11.5.5.
2025-06-06
6.5
CVE-2025-49301

wpswings–Ultimate Gift Cards for WooCommerce
The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the ‘default_price’ and ‘product_id’ parameters in all versions up to, and including, 3.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2025-06-03
4.9
CVE-2025-5103

WPtouch–WPtouch
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPtouch WPtouch allows Stored XSS. This issue affects WPtouch: from n/a through 4.3.60.
2025-06-06
5.9
CVE-2025-49318

WSO2–WSO2 Enterprise Integrator
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server. By leveraging this vulnerability, an attacker could upload a specially crafted payload, potentially achieving remote code execution (RCE) on the server. Exploitation requires valid admin credentials, limiting its impact to authorized but potentially malicious users.
2025-06-02
6.8
CVE-2024-7074

WSO2–WSO2 Enterprise Integrator
A reflected cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser to execute arbitrary JavaScript in the context of the vulnerable page. This vulnerability may allow UI manipulation, redirection to malicious websites, or data exfiltration from the browser. However, since all session-related sensitive cookies are protected with the httpOnly flag, session hijacking is not possible.
2025-06-02
5.2
CVE-2024-8008

WSO2–WSO2 Enterprise Integrator
A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative access to the Management Console. If successful, the actor could inject persistent JavaScript payloads, enabling the theft of user data or execution of unauthorized actions on behalf of other users. While this issue enables persistent client-side script execution, session-related cookies remain protected with the httpOnly flag, preventing session hijacking.
2025-06-02
4.3
CVE-2024-3509

WSO2–WSO2 Identity Server
An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users to an attacker-controlled site. By exploiting this vulnerability, an attacker may trick users into visiting a malicious page, enabling phishing attacks to harvest sensitive information or perform other harmful actions.
2025-06-02
5.4
CVE-2024-1440

WSO2–WSO2 Identity Server as Key Manager
A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal and external resources available through the network or filesystem. Exploitation of this vulnerability could lead to unauthorized access to sensitive data and systems, including resources within private networks, as long as they are reachable by the affected product.
2025-06-02
6.5
CVE-2024-7073

WuKongOpenSource–WukongCRM
A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-03
4.3
CVE-2025-5521

Low Vulnerabilities

PrimaryVendor — Product
Description
Published
CVSS Score
Source Info

authzed–spicedb
SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. Version 1.44.2 fixes the issue. As a workaround, do not use caveats in the schema over an arrow’ed relation.
2025-06-06
3.7
CVE-2025-49011

Cisco–Cisco Unified Contact Center Express
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.  This vulnerability is due to insecure deserialization of Java objects by the affected software. An attacker could exploit this vulnerability by sending a crafted Java object to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.
2025-06-04
3.8
CVE-2025-20276

Cisco–Cisco Unified Contact Center Express
A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper limitation of a pathname to a restricted directory (path traversal). An attacker could exploit this vulnerability by sending a crafted web request to an affected device, followed by a specific command through an SSH session. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of an affected device as a low-privilege user. A successful exploit could also allow the attacker to undertake further actions to elevate their privileges to root.
2025-06-04
3.4
CVE-2025-20277

code-projects–Laundry System
A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/insert_laundry.php. The manipulation of the argument Customer leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
3.5
CVE-2025-5764

code-projects–Laundry System
A vulnerability was found in code-projects Laundry System 1.0. It has been classified as problematic. This affects an unknown part of the file /data/edit_laundry.php. The manipulation of the argument Customer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
3.5
CVE-2025-5765

code-projects–Laundry System
A vulnerability has been found in code-projects Laundry System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /data/edit_type.php. The manipulation of the argument Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
3.5
CVE-2025-5796

code-projects–Laundry System
A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. This issue affects some unknown processing of the file /data/insert_type.php. The manipulation of the argument Type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
3.5
CVE-2025-5797

code-projects–Traffic Offense Reporting System
A vulnerability, which was classified as problematic, has been found in code-projects Traffic Offense Reporting System 1.0. This issue affects some unknown processing of the file saveuser.php. The manipulation of the argument user_id/username/email/name/position leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
3.5
CVE-2025-5651

code-projects–Traffic Offense Reporting System
A vulnerability was found in code-projects Traffic Offense Reporting System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /save-reported.php. The manipulation of the argument offence_id/vehicle_no/driver_license/name/address/gender/officer_reporting/offence leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
3.5
CVE-2025-5757

code-projects–Traffic Offense Reporting System
A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument site_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
2.4
CVE-2025-5661

enilu–web-flash
A vulnerability classified as problematic has been found in enilu web-flash 1.0. This affects the function fileService.upload of the file src/main/java/cn/enilu/flash/api/controller/FileController/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-03
3.5
CVE-2025-5523

inventree–InvenTree
InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in `label-sheet` plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a denial-of-service via memory exhaustion. the issue is fixed in versions 0.17.13 and higher. No workaround is available aside from upgrading to the patched version.
2025-06-03
3.5
CVE-2025-49000

juzaweb–CMS
A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Upload leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-02
3.5
CVE-2025-5420

n/a–PX4-Autopilot
A vulnerability was found in PX4-Autopilot 1.12.3. It has been classified as problematic. This affects the function MavlinkReceiver::handle_message_trajectory_representation_waypoints of the file mavlink_receiver.cpp of the component TRAJECTORY_REPRESENTATION_WAYPOINTS Message Handler. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
2025-06-05
3.3
CVE-2025-5640

n/a–Radare2
A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function r_cons_is_breaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. An additional warning regarding threading support has been added.
2025-06-05
2.5
CVE-2025-5641

n/a–Radare2
A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added.
2025-06-05
2.5
CVE-2025-5642

n/a–Radare2
A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function cons_stack_load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added.
2025-06-05
2.5
CVE-2025-5643

n/a–Radare2
A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added.
2025-06-05
2.5
CVE-2025-5644

n/a–Radare2
A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added.
2025-06-05
2.5
CVE-2025-5645

n/a–Radare2
A vulnerability has been found in Radare2 5.9.9 and classified as problematic. This vulnerability affects the function r_cons_rainbow_free in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added.
2025-06-05
2.5
CVE-2025-5646

n/a–Radare2
A vulnerability was found in Radare2 5.9.9 and classified as problematic. This issue affects the function r_cons_context_break_pop in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added.
2025-06-05
2.5
CVE-2025-5647

n/a–Radare2
A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added.
2025-06-05
2.5
CVE-2025-5648

OpenHarmony–OpenHarmony
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
2025-06-08
3.3
CVE-2025-20063

OpenHarmony–OpenHarmony
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
2025-06-08
3.3
CVE-2025-21082

OpenHarmony–OpenHarmony
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read.
2025-06-08
3.3
CVE-2025-23235

OpenHarmony–OpenHarmony
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
2025-06-08
3.3
CVE-2025-25217

OpenHarmony–OpenHarmony
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
2025-06-08
3.3
CVE-2025-26693

OpenHarmony–OpenHarmony
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
2025-06-08
3.3
CVE-2025-27242

OpenHarmony–OpenHarmony
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
2025-06-08
3.3
CVE-2025-27563

PHPGurukul–Hospital Management System
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been classified as problematic. Affected is an unknown function of the file /doctor/edit-patient.php?editid=2 of the component POST Parameter Handler. The manipulation of the argument patname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-04
2.4
CVE-2025-5584

quequnlong–shiyi-blog
A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-03
3.5
CVE-2025-5513

Signal–App
A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-06
3.8
CVE-2025-5715

SoluesCoop–iSoluesWEB
A vulnerability was found in SoluÃ§ÃµesCoop iSoluÃ§ÃµesWEB up to 20250519 and classified as problematic. Affected by this issue is some unknown functionality of the file /fluxos-dashboard of the component Flow Handler. The manipulation of the argument DescriÃ§Ã£o da solicitaÃ§Ã£o leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
2025-06-06
3.5
CVE-2025-5713

SourceCodester–Food Menu Manager
A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-05
3.5
CVE-2025-5628

SourceCodester–Student Result Management System
A vulnerability, which was classified as problematic, was found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/core/update_profile of the component Profile Setting Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
2.4
CVE-2025-5721

SourceCodester–Student Result Management System
A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /script/academic/terms of the component Add Academic Term. The manipulation of the argument Academic Term leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
2.4
CVE-2025-5722

SourceCodester–Student Result Management System
A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/academic/classes of the component Classes Page. The manipulation of the argument Class Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
2.4
CVE-2025-5723

SourceCodester–Student Result Management System
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /script/academic/subjects of the component Subjects Page. The manipulation of the argument Subject leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
2.4
CVE-2025-5724

SourceCodester–Student Result Management System
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/academic/grading-system of the component Grading System Page. The manipulation of the argument Remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
2.4
CVE-2025-5725

SourceCodester–Student Result Management System
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /script/academic/division-system of the component Division System Page. The manipulation of the argument Division leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
2.4
CVE-2025-5726

SourceCodester–Student Result Management System
A vulnerability classified as problematic has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/announcement of the component Announcement Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-06
2.4
CVE-2025-5727

TOTOLINK–A3002RU
A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011 and classified as problematic. This issue affects some unknown processing of the file /boafrm/formPortFw of the component Virtual Server Page. The manipulation of the argument service_type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-03
2.4
CVE-2025-5505

TOTOLINK–A3002RU
A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been classified as problematic. Affected is an unknown function of the component NAT Mapping Page. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-03
2.4
CVE-2025-5506

TOTOLINK–A3002RU
A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-03
2.4
CVE-2025-5507

TOTOLINK–A3002RU
A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Port Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-03
2.4
CVE-2025-5508

TOTOLINK–X2000R
A vulnerability, which was classified as problematic, was found in TOTOLINK X2000R 1.0.0-B20230726.1108. This affects an unknown part of the file /boafrm/formFilter of the component URL Filtering Page. The manipulation of the argument URL Address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-06-03
2.4
CVE-2025-5516

TOTOLINK–X2000R
A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formPortFw of the component Virtual Server Page. The manipulation of the argument service_type leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
2025-06-03
2.4
CVE-2025-5542

TOTOLINK–X2000R
A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page. The manipulation of the argument Device Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-06-03
2.4
CVE-2025-5543

Valkey–Valkey
setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size – prev->used.
2025-06-02
3.1
CVE-2025-49112

Severity Not Yet Assigned

PrimaryVendor — Product
Description
Published
CVSS Score
Source Info

1Panel-dev–MaxKB
MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as `/bin,/usr/bin`, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directories to carry out attacks. Version 1.10.8-lts fixes the issue.
2025-06-03
not yet calculated
CVE-2025-48950

2BrightSparks–SyncBackFree
2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 2BrightSparks SyncBackFree. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator is also required. The specific flaw exists within the Mirror functionality. By creating a junction, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26962.
2025-06-06
not yet calculated
CVE-2025-5474

70mai–A510
70mai A510 Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of 70mai A510. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default configuration of user accounts. The configuration contains default password. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the root. Was ZDI-CAN-24996.
2025-06-06
not yet calculated
CVE-2025-2766

Acronis–Acronis Cyber Protect 16
Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938.
2025-06-04
not yet calculated
CVE-2025-48960

Acronis–Acronis Cyber Protect 16
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39938.
2025-06-04
not yet calculated
CVE-2025-48961

Acronis–Acronis Cyber Protect 16
Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938.
2025-06-04
not yet calculated
CVE-2025-48962

Acronis–Acronis Cyber Protect Cloud Agent
Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077.
2025-06-04
not yet calculated
CVE-2025-30415

Acronis–Acronis Cyber Protect Cloud Agent
Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077.
2025-06-04
not yet calculated
CVE-2025-48959

Action1–Action1
Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26767.
2025-06-06
not yet calculated
CVE-2025-5480

Allegra–Allegra
Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the extractFileFromZip method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26524.
2025-06-06
not yet calculated
CVE-2025-3485

Amazon–FreeRTOS
We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled. Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.
2025-06-04
not yet calculated
CVE-2025-5688

Apache Software Foundation–Apache InLong
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 before 2.1.0, this issue would allow an authenticated attacker to read arbitrary files by double writing the param. Users are recommended to upgrade to version 2.1.0, which fixes the issue.
2025-06-06
not yet calculated
CVE-2025-27531

Apache Software Foundation–Apache Pekko Management
If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes this issue.
2025-06-03
not yet calculated
CVE-2025-46548

Arm Ltd–Bifrost GPU Kernel Driver
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r44p0 through r49p3, from r50p0 through r51p0; Valhall GPU Kernel Driver: from r44p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r44p0 through r49p3, from r50p0 through r54p0.
2025-06-02
not yet calculated
CVE-2025-0819

Arm Ltd–Bifrost GPU Userspace Driver
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including via WebGL or WebGPU, to access outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r18p0 through r49p3, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r28p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r49p3, from r50p0 through r54p0.
2025-06-02
not yet calculated
CVE-2025-1246

Arm Ltd–Valhall GPU Kernel Driver
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r53p0 before r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r53p0 before r54p0.
2025-06-02
not yet calculated
CVE-2025-0073

Atheos–Atheos
Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of `escapeshellcmd()` in `/components/codegit/traits/execute.php` allows argument injection, leading to arbitrary command execution. Atheos administrators and users of vulnerable versions are at risk of data breaches or server compromise. Version 6.0.4 introduces a `Common::safe_execute` function that sanitizes all arguments using `escapeshellarg()` prior to execution and migrated all components potentially vulnerable to similar exploits to use this new templated execution system.
2025-06-05
not yet calculated
CVE-2025-49008

auth0–auth0-PHP
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.3.1 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Applications using the Auth0-PHP SDK are affected, as are applications using the Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs, because those SDKsrely on the Auth0-PHP SDK versions from 8.0.0-BETA3 until 8.14.0. Version 8.3.1 contains a patch for the issue.
2025-06-03
not yet calculated
CVE-2025-48951

auth0–nextjs-auth0
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, `__session` cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for someone to be affected by the vulnerability: Applications using the NextJS-Auth0 SDK, versions between 4.0.1 to 4.6.0, applications using CDN or edge caching that caches responses with the Set-Cookie header, and if the Cache-Control header is not properly set for sensitive responses. Users should upgrade auth0/nextjs-auth0 to v4.6.1 to receive a patch.
2025-06-04
not yet calculated
CVE-2025-48947

B. Braun Melsungen AG–OnlineSuite
A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server.
2025-06-06
not yet calculated
CVE-2025-3321

B. Braun Melsungen AG–OnlineSuite
An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server.
2025-06-06
not yet calculated
CVE-2025-3322

curl–curl
Due to a mistake in libcurl’s WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS libcurl-using application.
2025-06-07
not yet calculated
CVE-2025-5399

dataease–dataease
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. No known workarounds are available.
2025-06-03
not yet calculated
CVE-2025-48998

dataease–dataease
DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566’s patch exists in versions prior to 2.10.10. In a malicious payload, `getUrlType()` retrieves `hostName`. Since the judgment statement returns false, it will not enter the if statement and will not be filtered. The payload can be directly concatenated at the replace location to construct a malicious JDBC statement. Version 2.10.10 contains a patch for the issue.
2025-06-03
not yet calculated
CVE-2025-48999

dataease–dataease
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available.
2025-06-03
not yet calculated
CVE-2025-49001

dataease–dataease
DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in v2.10.10. No known workarounds are available.
2025-06-03
not yet calculated
CVE-2025-49002

Delta Electronics–CNCSoft
Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
2025-06-04
not yet calculated
CVE-2025-47724

Delta Electronics–CNCSoft-G2
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
2025-06-04
not yet calculated
CVE-2025-47728

denoland–deno
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno correctly threw errors in such cases, as does Node.js. Without authentication tag verification, AES-GCM degrades to essentially CTR mode, removing integrity protection. Authenticated data set with set_aad is also affected, as it is incorporated into the GCM hash (ghash) but this too is not validated, rendering AAD checks ineffective. Version 2.1.7 includes a patch that addresses this issue.
2025-06-03
not yet calculated
CVE-2025-24015

denoland–deno
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, `deno run –allow-read –deny-read main.ts` results in allowed, even though ‘deny’ should be stronger. The result is the same with all global unary permissions given as `–allow-* –deny-*`. This only affects a nonsensical combination of flags, so there shouldn’t be a real impact on the userbase. Users may upgrade to version 2.1.13, 2.2.13, or 2.3.2 to receive a patch.
2025-06-04
not yet calculated
CVE-2025-48888

denoland–deno
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the `Deno.env.toObject` method ignores any variables listed in the `–deny-env` option of the `deno run` command. When looking at the documentation of the `–deny-env` option this might lead to a false impression that variables listed in the option are impossible to read. Software relying on the combination of both flags to allow access to most environment variables except a few sensitive ones will be vulnerable to malicious code trying to steal secrets using the `Deno.env.toObject()` method. Versions 2.1.13 and 2.2.13 contains a patch.
2025-06-04
not yet calculated
CVE-2025-48934

denoland–deno
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno’s permission read/write db permission check by using `ATTACH DATABASE` statement. Version 2.2.5 contains a patch for the issue.
2025-06-04
not yet calculated
CVE-2025-48935

Devolutions–Server
Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the “Edit permission” permission by bypassing the client side validation.
2025-06-05
not yet calculated
CVE-2025-0691

Devolutions–Server
Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.
2025-06-05
not yet calculated
CVE-2025-3768

Devolutions–Server
Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.
2025-06-05
not yet calculated
CVE-2025-5382

Diviotec–nbr222p
The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are used.
2025-06-02
not yet calculated
CVE-2025-5113

expressjs–multer
Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to `2.0.1` to receive a patch. No known workarounds are available.
2025-06-03
not yet calculated
CVE-2025-48997

Forceu–Gokapi
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename. After upload and every time someone opens the upload list, the script is then parsed. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users using a version prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A possible workaround would be to disable end-to-end encryption.
2025-06-02
not yet calculated
CVE-2025-48494

Forceu–Gokapi
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users of versions prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A workaround would be to not open the API page if it is possible that another user might have injected code.
2025-06-02
not yet calculated
CVE-2025-48495

FreshRSS–FreshRSS
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, an attacker can gain additional information about the server by checking if certain directories exist. An attacker can, for example, check if older PHP versions are installed or if certain software is installed on the server and potentially use that information to further attack the server. Version 1.26.2 contains a patch for the issue.
2025-06-04
not yet calculated
CVE-2025-31134

GIMP–GIMP
GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26752.
2025-06-06
not yet calculated
CVE-2025-5473

Google–Chrome
Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
2025-06-02
not yet calculated
CVE-2025-5068

Google–Chrome
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
2025-06-02
not yet calculated
CVE-2025-5419

Hewlett Packard Enterprise (HPE)–HPE StoreOnce Software
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
2025-06-02
not yet calculated
CVE-2025-37089

Hewlett Packard Enterprise (HPE)–HPE StoreOnce Software
A server-side request forgery vulnerability exists in HPE StoreOnce Software.
2025-06-02
not yet calculated
CVE-2025-37090

Hewlett Packard Enterprise (HPE)–HPE StoreOnce Software
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
2025-06-02
not yet calculated
CVE-2025-37092

Hewlett Packard Enterprise (HPE)–HPE StoreOnce Software
A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software.
2025-06-02
not yet calculated
CVE-2025-37095

Hewlett Packard Enterprise (HPE)–HPE StoreOnce Software
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
2025-06-02
not yet calculated
CVE-2025-37096

HP, Inc.–HP Support Assistant
A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.
2025-06-05
not yet calculated
CVE-2025-43026

https://github.com/yrutschle/sslh/releases/tag/v2.2.4–sslh
A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4.
2025-06-02
not yet calculated
CVE-2025-46806

https://github.com/yrutschle/sslh/releases/tag/v2.2.4–sslh
A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh before 2.2.4.
2025-06-02
not yet calculated
CVE-2025-46807

i-PRO Co., Ltd.–Surveillance cameras provided by i-PRO Co., Ltd.
Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd.. If a user views a crafted page while logged in to the affected product, unintended operations may be performed.
2025-06-06
not yet calculated
CVE-2025-36513

Imagination Technologies–Graphics DDK
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.
2025-06-02
not yet calculated
CVE-2025-25179

Jenkins Project–Jenkins Gatling Plugin
Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling reports in a manner that bypasses the Content-Security-Policy protection introduced in Jenkins 1.641 and 1.625, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to change report content.
2025-06-06
not yet calculated
CVE-2025-5806

kafbat–kafka-ui
Kafbat UI is a web user interface for managing Apache Kafka clusters. An unsafe deserialization vulnerability in version 1.0.0 allows any unauthenticated user to execute arbitrary code on the server. Version 1.1.0 fixes the issue.
2025-06-06
not yet calculated
CVE-2025-49127

Keiyo System Co., LTD–PC Time Tracer
Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker.
2025-06-03
not yet calculated
CVE-2025-46355

Keiyo System Co., LTD–TimeWorks
Improper limitation of a pathname to a restricted directory (‘Path Traversal’) issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker.
2025-06-03
not yet calculated
CVE-2025-41428

Linux–Linux
In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the child qdisc’s peek() operation before incrementing sch->q.qlen and sch->qstats.backlog. If the child qdisc uses qdisc_peek_dequeued(), this may trigger an immediate dequeue and potential packet drop. In such cases, qdisc_tree_reduce_backlog() is called, but the HFSC qdisc’s qlen and backlog have not yet been updated, leading to inconsistent queue accounting. This can leave an empty HFSC class in the active list, causing further consequences like use-after-free. This patch fixes the bug by moving the increment of sch->q.qlen and sch->qstats.backlog before the call to the child qdisc’s peek() operation. This ensures that queue length and backlog are always accurate when packet drops or dequeues are triggered during the peek.
2025-06-06
not yet calculated
CVE-2025-38000

Linux–Linux
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: “We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to determine whether it is the first insertion or not [2], but this field is only incremented by init_vf [3]. By using HFSC_RSC (which uses init_ed) [4], it is possible to bypass the check and insert the class twice in the eltree. Under normal conditions, this would lead to an infinite loop in hfsc_dequeue for the reasons we already explained in this report [5]. However, if TBF is added as root qdisc and it is configured with a very low rate, it can be utilized to prevent packets from being dequeued. This behavior can be exploited to perform subsequent insertions in the HFSC eltree and cause a UAF.” To fix both the UAF and the infinite loop, with netem as an hfsc child, check explicitly in hfsc_enqueue whether the class is already in the eltree whenever the HFSC_RSC flag is set. [1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=141d34391abbb315d68556b7c67ad97885407547 [2] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1572 [3] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L677 [4] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1574 [5] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/T/#u
2025-06-06
not yet calculated
CVE-2025-38001

Linux–Linux
In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo() Not everything requires locking in there, which is why the ‘has_lock’ variable exists. But enough does that it’s a bit unwieldy to manage. Wrap the whole thing in a ->uring_lock trylock, and just return with no output if we fail to grab it. The existing trylock() will already have greatly diminished utility/output for the failure case. This fixes an issue with reading the SQE fields, if the ring is being actively resized at the same time.
2025-06-06
not yet calculated
CVE-2025-38002

Linux–Linux
In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the removal of bcm_op’s is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection.
2025-06-08
not yet calculated
CVE-2025-38003

Linux–Linux
In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at runtime where the ‘currframe’ counter is then set to zero. Although this appeared to be a safe operation the updates of ‘currframe’ can be triggered from user space and hrtimer context in bcm_can_tx(). Anderson Nascimento created a proof of concept that triggered a KASAN slab-out-of-bounds read access which can be prevented with a spin_lock_bh. At the rework of bcm_can_tx() the ‘count’ variable has been moved into the protected section as this variable can be modified from both contexts too.
2025-06-08
not yet calculated
CVE-2025-38004

mafintosh–tar-fs
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.
2025-06-02
not yet calculated
CVE-2025-48387

MediaTek, Inc.–MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893
In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739.
2025-06-02
not yet calculated
CVE-2025-20678

MediaTek, Inc.–MT6890, MT6990, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, MT7993
In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.
2025-06-02
not yet calculated
CVE-2025-20674

MediaTek, Inc.–MT7902, MT7921, MT7922, MT7925, MT7927
In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412257; Issue ID: MSV-3292.
2025-06-02
not yet calculated
CVE-2025-20672

MediaTek, Inc.–MT7902, MT7921, MT7922, MT7925, MT7927
In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413200; Issue ID: MSV-3304.
2025-06-02
not yet calculated
CVE-2025-20673

MediaTek, Inc.–MT7902, MT7921, MT7922, MT7925, MT7927
In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413201; Issue ID: MSV-3302.
2025-06-02
not yet calculated
CVE-2025-20675

MediaTek, Inc.–MT7902, MT7921, MT7922, MT7925, MT7927
In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412240; Issue ID: MSV-3293.
2025-06-02
not yet calculated
CVE-2025-20676

MediaTek, Inc.–MT7902, MT7921, MT7922, MT7925, MT7927
In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412256; Issue ID: MSV-3284.
2025-06-02
not yet calculated
CVE-2025-20677

MIM Software–MIM Admin Service
CVE-2025-1701 is a high-severity vulnerability in the MIM Admin service. An attacker could exploit this vulnerability by sending a specially crafted request over the RMI interface to execute arbitrary code with the privileges of the MIM Admin service. The RMI interface is only accessible locally (listening on 127.0.0.1), limiting the attack vector to the local machine. This means that in a properly configured hospital environment, an attacker must have already compromised the network and additionally compromised the system where the MIM Admin service is running. From there, attackers with sufficient knowledge of MIM’s implementation, library usage, and functionality with access to extend the MIM RMI library could force the MIM Admin service to run commands on the local machine with its privileges. Users of MIM Software products exposed via RDP or multi-user application virtualization system should take note that the system being exposed is the environment hosting the virtualized MIM client. This issue affects MIM Admin Service: before 7.2.13, 7.3.8, 7.4.3
2025-06-04
not yet calculated
CVE-2025-1701

MOPS–moPS
In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword.
2025-06-07
not yet calculated
CVE-2024-55585

n/a–n/a
A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the “language” cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information.
2025-06-02
not yet calculated
CVE-2024-40112

n/a–n/a
Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.
2025-06-02
not yet calculated
CVE-2024-40113

n/a–n/a
A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code.
2025-06-02
not yet calculated
CVE-2024-40114

n/a–n/a
A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.
2025-06-02
not yet calculated
CVE-2024-57459

n/a–n/a
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation.
2025-06-04
not yet calculated
CVE-2025-23095

n/a–n/a
An issue was discovered in Samsung Mobile Processor Exynos 1380. The lack of a length check leads to out-of-bounds writes.
2025-06-03
not yet calculated
CVE-2025-23097

n/a–n/a
An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380. A Use-After-Free in the mobile processor leads to privilege escalation.
2025-06-03
not yet calculated
CVE-2025-23098

n/a–n/a
An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.
2025-06-02
not yet calculated
CVE-2025-23099

n/a–n/a
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. The absence of a NULL check leads to a Denial of Service.
2025-06-03
not yet calculated
CVE-2025-23100

n/a–n/a
An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation.
2025-06-04
not yet calculated
CVE-2025-23101

n/a–n/a
An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, and 1380. A Double Free in the mobile processor leads to privilege escalation.
2025-06-03
not yet calculated
CVE-2025-23102

n/a–n/a
An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.
2025-06-03
not yet calculated
CVE-2025-23103

n/a–n/a
An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
2025-06-02
not yet calculated
CVE-2025-23104

n/a–n/a
An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
2025-06-04
not yet calculated
CVE-2025-23106

n/a–n/a
An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.
2025-06-03
not yet calculated
CVE-2025-23107

n/a–n/a
A local privilege escalation in the razer_elevation_service.exe in Razer Synapse 4 through 4.0.86.2502180127 allows a local attacker to escalate their privileges via a vulnerable COM interface in the target service.
2025-06-04
not yet calculated
CVE-2025-27811

n/a–n/a
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.
2025-06-02
not yet calculated
CVE-2025-27953

n/a–n/a
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
2025-06-02
not yet calculated
CVE-2025-27954

n/a–n/a
Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.
2025-06-02
not yet calculated
CVE-2025-27955

n/a–n/a
Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter.
2025-06-02
not yet calculated
CVE-2025-27956

n/a–n/a
File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/Gallery/Images component.
2025-06-04
not yet calculated
CVE-2025-29093

n/a–n/a
Cross Site Scripting vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Marketing/Forms, Marketing/Offers and Content/Pages components.
2025-06-04
not yet calculated
CVE-2025-29094

n/a–n/a
A buffer overflow in the the Sangoma IMG2020 HTTP server through 2.3.9.6 allows an unauthenticated user to achieve remote code execution.
2025-06-03
not yet calculated
CVE-2025-32105

n/a–n/a
In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user’s ability to execute unauthorized code.
2025-06-03
not yet calculated
CVE-2025-32106

n/a–n/a
An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation.
2025-06-03
not yet calculated
CVE-2025-43923

n/a–n/a
Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends), entered by an admin, allow stored XSS.
2025-06-03
not yet calculated
CVE-2025-43924

n/a–n/a
An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data.
2025-06-03
not yet calculated
CVE-2025-43925

n/a–n/a
A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting.
2025-06-02
not yet calculated
CVE-2025-44115

n/a–n/a
Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component
2025-06-03
not yet calculated
CVE-2025-44148

n/a–n/a
Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.
2025-06-02
not yet calculated
CVE-2025-44172

n/a–n/a
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
2025-06-02
not yet calculated
CVE-2025-45387

n/a–n/a
SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries.
2025-06-02
not yet calculated
CVE-2025-45542

n/a–n/a
An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of erupt v1.12.19 allows attackers to execute arbitrary code via uploading a crafted file.
2025-06-03
not yet calculated
CVE-2025-45855

n/a–n/a
Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges.
2025-06-04
not yet calculated
CVE-2025-46011

n/a–n/a
Foxcms v1.25 has a SQL time injection in the $_POST[‘dbname’] parameter of installdb.php.
2025-06-03
not yet calculated
CVE-2025-46154

n/a–n/a
An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint.
2025-06-04
not yet calculated
CVE-2025-46203

n/a–n/a
An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint.
2025-06-04
not yet calculated
CVE-2025-46204

n/a–n/a
In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
2025-06-05
not yet calculated
CVE-2025-47827

NAVER–billboard.js
billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
2025-06-04
not yet calculated
CVE-2025-49223

nekernel-org–nekernel
NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in `rt_copy_memory`, which unconditionally wrote a null terminator at `dst[len]`. When `len` equals the size of the destination buffer (256 bytes), that extra `”` write overruns the buffer by one byte. To avoid breaking existing callers or changing the public API, the patch in commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee takes a minimal approach: it simply removes the overflow-causing line without adding bounds checks or altering the function signature.
2025-06-02
not yet calculated
CVE-2025-48990

Netcomm–NTC 6200
The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with elevated privileges.
2025-06-02
not yet calculated
CVE-2025-4010

QNAP Systems Inc.–File Station 5
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
2025-06-06
not yet calculated
CVE-2025-22484

QNAP Systems Inc.–File Station 5
An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later
2025-06-06
not yet calculated
CVE-2025-22486

QNAP Systems Inc.–File Station 5
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
2025-06-06
not yet calculated
CVE-2025-22490

QNAP Systems Inc.–File Station 5
An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
2025-06-06
not yet calculated
CVE-2025-29871

QNAP Systems Inc.–File Station 5
An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
2025-06-06
not yet calculated
CVE-2025-30279

QNAP Systems Inc.–File Station 5
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
2025-06-06
not yet calculated
CVE-2025-33035

QNAP Systems Inc.–License Center
A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: License Center 1.9.49 and later
2025-06-06
not yet calculated
CVE-2024-50406

QNAP Systems Inc.–Qsync Central
A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later
2025-06-06
not yet calculated
CVE-2025-22482

QNAP Systems Inc.–Qsync Central
An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later
2025-06-06
not yet calculated
CVE-2025-29892

QNAP Systems Inc.–QTS
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later
2025-06-06
not yet calculated
CVE-2024-56805

QNAP Systems Inc.–QTS
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later
2025-06-06
not yet calculated
CVE-2025-22481

QNAP Systems Inc.–QuRouter
A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later
2025-06-06
not yet calculated
CVE-2024-13087

QNAP Systems Inc.–QuRouter
An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QuRouter 2.5.0.140 and later
2025-06-06
not yet calculated
CVE-2024-13088

rack–rack
Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. Version 3.1.16 contains a patch for the vulnerability.
2025-06-04
not yet calculated
CVE-2025-49007

RCLAMP–File::Find::Rule
File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename. A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed. Example: $ mkdir /tmp/poc; echo > “/tmp/poc/|id” $ perl -MFile::Find::Rule -E ‘File::Find::Rule->grep(“foo”)->in(“/tmp/poc”)’ uid=1000(user) gid=1000(user) groups=1000(user),100(users)
2025-06-05
not yet calculated
CVE-2011-10007

rsjoomla.com–RSBlog component for Joomla
A stored XSS vulnerability in RSBlog! component 1.11.6 – 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin’s resource. The injected payload is stored by the application and later executed when other users view the affected content.
2025-06-05
not yet calculated
CVE-2025-27754

rsjoomla.com–RSFirewall component for Joomla
A path traversal vulnerability in RSFirewall component 2.9.7 – 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files
2025-06-05
not yet calculated
CVE-2025-27445

rsjoomla.com–RSform!Pro component for Joomla
A reflected XSS vulnerability in RSform!Pro component 3.0.0 – 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filter[dateFrom] GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin or editor privileges to inject arbitrary JavaScript code by crafting a malicious URL.
2025-06-04
not yet calculated
CVE-2025-27444

rsjoomla.com–RSMail! component for Joomla
A stored XSS vulnerability in RSMail! component 1.19.20 – 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard.
2025-06-05
not yet calculated
CVE-2025-30084

rsjoomla.com–RSMediaGallery component for Joomla
A SQLi vulnerability in RSMediaGallery component 1.7.4 – 2.1.6 for Joomla was discovered. The vulnerability is due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker to inject malicious SQL code through unsanitized input fields, which are used directly in SQL queries. Exploiting this flaw can lead to unauthorized database access, data leakage, or modification of records.
2025-06-05
not yet calculated
CVE-2025-27753

run-llama–run-llama/llama_index
An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code execution (RCE).
2025-06-02
not yet calculated
CVE-2025-1750

run-llama–run-llama/llama_index
Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.
2025-06-05
not yet calculated
CVE-2025-1793

Sante–DICOM Viewer Pro
Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26168.
2025-06-06
not yet calculated
CVE-2025-5481

Soar Cloud System CO., LTD.–HRD Human Resource Management System
A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object.
2025-06-06
not yet calculated
CVE-2025-48780

Soar Cloud System CO., LTD.–HRD Human Resource Management System
An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths.
2025-06-06
not yet calculated
CVE-2025-48781

Soar Cloud System CO., LTD.–HRD Human Resource Management System
An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file.
2025-06-06
not yet calculated
CVE-2025-48782

Soar Cloud System CO., LTD.–HRD Human Resource Management System
An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths.
2025-06-06
not yet calculated
CVE-2025-48783

Soar Cloud System CO., LTD.–HRD Human Resource Management System
A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization.
2025-06-06
not yet calculated
CVE-2025-48784

Soar Cloud System CO., LTD.–HRD Human Resource Management System
A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions.
2025-06-06
not yet calculated
CVE-2025-5192

Sonos–Era 300
Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865.
2025-06-02
not yet calculated
CVE-2025-1051

The GNU C Library–glibc
The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.
2025-06-05
not yet calculated
CVE-2025-5702

The GNU C Library–glibc
The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.
2025-06-05
not yet calculated
CVE-2025-5745

The Qt Company–Qt
An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a “charset” parameter that lacked a value (such as “data:charset,”), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1.
2025-06-02
not yet calculated
CVE-2025-5455

The Qt Company–Qt
When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.
2025-06-05
not yet calculated
CVE-2025-5683

Trol InterMedia–2ClickPortal
Improper neutralization of input provided by an unauthorized user into changes__reference_id parameter in URL allows for boolean-based Blind SQL Injection attacks.
2025-06-05
not yet calculated
CVE-2025-4568

Unknown–FancyBox for WordPress
The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries’ caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escalated it to an Unauthenticated Stored XSS
2025-06-03
not yet calculated
CVE-2025-3662

Unknown–File Provider
The File Provider WordPress plugin through 1.2.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
2025-06-04
not yet calculated
CVE-2025-4578

Unknown–File Provider
The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
2025-06-04
not yet calculated
CVE-2025-4580

Unknown–Newsletter
The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
2025-06-03
not yet calculated
CVE-2025-3584

Unknown–Post Slider and Post Carousel with Post Vertical Scrolling Widget
The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
2025-06-03
not yet calculated
CVE-2025-4567

Unknown–Real Cookie Banner: GDPR & ePrivacy Cookie Consent
The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
2025-06-02
not yet calculated
CVE-2025-1485

Unknown–Short URL
The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site, like subscribers.
2025-06-06
not yet calculated
CVE-2023-2921

Unknown–WP-Optimize
The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations.
2025-06-02
not yet calculated
CVE-2025-3951

vivo–SystemUI
SystemUI has an incorrect component protection setting, which allows access to specific information.
2025-06-06
not yet calculated
CVE-2024-46941

vivo–Wallet
The wallet has an authentication bypass vulnerability that allows access to specific pages.
2025-06-06
not yet calculated
CVE-2025-5719

WF Steuerungstechnik GmbH–airleader MASTER
Improper Authentication vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Authentication Bypass.This issue affects airleader MASTER: 3.00571.
2025-06-04
not yet calculated
CVE-2025-5597

WF Steuerungstechnik GmbH–airleader MASTER
Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Retrieve Embedded Sensitive Data.This issue affects airleader MASTER: 3.0046.
2025-06-04
not yet calculated
CVE-2025-5598

WOLFBOX–Level 2 EV Charger
WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command frames received by the MCU. When parsing frames, the process does not properly detect the start of a frame, which can lead to misinterpretation of input. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26501.
2025-06-06
not yet calculated
CVE-2025-5747

WOLFBOX–Level 2 EV Charger
WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tuya communications module software. The issue results from the exposure of a method allowing the upload of crafted software images to the module. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26349.
2025-06-06
not yet calculated
CVE-2025-5748

WOLFBOX–Level 2 EV Charger
WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of cryptographic keys used in vendor-specific encrypted communications. The issue results from the lack of proper initialization of a variable prior to accessing it. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26295.
2025-06-06
not yet calculated
CVE-2025-5749

WOLFBOX–Level 2 EV Charger
WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the secKey, localKey, stdTimeZone and devId parameters. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26294.
2025-06-06
not yet calculated
CVE-2025-5750

WOLFBOX–Level 2 EV Charger
WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of management cards. The issue results from the lack of personalization of management cards. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26292.
2025-06-06
not yet calculated
CVE-2025-5751

XML-Security–signxml
SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=…`), versions of SignXML prior to 4.0.4 are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature algorithms using the `signxml.XMLVerifier.verify(expect_config=…)` setting, an attacker may supply a signature unexpectedly signed with a key other than the provided HMAC key, using a different (asymmetric key) signature algorithm. Starting with SignXML 4.0.4, specifying `hmac_key` causes the set of accepted signature algorithms to be restricted to HMAC only, if not already restricted by the user.
2025-06-02
not yet calculated
CVE-2025-48994

Yandex–Telemost
Yandex Telemost for Desktop before 2.7.0 has a DLL Hijacking Vulnerability because an untrusted search path is used.
2025-06-02
not yet calculated
CVE-2024-12168

yiisoft–yii2-redis
The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.
2025-06-05
not yet calculated
CVE-2025-48493

ZIV–IDF and ZLF
Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The device is vulnerable to a packet flooding denial of service attack.
2025-06-06
not yet calculated
CVE-2025-41360

ZIV–IDF and ZLF
Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The devices improperly handle TLS requests associated with PROCOME sockets, so TLS requests sent to those PROCOME ports could cause the device to reboot and result in a denial of service. To exploit this vulnerability, PROCOME ports must be configured and active, with communications encryption active.
2025-06-06
not yet calculated
CVE-2025-41361

ZIV–IDF and ZLF
Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim’s browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.
2025-06-06
not yet calculated
CVE-2025-41362

ZIV–IDF and ZLF
In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.
2025-06-06
not yet calculated
CVE-2025-41363

ZIV–IDF and ZLF
Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim’s browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.
2025-06-06
not yet calculated
CVE-2025-41364

ZIV–IDF and ZLF
Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim’s browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed only with permissions higher than the view permission.
2025-06-06
not yet calculated
CVE-2025-41365

ZIV–IDF and ZLF
In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission.
2025-06-06
not yet calculated
CVE-2025-41366

ZIV–IDF and ZLF
Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim’s browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission.
2025-06-06
not yet calculated
CVE-2025-41367

Back to topBulletinsRead More