Patch Tuesday — June 2025
2025-06-10 · 889 CVEs
CVEs published or modified the week of 2025-06-10, partitioned by vendor.
Microsoft (92 CVEs)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-32711 | Critical | 9.3 | — | 2025-06-11 | Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. |
CVE-2025-36633 | High | 8.8 | — | 2025-06-13 | In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation. |
CVE-2025-4613 | High | 8.8 | — | 2025-06-12 | Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template |
CVE-2025-47172 | High | 8.8 | — | 2025-06-10 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2025-47166 | High | 8.8 | — | 2025-06-10 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2025-47163 | High | 8.8 | — | 2025-06-10 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2025-33073 | High | 8.8 | KEV | 2025-06-10 | Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. |
CVE-2025-33066 | High | 8.8 | — | 2025-06-10 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. |
CVE-2025-33064 | High | 8.8 | — | 2025-06-10 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. |
CVE-2025-33053 | High | 8.8 | KEV | 2025-06-10 | External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. |
CVE-2025-36631 | High | 8.4 | — | 2025-06-13 | In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. |
CVE-2025-32717 | High | 8.4 | — | 2025-06-11 | Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
CVE-2025-47957 | High | 8.4 | — | 2025-06-10 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
CVE-2025-47953 | High | 8.4 | — | 2025-06-10 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-47167 | High | 8.4 | — | 2025-06-10 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-47164 | High | 8.4 | — | 2025-06-10 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-47162 | High | 8.4 | — | 2025-06-10 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-33067 | High | 8.4 | — | 2025-06-10 | Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally. |
CVE-2025-47977 | High | 8.2 | — | 2025-06-10 | Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an unauthorized attacker to perform spoofing over a network. |
CVE-2025-33071 | High | 8.1 | — | 2025-06-10 | Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network. |
CVE-2025-33070 | High | 8.1 | — | 2025-06-10 | Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network. |
CVE-2025-32710 | High | 8.1 | — | 2025-06-10 | Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. |
CVE-2025-29828 | High | 8.1 | — | 2025-06-10 | Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network. |
CVE-2025-47107 | High | 7.8 | — | 2025-06-10 | InCopy versions 20.2, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-43577 | High | 7.8 | — | 2025-06-10 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-43576 | High | 7.8 | — | 2025-06-10 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-43575 | High | 7.8 | — | 2025-06-10 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-43574 | High | 7.8 | — | 2025-06-10 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-43573 | High | 7.8 | — | 2025-06-10 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-43550 | High | 7.8 | — | 2025-06-10 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-30327 | High | 7.8 | — | 2025-06-10 | InCopy versions 20.2, 19.5.3 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-47968 | High | 7.8 | — | 2025-06-10 | Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. |
CVE-2025-47962 | High | 7.8 | — | 2025-06-10 | Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally. |
CVE-2025-47955 | High | 7.8 | — | 2025-06-10 | Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. |
CVE-2025-47176 | High | 7.8 | — | 2025-06-10 | '.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally. |
CVE-2025-47175 | High | 7.8 | — | 2025-06-10 | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. |
CVE-2025-47174 | High | 7.8 | — | 2025-06-10 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2025-47173 | High | 7.8 | — | 2025-06-10 | Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-47170 | High | 7.8 | — | 2025-06-10 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
CVE-2025-47169 | High | 7.8 | — | 2025-06-10 | Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
CVE-2025-47168 | High | 7.8 | — | 2025-06-10 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
CVE-2025-47165 | High | 7.8 | — | 2025-06-10 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2025-43593 | High | 7.8 | — | 2025-06-10 | InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-43590 | High | 7.8 | — | 2025-06-10 | InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-43589 | High | 7.8 | — | 2025-06-10 | InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-43558 | High | 7.8 | — | 2025-06-10 | InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-33075 | High | 7.8 | — | 2025-06-10 | Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally. |
CVE-2025-32718 | High | 7.8 | — | 2025-06-10 | Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally. |
CVE-2025-32716 | High | 7.8 | — | 2025-06-10 | Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally. |
CVE-2025-32714 | High | 7.8 | — | 2025-06-10 | Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally. |
CVE-2025-32713 | High | 7.8 | — | 2025-06-10 | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
CVE-2025-32712 | High | 7.8 | — | 2025-06-10 | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. |
CVE-2025-30317 | High | 7.8 | — | 2025-06-10 | InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-30399 | High | 7.5 | — | 2025-06-13 | Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. |
CVE-2025-33068 | High | 7.5 | — | 2025-06-10 | Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. |
CVE-2025-33056 | High | 7.5 | — | 2025-06-10 | Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network. |
CVE-2025-33050 | High | 7.5 | — | 2025-06-10 | Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network. |
CVE-2025-32725 | High | 7.5 | — | 2025-06-10 | Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network. |
CVE-2025-32724 | High | 7.5 | — | 2025-06-10 | Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. |
CVE-2025-32721 | High | 7.3 | — | 2025-06-10 | Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally. |
CVE-2025-47959 | High | 7.1 | — | 2025-06-13 | Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network. |
CVE-2025-47171 | Medium | 6.7 | — | 2025-06-10 | Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally. |
CVE-2025-33057 | Medium | 6.5 | — | 2025-06-10 | Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network. |
CVE-2025-32715 | Medium | 6.5 | — | 2025-06-10 | Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network. |
CVE-2025-0913 | Medium | 5.5 | — | 2025-06-11 | os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. |
CVE-2025-47112 | Medium | 5.5 | — | 2025-06-10 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-47111 | Medium | 5.5 | — | 2025-06-10 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. |
CVE-2025-43579 | Medium | 5.5 | — | 2025-06-10 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. |
CVE-2025-43578 | Medium | 5.5 | — | 2025-06-10 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-47956 | Medium | 5.5 | — | 2025-06-10 | External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally. |
CVE-2025-47106 | Medium | 5.5 | — | 2025-06-10 | InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-47105 | Medium | 5.5 | — | 2025-06-10 | InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-47104 | Medium | 5.5 | — | 2025-06-10 | InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-33065 | Medium | 5.5 | — | 2025-06-10 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
CVE-2025-33063 | Medium | 5.5 | — | 2025-06-10 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
CVE-2025-33062 | Medium | 5.5 | — | 2025-06-10 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
CVE-2025-33061 | Medium | 5.5 | — | 2025-06-10 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
CVE-2025-33060 | Medium | 5.5 | — | 2025-06-10 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
CVE-2025-33059 | Medium | 5.5 | — | 2025-06-10 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
CVE-2025-33058 | Medium | 5.5 | — | 2025-06-10 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
CVE-2025-33055 | Medium | 5.5 | — | 2025-06-10 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
CVE-2025-33052 | Medium | 5.5 | — | 2025-06-10 | Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally. |
CVE-2025-32722 | Medium | 5.5 | — | 2025-06-10 | Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally. |
CVE-2025-32720 | Medium | 5.5 | — | 2025-06-10 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
CVE-2025-32719 | Medium | 5.5 | — | 2025-06-10 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
CVE-2025-30321 | Medium | 5.5 | — | 2025-06-10 | InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. |
CVE-2025-24069 | Medium | 5.5 | — | 2025-06-10 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
CVE-2025-24068 | Medium | 5.5 | — | 2025-06-10 | Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
CVE-2025-24065 | Medium | 5.5 | — | 2025-06-10 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
CVE-2025-47160 | Medium | 5.4 | — | 2025-06-10 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. |
CVE-2025-33069 | Medium | 5.1 | — | 2025-06-10 | Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature locally. |
CVE-2025-47969 | Medium | 4.4 | — | 2025-06-10 | Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally. |
Other vendors (797 CVEs across 242 vendors)
Adobe · 232 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-46840 | High | 8.7 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. |
CVE-2025-46837 | High | 8.7 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47110 | High | 8.4 | — | 2025-06-10 | Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vuln… |
CVE-2025-43585 | High | 8.2 | — | 2025-06-10 | Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. |
CVE-2025-43586 | High | 8.1 | — | 2025-06-10 | Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. |
CVE-2025-43588 | High | 7.8 | — | 2025-06-10 | Substance3D - Sampler versions 5.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-43581 | High | 7.8 | — | 2025-06-10 | Substance3D - Sampler versions 5.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-47108 | High | 7.8 | — | 2025-06-10 | Substance3D - Painter versions 11.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-27207 | Medium | 6.5 | — | 2025-06-10 | Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. |
CVE-2025-47094 | Medium | 6.1 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2025-47049 | Medium | 6.1 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. |
CVE-2025-47117 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47116 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47115 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47114 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47113 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47093 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47092 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47091 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47090 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47089 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47088 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47087 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47086 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47085 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47084 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47083 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47082 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47081 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47080 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47079 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47078 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47077 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47076 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47075 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47074 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47073 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47072 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47071 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47070 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47069 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47068 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47067 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47066 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47065 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47063 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47062 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47060 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47057 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47056 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47055 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47052 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47051 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47050 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47048 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47047 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47045 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47044 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47042 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47041 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47040 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47039 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47038 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47037 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47036 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47035 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47034 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47033 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47032 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47031 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47030 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47029 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47027 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47026 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47025 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47022 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47021 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47020 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47019 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47017 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47016 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47015 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47014 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47013 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47012 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47011 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47010 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47008 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47007 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47006 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47005 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47004 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47003 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47002 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47000 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46999 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46997 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46995 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46992 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46991 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46990 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46989 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46988 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46987 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46986 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46985 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46984 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46983 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46982 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46981 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46979 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46978 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46977 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46976 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46975 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46974 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46973 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46972 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46971 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46970 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46968 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46967 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46966 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46965 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46964 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46963 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46960 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46957 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46956 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46955 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46954 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46953 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46952 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46951 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46950 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46949 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46948 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46947 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46946 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46945 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46944 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46943 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46942 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46941 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46940 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46939 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46935 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46934 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46933 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46931 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46930 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46929 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46927 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46926 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46924 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46923 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46922 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46919 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46918 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46917 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46916 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46915 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46914 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46912 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46910 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46909 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46908 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46907 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46906 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46905 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46904 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46903 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46902 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46901 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46900 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46899 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46898 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46895 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46894 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46893 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46892 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46891 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46890 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46889 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. |
CVE-2025-46888 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46887 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46886 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46885 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46883 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46882 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46881 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46880 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46879 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46878 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46877 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46876 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46875 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2025-46874 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2025-46873 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46872 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46871 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46870 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46866 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46865 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46864 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46863 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46862 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46861 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46860 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46859 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46858 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46857 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. |
CVE-2025-46855 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46854 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46853 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46851 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46850 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46848 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46847 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46846 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46845 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46844 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46843 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46842 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46841 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46838 | Medium | 5.4 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-27206 | Medium | 5.3 | — | 2025-06-10 | Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. |
CVE-2025-46913 | Medium | 4.8 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46911 | Medium | 4.8 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46884 | Medium | 4.8 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-46920 | Medium | 4.6 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. |
CVE-2025-47096 | Low | 3.5 | — | 2025-06-10 | Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, allowing a low impact to the integrity of the component. |
N/a · 34 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-28389 | Critical | 9.8 | — | 2025-06-13 | Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack. |
CVE-2025-28388 | Critical | 9.8 | — | 2025-06-13 | OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account. |
CVE-2025-28386 | Critical | 9.8 | — | 2025-06-13 | A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file. |
CVE-2025-46060 | Critical | 9.8 | — | 2025-06-13 | Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component |
CVE-2025-28384 | Critical | 9.1 | — | 2025-06-13 | An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal. |
CVE-2025-5869 | High | 8.0 | — | 2025-06-09 | A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. |
CVE-2025-5868 | High | 8.0 | — | 2025-06-09 | A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. |
CVE-2025-5867 | High | 8.0 | — | 2025-06-09 | A vulnerability classified as critical was found in RT-Thread 5.1.0. |
CVE-2025-5866 | High | 8.0 | — | 2025-06-09 | A vulnerability classified as critical has been found in RT-Thread 5.1.0. |
CVE-2025-5865 | High | 8.0 | — | 2025-06-09 | A vulnerability was found in RT-Thread 5.1.0. |
CVE-2025-28382 | High | 7.5 | — | 2025-06-13 | An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal. |
CVE-2025-28381 | High | 7.5 | — | 2025-06-13 | A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers. |
CVE-2025-46035 | High | 7.5 | — | 2025-06-12 | Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi… |
CVE-2025-44044 | High | 7.5 | — | 2025-06-10 | Keyoti SearchUnit prior to 9.0.0. |
CVE-2025-45001 | High | 7.5 | — | 2025-06-09 | react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. |
CVE-2025-5952 | High | 7.3 | — | 2025-06-10 | A vulnerability, which was classified as critical, has been found in Zend.To up to 6.10-6 Beta. |
CVE-2024-44906 | Medium | 6.5 | — | 2025-06-12 | uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go. |
CVE-2024-44905 | Medium | 6.5 | — | 2025-06-12 | go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go. |
CVE-2025-28380 | Medium | 6.1 | — | 2025-06-13 | A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter. |
CVE-2025-46096 | Medium | 6.1 | — | 2025-06-13 | Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component |
CVE-2024-46452 | Medium | 6.1 | — | 2025-06-09 | A Host Header injection vulnerability in the password reset function of VigyBag Open Source Online Shop commit 3f0e21b allows attackers to redirect victim users to a malicious site via a crafted URL. |
CVE-2025-46178 | Medium | 6.1 | — | 2025-06-09 | Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. |
CVE-2025-44091 | Medium | 5.4 | — | 2025-06-12 | yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function. |
CVE-2023-45256 | Medium | 5.4 | — | 2025-06-12 | Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transa… |
CVE-2025-29744 | Medium | 5.4 | — | 2025-06-12 | pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers. |
CVE-2024-37396 | Medium | 5.4 | — | 2025-06-10 | A stored cross-site scripting (XSS) vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. |
CVE-2024-37395 | Medium | 5.4 | — | 2025-06-10 | A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instruct… |
CVE-2024-37394 | Medium | 5.4 | — | 2025-06-10 | A stored cross-site scripting (XSS) vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard conten… |
CVE-2025-44043 | Medium | 5.4 | — | 2025-06-10 | Keyoti SearchUnit prior to 9.0.0. |
CVE-2025-45055 | Medium | 5.4 | — | 2025-06-09 | Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerability in the event management module. |
CVE-2025-5935 | Medium | 5.3 | — | 2025-06-10 | A vulnerability was found in Open5GS up to 2.7.3. |
CVE-2025-5874 | Medium | 4.6 | — | 2025-06-09 | A vulnerability was found in Redash up to 10.1.0/25.1.0. |
CVE-2025-5892 | Medium | 4.3 | — | 2025-06-09 | A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. |
CVE-2025-5880 | Medium | 4.3 | — | 2025-06-09 | A vulnerability has been found in Whistle 2.9.98 and classified as problematic. |
Sick · 19 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49199 | High | 8.8 | — | 2025-06-12 | The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. |
CVE-2025-49181 | High | 8.6 | — | 2025-06-12 | Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. |
CVE-2025-49194 | High | 7.5 | — | 2025-06-12 | The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. |
CVE-2025-49184 | High | 7.5 | — | 2025-06-12 | A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product. |
CVE-2025-49183 | High | 7.5 | — | 2025-06-12 | All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. |
CVE-2025-49182 | High | 7.5 | — | 2025-06-12 | Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application. |
CVE-2025-49200 | Medium | 6.5 | — | 2025-06-12 | The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and decompressing the backup files. |
CVE-2025-49197 | Medium | 6.5 | — | 2025-06-12 | The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account. |
CVE-2025-49196 | Medium | 6.5 | — | 2025-06-12 | A service supports the use of a deprecated and unsafe TLS version. |
CVE-2025-49185 | Medium | 5.5 | — | 2025-06-12 | The web application is susceptible to cross-site-scripting attacks. |
CVE-2025-49195 | Medium | 5.3 | — | 2025-06-12 | The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server. |
CVE-2025-49189 | Medium | 5.3 | — | 2025-06-12 | The HttpOnlyflag of the session cookie \"@@\" is set to false. |
CVE-2025-49188 | Medium | 5.3 | — | 2025-06-12 | The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering. |
CVE-2025-49187 | Medium | 5.3 | — | 2025-06-12 | For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. |
CVE-2025-49191 | Medium | 4.8 | — | 2025-06-12 | Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. |
CVE-2025-49192 | Medium | 4.3 | — | 2025-06-12 | The web application is vulnerable to clickjacking attacks. |
CVE-2025-49190 | Medium | 4.3 | — | 2025-06-12 | The application is vulnerable to Server-Side Request Forgery (SSRF). |
CVE-2025-49193 | Medium | 4.2 | — | 2025-06-12 | The application fails to implement several security headers. |
CVE-2025-49198 | Low | 3.1 | — | 2025-06-12 | The Media Server’s authorization tokens have a poor quality of randomness. |
Sap_se · 14 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-42989 | Critical | 9.6 | — | 2025-06-10 | RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
CVE-2025-42982 | High | 8.8 | — | 2025-06-10 | SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials. |
CVE-2025-42983 | High | 8.5 | — | 2025-06-10 | SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. |
CVE-2025-42977 | High | 7.6 | — | 2025-06-10 | SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privileged user. |
CVE-2025-42995 | High | 7.5 | — | 2025-06-10 | SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with… |
CVE-2025-42994 | High | 7.5 | — | 2025-06-10 | SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability… |
CVE-2025-42993 | Medium | 6.7 | — | 2025-06-10 | Due to a missing authorization check vulnerability in SAP S/4HANA (Enterprise Event Enablement), an attacker with access to the Inbound Binding Configuration could create an RFC destination and assign an arbitrary high-privilege user. |
CVE-2025-31325 | Medium | 5.8 | — | 2025-06-10 | Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Keyword Documentation), an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected parameter. |
CVE-2025-42996 | Medium | 5.6 | — | 2025-06-10 | SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the ability to access or modify non-sensitive information or consume sufficient resources… |
CVE-2025-42984 | Medium | 5.4 | — | 2025-06-10 | SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. |
CVE-2025-42998 | Medium | 5.3 | — | 2025-06-10 | The security settings in the SAP Business One Integration Framework are not adequately checked, allowing attackers to bypass the 403 Forbidden error and access restricted pages. |
CVE-2025-42991 | Medium | 4.3 | — | 2025-06-10 | SAP S/4HANA (Bank Account Application) does not perform necessary authorization checks. |
CVE-2025-42987 | Medium | 4.3 | — | 2025-06-10 | SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. |
CVE-2025-42990 | Low | 3.0 | — | 2025-06-10 | Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. |
Fortinet · 13 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-31104 | High | 7.2 | — | 2025-06-10 | An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all… |
CVE-2025-22254 | Medium | 6.6 | — | 2025-06-10 | An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiPro… |
CVE-2025-24471 | Medium | 6.5 | — | 2025-06-10 | An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate. |
CVE-2025-22256 | Medium | 6.3 | — | 2025-06-10 | A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via spe… |
CVE-2024-50568 | Medium | 5.9 | — | 2025-06-10 | A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an u… |
CVE-2024-54019 | Medium | 4.8 | — | 2025-06-10 | A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another… |
CVE-2024-50562 | Medium | 4.8 | — | 2025-06-10 | An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log… |
CVE-2024-32119 | Medium | 4.8 | — | 2025-06-10 | An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploadi… |
CVE-2025-25250 | Medium | 4.3 | — | 2025-06-10 | An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, Forti… |
CVE-2024-45329 | Medium | 4.3 | — | 2025-06-10 | A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key m… |
CVE-2023-48786 | Medium | 4.3 | — | 2025-06-10 | A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests. |
CVE-2023-29184 | Low | 3.2 | — | 2025-06-10 | An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI r… |
CVE-2025-22251 | Low | 3.1 | — | 2025-06-10 | An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unau… |
Vmware · 12 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-22239 | High | 8.1 | — | 2025-06-13 | Arbitrary event injection on Salt Master. |
CVE-2025-22236 | High | 8.1 | — | 2025-06-13 | Minion event bus authorization bypass. |
CVE-2025-41233 | Medium | 6.8 | — | 2025-06-12 | Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. |
CVE-2025-22237 | Medium | 6.7 | — | 2025-06-13 | An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process. |
CVE-2025-41234 | Medium | 6.5 | — | 2025-06-12 | Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the… |
CVE-2024-38825 | Medium | 6.4 | — | 2025-06-13 | The salt.auth.pki module does not properly authenticate callers. |
CVE-2025-22240 | Medium | 6.3 | — | 2025-06-13 | Arbitrary directory creation or file deletion. |
CVE-2025-22242 | Medium | 5.6 | — | 2025-06-13 | Worker process denial of service through file read operation. |
CVE-2025-22241 | Medium | 5.6 | — | 2025-06-13 | File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. |
CVE-2025-22238 | Medium | 4.2 | — | 2025-06-13 | Directory traversal attack in minion file cache creation. |
CVE-2024-38823 | Low | 2.7 | — | 2025-06-13 | Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport. |
CVE-2024-38822 | Low | 2.7 | — | 2025-06-13 | Multiple methods in the salt master skip minion token validation. |
Tenda · 11 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5978 | High | 8.8 | — | 2025-06-10 | A vulnerability was found in Tenda FH1202 1.2.0.14. |
CVE-2025-5863 | High | 8.8 | — | 2025-06-09 | A vulnerability was found in Tenda AC5 15.03.06.47. |
CVE-2025-5862 | High | 8.8 | — | 2025-06-09 | A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. |
CVE-2025-5861 | High | 8.8 | — | 2025-06-09 | A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. |
CVE-2025-5855 | High | 8.8 | — | 2025-06-09 | A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. |
CVE-2025-5854 | High | 8.8 | — | 2025-06-09 | A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. |
CVE-2025-5853 | High | 8.8 | — | 2025-06-09 | A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. |
CVE-2025-5852 | High | 8.8 | — | 2025-06-09 | A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. |
CVE-2025-5851 | High | 8.8 | — | 2025-06-09 | A vulnerability was found in Tenda AC15 15.03.05.19_multi. |
CVE-2025-5900 | Medium | 4.3 | — | 2025-06-09 | A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. |
CVE-2025-5864 | Low | 3.7 | — | 2025-06-09 | A vulnerability was found in Tenda TDSEE App up to 1.7.12. |
Phpgurukul · 10 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5860 | High | 7.3 | — | 2025-06-09 | A vulnerability, which was classified as critical, was found in PHPGurukul Maid Hiring Management System 1.0. |
CVE-2025-5856 | High | 7.3 | — | 2025-06-09 | A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. |
CVE-2025-5859 | Medium | 6.3 | — | 2025-06-09 | A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. |
CVE-2025-5858 | Medium | 6.3 | — | 2025-06-09 | A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. |
CVE-2025-5975 | Medium | 4.3 | — | 2025-06-10 | A vulnerability, which was classified as problematic, was found in PHPGurukul Rail Pass Management System 1.0. |
CVE-2025-5976 | Low | 3.5 | — | 2025-06-10 | A vulnerability has been found in PHPGurukul Rail Pass Management System 1.0 and classified as problematic. |
CVE-2025-5974 | Low | 3.5 | — | 2025-06-10 | A vulnerability, which was classified as problematic, has been found in PHPGurukul Restaurant Table Booking System 1.0. |
CVE-2025-5973 | Low | 2.4 | — | 2025-06-10 | A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. |
CVE-2025-5972 | Low | 2.4 | — | 2025-06-10 | A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. |
CVE-2025-5970 | Low | 2.4 | — | 2025-06-10 | A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as problematic. |
Schneider Electric · 10 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5740 | High | 7.2 | — | 2025-06-10 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes when an authenticated user on the web server manipulates file path. |
CVE-2025-3898 | Medium | 6.5 | — | 2025-06-10 | CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver. |
CVE-2025-3116 | Medium | 6.5 | — | 2025-06-10 | CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller. |
CVE-2025-3112 | Medium | 6.5 | — | 2025-06-10 | CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends manipulated HTTPS Content-Length header to the webserver. |
CVE-2025-5743 | Medium | 5.5 | — | 2025-06-10 | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote control over the charging station when an authenticated user modifies configuration parameters… |
CVE-2025-5742 | Medium | 5.4 | — | 2025-06-10 | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server |
CVE-2025-3905 | Medium | 5.4 | — | 2025-06-10 | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to modif… |
CVE-2025-3899 | Medium | 5.4 | — | 2025-06-10 | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to mo… |
CVE-2025-3117 | Medium | 5.4 | — | 2025-06-10 | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to m… |
CVE-2025-5741 | Medium | 4.9 | — | 2025-06-10 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. |
Totolink · 10 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5911 | High | 8.8 | — | 2025-06-10 | A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. |
CVE-2025-5910 | High | 8.8 | — | 2025-06-10 | A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. |
CVE-2025-5909 | High | 8.8 | — | 2025-06-10 | A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. |
CVE-2025-5908 | High | 8.8 | — | 2025-06-10 | A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. |
CVE-2025-5907 | High | 8.8 | — | 2025-06-10 | A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. |
CVE-2025-5905 | High | 8.8 | — | 2025-06-10 | A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. |
CVE-2025-5904 | High | 8.8 | — | 2025-06-10 | A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. |
CVE-2025-5903 | High | 8.8 | — | 2025-06-10 | A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. |
CVE-2025-5902 | High | 8.8 | — | 2025-06-09 | A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. |
CVE-2025-5901 | High | 8.8 | — | 2025-06-09 | A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. |
Acc · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-40657 | Critical | 9.8 | — | 2025-06-10 | A SQL injection vulnerability has been found in DM Corporative CMS. |
CVE-2025-40656 | Critical | 9.8 | — | 2025-06-10 | A SQL injection vulnerability has been found in DM Corporative CMS. |
CVE-2025-40655 | Critical | 9.8 | — | 2025-06-10 | A SQL injection vulnerability has been found in DM Corporative CMS. |
CVE-2025-40654 | Critical | 9.8 | — | 2025-06-10 | A SQL injection vulnerability has been found in DM Corporative CMS. |
CVE-2025-40662 | High | 7.5 | — | 2025-06-10 | Absolute path disclosure vulnerability in DM Corporative CMS. |
CVE-2025-40661 | High | 7.5 | — | 2025-06-10 | An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. |
CVE-2025-40660 | High | 7.5 | — | 2025-06-10 | An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. |
CVE-2025-40659 | High | 7.5 | — | 2025-06-10 | An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. |
CVE-2025-40658 | High | 7.5 | — | 2025-06-10 | An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. |
Gitlab · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4278 | High | 8.7 | — | 2025-06-12 | An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. |
CVE-2025-2254 | High | 8.7 | — | 2025-06-12 | An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. |
CVE-2025-0673 | High | 7.5 | — | 2025-06-12 | An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service… |
CVE-2025-5996 | Medium | 6.5 | — | 2025-06-12 | An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. |
CVE-2025-1516 | Medium | 6.5 | — | 2025-06-12 | An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. |
CVE-2025-1478 | Medium | 6.5 | — | 2025-06-12 | An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. |
CVE-2024-9512 | Medium | 5.3 | — | 2025-06-12 | An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. |
CVE-2025-5195 | Medium | 4.3 | — | 2025-06-12 | An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. |
CVE-2025-5982 | Low | 3.7 | — | 2025-06-12 | An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. |
Xwiki · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-56158 | Critical | 9.8 | — | 2025-06-12 | XWiki is a generic wiki platform. |
CVE-2025-49586 | High | 8.8 | — | 2025-06-13 | XWiki is an open-source wiki software platform. |
CVE-2025-49581 | High | 8.8 | — | 2025-06-13 | XWiki is a generic wiki platform. |
CVE-2025-49587 | High | 8.0 | — | 2025-06-13 | XWiki is an open-source wiki software platform. |
CVE-2025-49585 | High | 8.0 | — | 2025-06-13 | XWiki is a generic wiki platform. |
CVE-2025-49582 | High | 8.0 | — | 2025-06-13 | XWiki is a generic wiki platform. |
CVE-2025-49580 | High | 8.0 | — | 2025-06-13 | XWiki is a generic wiki platform. |
CVE-2025-49584 | High | 7.5 | — | 2025-06-13 | XWiki is a generic wiki platform. |
CVE-2025-49583 | Low | 3.5 | — | 2025-06-13 | XWiki is a generic wiki platform. |
Apache · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-47849 | High | 8.8 | — | 2025-06-10 | A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same d… |
CVE-2025-47713 | High | 8.8 | — | 2025-06-10 | A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. |
CVE-2025-27818 | High | 8.8 | — | 2025-06-10 | A possible security vulnerability has been identified in Apache Kafka. |
CVE-2025-26521 | High | 8.1 | — | 2025-06-10 | When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes clust… |
CVE-2025-27819 | High | 7.5 | — | 2025-06-10 | In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. |
CVE-2025-27817 | High | 7.5 | — | 2025-06-10 | A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. |
CVE-2025-30675 | Medium | 4.7 | — | 2025-06-11 | In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. |
CVE-2025-22829 | Medium | 4.3 | — | 2025-06-10 | The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0. |
Dell · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-36574 | High | 8.2 | — | 2025-06-10 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. |
CVE-2025-27689 | High | 7.8 | — | 2025-06-12 | Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. |
CVE-2025-36575 | High | 7.5 | — | 2025-06-10 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Exposure of Sensitive Information Through Data Queries vulnerability. |
CVE-2025-36573 | High | 7.1 | — | 2025-06-12 | Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. |
CVE-2025-36578 | Medium | 6.8 | — | 2025-06-10 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. |
CVE-2025-36580 | Medium | 6.1 | — | 2025-06-10 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. |
CVE-2025-36577 | Medium | 6.1 | — | 2025-06-10 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. |
CVE-2025-36576 | Low | 2.7 | — | 2025-06-10 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. |
Drupal · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48915 | High | 8.6 | — | 2025-06-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2… |
CVE-2025-48914 | High | 8.6 | — | 2025-06-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2… |
CVE-2025-48920 | High | 7.3 | — | 2025-06-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal etracker allows Cross-Site Scripting (XSS).This issue affects etracker: from 0.0.0 before 3.1.0. |
CVE-2025-48447 | High | 7.1 | — | 2025-06-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0. |
CVE-2025-48916 | Medium | 6.5 | — | 2025-06-13 | Missing Authorization vulnerability in Drupal Bookable Calendar allows Forceful Browsing.This issue affects Bookable Calendar: from 0.0.0 before 2.2.13. |
CVE-2025-48444 | Medium | 5.3 | — | 2025-06-11 | Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0. |
CVE-2025-48013 | Medium | 5.3 | — | 2025-06-11 | Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0. |
CVE-2025-48917 | Medium | 5.0 | — | 2025-06-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal EU Cookie Compliance (GDPR Compliance) allows Cross-Site Scripting (XSS).This issue affects EU Cookie Compliance (GDPR Compliance)… |
Unfoldwp · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49282 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magze magze allows PHP Local File Inclusion.This issue affects Magze: from n/a through <= 1.0.9. |
CVE-2025-49281 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magways magways allows PHP Local File Inclusion.This issue affects Magways: from n/a through <= 1.2.1. |
CVE-2025-49280 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magty magty allows PHP Local File Inclusion.This issue affects Magty: from n/a through <= 1.0.6. |
CVE-2025-49279 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogvy blogvy allows PHP Local File Inclusion.This issue affects Blogvy: from n/a through <= 1.0.7. |
CVE-2025-49278 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogty blogty allows PHP Local File Inclusion.This issue affects Blogty: from n/a through <= 1.0.11. |
CVE-2025-49277 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogprise blogprise allows PHP Local File Inclusion.This issue affects Blogprise: from n/a through <= 1.0.9. |
CVE-2025-49276 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogmine blogmine allows PHP Local File Inclusion.This issue affects Blogmine: from n/a through <= 1.1.7. |
CVE-2025-49275 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogbyte blogbyte allows PHP Local File Inclusion.This issue affects Blogbyte: from n/a through <= 1.1.1. |
Code-projects · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5985 | High | 7.3 | — | 2025-06-10 | A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical. |
CVE-2025-5979 | High | 7.3 | — | 2025-06-10 | A vulnerability classified as critical has been found in code-projects School Fees Payment System 1.0. |
CVE-2025-5977 | High | 7.3 | — | 2025-06-10 | A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical. |
CVE-2025-5906 | High | 7.3 | — | 2025-06-10 | A vulnerability classified as critical has been found in code-projects Laundry System 1.0. |
CVE-2025-5971 | Medium | 6.3 | — | 2025-06-10 | A vulnerability was found in code-projects School Fees Payment System 1.0. |
CVE-2025-5881 | Medium | 6.3 | — | 2025-06-09 | A vulnerability was found in code-projects Chat System up to 1.0 and classified as critical. |
CVE-2025-5857 | Medium | 6.3 | — | 2025-06-09 | A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. |
Geoserver · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-30220 | Critical | 9.9 | — | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. |
CVE-2024-34711 | Critical | 9.3 | — | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. |
CVE-2025-30145 | High | 7.5 | — | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. |
CVE-2024-29198 | High | 7.5 | — | 2025-06-10 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. |
CVE-2024-40625 | Medium | 5.5 | — | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. |
CVE-2025-27505 | Medium | 5.3 | — | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. |
CVE-2024-38524 | Medium | 5.3 | — | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. |
Palo Alto Networks · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4232 | High | 8.8 | — | 2025-06-13 | An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root. |
CVE-2025-4231 | High | 7.2 | — | 2025-06-13 | A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. |
CVE-2025-4227 | Low | 3.5 | — | 2025-06-13 | An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement fe… |
CVE-2025-4229 | — | — | — | 2025-06-13 | An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. |
CVE-2025-4230 | — | — | — | 2025-06-13 | A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. |
CVE-2025-4228 | — | — | — | 2025-06-13 | An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex® XDR Broker VM allows an authenticated administrative user to execute certain files available within the Broker VM and escalate their privileges to root. |
CVE-2025-4233 | — | — | — | 2025-06-12 | An insufficient implementation of cache vulnerability in Palo Alto Networks Prisma® Access Browser enables users to bypass certain data control policies. |
Siemens · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-40585 | Critical | 9.9 | — | 2025-06-10 | A vulnerability has been identified in Energy Services (All versions with G5DFR). |
CVE-2025-40591 | High | 7.7 | — | 2025-06-10 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM… |
CVE-2025-40567 | Medium | 6.5 | — | 2025-06-10 | A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK53… |
CVE-2025-40592 | Medium | 6.1 | — | 2025-06-12 | A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), Mendix Studio Pro 10.18 (All versions < V10.18.7), Mendix Studio Pro 10.6 (All versions < V10.6.24)… |
CVE-2025-40569 | Medium | 4.8 | — | 2025-06-10 | A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK53… |
CVE-2025-40568 | Medium | 4.3 | — | 2025-06-10 | A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK53… |
CVE-2024-41797 | Medium | 4.3 | — | 2025-06-10 | A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 EEC… |
Ibm · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-33112 | High | 8.4 | — | 2025-06-10 | IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input. |
CVE-2025-25032 | High | 7.5 | — | 2025-06-11 | IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resourc… |
CVE-2025-3473 | Medium | 6.7 | — | 2025-06-11 | IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program. |
CVE-2025-0917 | Medium | 5.5 | — | 2025-06-11 | IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. |
CVE-2025-0923 | Medium | 5.3 | — | 2025-06-11 | IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system. |
CVE-2025-0163 | Medium | 5.3 | — | 2025-06-11 | IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts. |
Lambertgroup · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-31635 | High | 7.5 | — | 2025-06-09 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup CLEVER lbg-audio11-html5-shoutcast_history allows Path Traversal.This issue affects CLEVER: from n/a through <= 2.6. |
CVE-2025-31925 | High | 7.1 | — | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT lbg-audio8-html5-radio_ads allows Reflected XSS.This issue affects SHOUT: from n/a through <= 3.5.3. |
CVE-2025-31917 | High | 7.1 | — | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player universal_video_player allows Reflected XSS.This issue affects Universal Video Player: from n/a throu… |
CVE-2025-31426 | High | 7.1 | — | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Sticky Radio Player lbg-audio5-html5-shoutcast_sticky allows Reflected XSS.This issue affects Sticky Radio Player: from n/a… |
CVE-2025-31058 | High | 7.1 | — | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player revolution_video_player allows Reflected XSS.This issue affects Revolution Video Player: from n/a th… |
CVE-2025-31057 | High | 7.1 | — | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player elementor_widget_universal_video_player allows Reflected XSS.This issue affects Universal Video Playe… |
Aveva · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-44019 | High | 7.1 | — | 2025-06-12 | AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems, resulting in a denial of service. |
CVE-2025-36539 | Medium | 6.5 | — | 2025-06-12 | AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems, resulting in a denial of service. |
CVE-2025-2745 | Medium | 6.5 | — | 2025-06-12 | A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023 SP1 and prior that, if exploited, could allow an authenticated attacker (with privileges to create/update annotations or upload media files) to persist arbitra… |
CVE-2025-4417 | Medium | 5.5 | — | 2025-06-12 | A cross-site scripting vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow an administrator miscreant with local access to the connector admin portal to persist arbitrary Java… |
CVE-2025-4418 | Medium | 4.4 | — | 2025-06-12 | An improper validation of integrity check value vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow a miscreant with elevated privileges to modify PI Connector for CygNet loca… |
B-link · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-45988 | Critical | 9.8 | — | 2025-06-13 | Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabil… |
CVE-2025-45987 | Critical | 9.8 | — | 2025-06-13 | Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabil… |
CVE-2025-45986 | Critical | 9.8 | — | 2025-06-13 | Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 werediscovered to contain a command injection vulnerability via… |
CVE-2025-45985 | Critical | 9.8 | — | 2025-06-13 | Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain a command injection vulnerability via… |
CVE-2025-45984 | Critical | 9.8 | — | 2025-06-13 | Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL-LTE300 V1.2.3, BL-F1200_AT1 V1.0.0, BL-X26_AC8 V1.2.8, BLAC450M_AE4 V4.0.0 and BL-X26_DA3 V1.2.7 were discovered to contain a command injection v… |
Broadcom · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-25215 | High | 8.8 | — | 2025-06-13 | An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. |
CVE-2025-25050 | High | 8.8 | — | 2025-06-13 | An out-of-bounds write vulnerability exists in the cv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. |
CVE-2025-24922 | High | 8.8 | — | 2025-06-13 | A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. |
CVE-2025-24311 | High | 8.4 | — | 2025-06-13 | An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. |
CVE-2025-24919 | High | 8.1 | — | 2025-06-13 | A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. |
Cyberdata · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-30515 | Critical | 9.8 | — | 2025-06-09 | CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system. |
CVE-2025-30184 | Critical | 9.8 | — | 2025-06-09 | CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path. |
CVE-2025-30183 | High | 7.5 | — | 2025-06-09 | CyberData 011209 Intercom does not properly store or protect web server admin credentials. |
CVE-2025-26468 | High | 7.5 | — | 2025-06-09 | CyberData 011209 Intercom exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition or system disruption. |
CVE-2025-30507 | Medium | 5.3 | — | 2025-06-09 | CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections. |
Kicode111 · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-6009 | Medium | 4.7 | — | 2025-06-12 | A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. |
CVE-2025-6008 | Medium | 4.7 | — | 2025-06-12 | A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. |
CVE-2025-6007 | Medium | 4.7 | — | 2025-06-12 | A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. |
CVE-2025-6006 | Medium | 4.7 | — | 2025-06-12 | A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. |
CVE-2025-6005 | Medium | 4.7 | — | 2025-06-12 | A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. |
Libarchive · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5914 | High | 7.8 | — | 2025-06-09 | A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. |
CVE-2025-5915 | Medium | 6.6 | — | 2025-06-09 | A vulnerability has been identified in the libarchive library. |
CVE-2025-5918 | Low | 3.9 | — | 2025-06-09 | A vulnerability has been identified in the libarchive library. |
CVE-2025-5916 | Low | 3.9 | — | 2025-06-09 | A vulnerability has been identified in the libarchive library. |
CVE-2025-5917 | Low | 2.8 | — | 2025-06-09 | A vulnerability has been identified in the libarchive library. |
Manageengine · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-3835 | Critical | 9.6 | — | 2025-06-09 | Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module. |
CVE-2025-41444 | High | 8.3 | — | 2025-06-09 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module. |
CVE-2025-36528 | High | 8.3 | — | 2025-06-09 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports. |
CVE-2025-27709 | High | 8.3 | — | 2025-06-09 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports. |
CVE-2025-41437 | Medium | 4.3 | — | 2025-06-09 | Zohocorp ManageEngine OpManager, NetFlow Analyzer, Network Configuration Manager, Firewall Analyzer and OpUtils versions 128565 and below are vulnerable to Reflected XSS on the login page. |
Salesforce · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-43698 | Critical | 9.1 | — | 2025-06-10 | Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects. |
CVE-2025-43701 | High | 7.5 | — | 2025-06-10 | Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts OmniStudio: before version 254. |
CVE-2025-43700 | High | 7.5 | — | 2025-06-10 | Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025. |
CVE-2025-43697 | High | 7.5 | — | 2025-06-10 | Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data. |
CVE-2025-43699 | Medium | 5.3 | — | 2025-06-10 | Client-Side Enforcement of Server-Side Security vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of required permission check. This impacts OmniStudio: before Spring 2025 |
Snstheme · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-28992 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Anton snsanton allows PHP Local File Inclusion.This issue affects SNS Anton: from n/a through <= 4.1. |
CVE-2025-28945 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Valen - Sport, Fashion WooCommerce WordPress Theme valen allows PHP Local File Inclusion.This issue affects V… |
CVE-2025-28944 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Avaz snsavaz allows PHP Local File Inclusion.This issue affects Avaz: from n/a through <= 2.8. |
CVE-2025-24768 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Nitan snsnitan allows PHP Local File Inclusion.This issue affects Nitan: from n/a through <= 2.9. |
CVE-2023-25999 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme BodyCenter - Gym, Fitness WooCommerce WordPress Theme allows PHP Local File Inclusion. |
Starcitizen.tools · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49579 | Medium | 6.5 | — | 2025-06-12 | Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. |
CVE-2025-49578 | Medium | 6.5 | — | 2025-06-12 | Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. |
CVE-2025-49577 | Medium | 6.5 | — | 2025-06-12 | Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. |
CVE-2025-49576 | Medium | 6.5 | — | 2025-06-12 | Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. |
CVE-2025-49575 | Medium | 6.5 | — | 2025-06-12 | Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. |
Themeton · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-31429 | Critical | 9.8 | — | 2025-06-09 | Deserialization of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction & Multimedia Theme allows Object Injection. |
CVE-2025-31398 | Critical | 9.8 | — | 2025-06-09 | Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose allows Object Injection. |
CVE-2025-31396 | Critical | 9.8 | — | 2025-06-09 | Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme allows Object Injection. |
CVE-2025-31052 | Critical | 9.8 | — | 2025-06-09 | Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page Beauty Theme nrgfashion allows Object Injection.This issue affects The Fashion - Model Agency One Page Beauty Theme: from n/a through <= 1.4.4. |
CVE-2025-31638 | High | 7.1 | — | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Spare allows Reflected XSS. |
Bzotheme · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-28888 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme GiftXtore bw-giftxtore allows PHP Local File Inclusion.This issue affects GiftXtore: from n/a through < 1.7.7. |
CVE-2025-27362 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Petito bw-petito allows PHP Local File Inclusion.This issue affects Petito: from n/a through < 1.6.6. |
CVE-2025-24770 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme CraftXtore bw-craftxtore allows PHP Local File Inclusion.This issue affects CraftXtore: from n/a through <= 1… |
CVE-2023-26005 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Fitrush allows PHP Local File Inclusion. |
Haxtheweb · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49141 | High | 8.5 | — | 2025-06-09 | HAX CMS PHP allows users to manage their microsite universe with a PHP backend. |
CVE-2025-49137 | High | 8.5 | — | 2025-06-09 | HAX CMS PHP allows users to manage their microsite universe with a PHP backend. |
CVE-2025-49138 | Medium | 6.5 | — | 2025-06-09 | HAX CMS PHP allows users to manage their microsite universe with a PHP backend. |
CVE-2025-49139 | Medium | 5.3 | — | 2025-06-09 | HAX CMS PHP allows users to manage their microsite universe with a PHP backend. |
Holest Engineering · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48123 | Critical | 10.0 | — | 2025-06-09 | Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Code I… |
CVE-2025-48129 | Critical | 9.8 | — | 2025-06-09 | Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Privilege Escalation.This issue a… |
CVE-2025-48122 | Critical | 9.3 | — | 2025-06-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-c… |
CVE-2025-48124 | High | 7.5 | — | 2025-06-09 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerc… |
Jetimob · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-41505 | Medium | 6.1 | — | 2025-06-10 | Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the "Pessoas" (persons) section via the field "Profisso" (professor). |
CVE-2024-41504 | Medium | 6.1 | — | 2025-06-10 | Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS). |
CVE-2024-41503 | Medium | 6.1 | — | 2025-06-10 | Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the field "Ttulo" (title) inside the filter Save option in the "Busca" (search) function. |
CVE-2024-41502 | Medium | 6.1 | — | 2025-06-10 | Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) via the form field "Observaces" (observances) in the "Pessoas" (persons) section when creating or editing either a legal or a natural person. |
Mozilla · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49710 | Critical | 9.8 | — | 2025-06-11 | An integer overflow was present in `OrderedHashTable` used by the JavaScript engine. |
CVE-2025-49709 | Critical | 9.8 | — | 2025-06-11 | Certain canvas operations could have lead to memory corruption. |
CVE-2025-5687 | High | 7.8 | — | 2025-06-11 | A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. |
CVE-2025-5986 | Medium | 6.5 | — | 2025-06-11 | A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. |
Red Hat · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-6021 | High | 7.5 | — | 2025-06-12 | A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. |
CVE-2025-25209 | Medium | 5.7 | — | 2025-06-09 | The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. |
CVE-2025-25208 | Medium | 5.7 | — | 2025-06-09 | A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster |
CVE-2025-25207 | Medium | 5.7 | — | 2025-06-09 | The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. |
Amd · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-20599 | High | 7.9 | — | 2025-06-10 | Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86 resulting in potential loss of control of cryptographic key pointer/index leading… |
CVE-2025-0037 | Medium | 6.6 | — | 2025-06-10 | In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality. |
CVE-2025-0036 | Low | 3.2 | — | 2025-06-10 | In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cry… |
Amentotech · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4973 | Critical | 9.8 | — | 2025-06-12 | The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. |
CVE-2025-5012 | High | 8.8 | — | 2025-06-12 | The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'workreap_temp_upload_to_media' function in all versions up… |
CVE-2025-31920 | High | 8.5 | — | 2025-06-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech WP Guppy wp-guppy allows SQL Injection.This issue affects WP Guppy: from n/a through <= 4.3.3. |
Discourse · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48877 | Critical | 9.8 | — | 2025-06-09 | Discourse is an open-source discussion platform. |
CVE-2025-48053 | High | 7.5 | — | 2025-06-09 | Discourse is an open-source discussion platform. |
CVE-2025-48062 | High | 7.1 | — | 2025-06-09 | Discourse is an open-source discussion platform. |
Erxes · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-57190 | Critical | 9.8 | — | 2025-06-10 | Erxes <1.6.1 is vulnerable to Incorrect Access Control. |
CVE-2024-57189 | Medium | 5.4 | — | 2025-06-10 | In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler. |
CVE-2024-57186 | Medium | 5.4 | — | 2025-06-10 | In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler. |
Irmau · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4586 | Medium | 6.4 | — | 2025-06-13 | The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmcalendarview' shortcode in all versions up to, and including, 1.2.19 due to insufficient input sanitization and output escaping on user… |
CVE-2025-4585 | Medium | 6.4 | — | 2025-06-13 | The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmflat' shortcode in all versions up to, and including, 1.2.19 due to insufficient input sanitization and output escaping on user supplie… |
CVE-2025-4584 | Medium | 6.4 | — | 2025-06-13 | The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmeventlist' shortcode in all versions up to, and including, 1.2.19 due to insufficient input sanitization and output escaping on user su… |
Ivanti · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5353 | High | 8.8 | — | 2025-06-10 | A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials. |
CVE-2025-22455 | High | 8.8 | — | 2025-06-10 | A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials. |
CVE-2025-22463 | High | 7.3 | — | 2025-06-10 | A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password. |
Lablup · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49652 | Critical | 9.8 | — | 2025-06-09 | Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled. |
CVE-2025-49651 | High | 8.1 | — | 2025-06-09 | Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. |
CVE-2025-49653 | High | 8.0 | — | 2025-06-09 | Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform. |
Mikado-themes · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49297 | High | 8.1 | — | 2025-06-09 | Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6. |
CVE-2025-49296 | High | 8.1 | — | 2025-06-09 | Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6. |
CVE-2025-49295 | High | 8.1 | — | 2025-06-09 | Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1. |
Ricoh Company, Ltd. · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-46783 | Critical | 9.8 | — | 2025-06-13 | Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. |
CVE-2025-36506 | Medium | 6.5 | — | 2025-06-13 | External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. |
CVE-2025-48825 | Low | 2.5 | — | 2025-06-13 | RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL wi… |
Rsjoomla.com · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-32466 | — | — | — | 2025-06-11 | A SQL injection vulnerability in RSMediaGallery! |
CVE-2025-32465 | — | — | — | 2025-06-11 | A stored XSS vulnerability in RSTickets! |
CVE-2025-30085 | — | — | — | 2025-06-11 | Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. |
Tcman · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-40670 | High | 8.8 | — | 2025-06-09 | Incorrect authorization vulnerability in TCMAN's GIM v11. |
CVE-2025-40669 | Medium | 6.5 | — | 2025-06-09 | Incorrect authorization vulnerability in TCMAN's GIM v11. |
CVE-2025-40668 | Medium | 6.5 | — | 2025-06-09 | Incorrect authorization vulnerability in TCMAN's GIM v11. |
1xinternet · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48918 | High | 8.8 | — | 2025-06-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0. |
CVE-2025-48919 | Medium | 5.0 | — | 2025-06-13 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0. |
Absolute · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49080 | High | 7.5 | — | 2025-06-12 | There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. |
CVE-2025-49081 | Medium | 4.9 | — | 2025-06-12 | There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. |
Autodesk · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5335 | High | 7.8 | — | 2025-06-10 | A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application. |
CVE-2025-4605 | Medium | 6.6 | — | 2025-06-11 | A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. |
Avaya · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-1041 | Critical | 9.9 | — | 2025-06-10 | An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. |
CVE-2025-49186 | Medium | 5.3 | — | 2025-06-12 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks. |
D-link · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5969 | High | 8.8 | — | 2025-06-10 | A vulnerability has been found in D-Link DIR-632 FW103B08 and classified as critical. |
CVE-2025-5912 | High | 8.8 | — | 2025-06-10 | A vulnerability was found in D-Link DIR-632 FW103B08. |
Gamerz · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4799 | High | 7.2 | — | 2025-06-11 | The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. |
CVE-2025-4798 | Medium | 4.9 | — | 2025-06-11 | The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. |
Gnu · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5899 | Medium | 5.3 | — | 2025-06-09 | A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. |
CVE-2025-5898 | Medium | 5.3 | — | 2025-06-09 | A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. |
Go Standard Library · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-22874 | High | 7.5 | — | 2025-06-11 | Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. |
CVE-2025-4673 | Medium | 6.8 | — | 2025-06-11 | Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. |
Google · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5959 | High | 8.8 | — | 2025-06-11 | Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
CVE-2025-5958 | High | 8.8 | — | 2025-06-11 | Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
Honding Technology · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5893 | Critical | 9.8 | — | 2025-06-09 | Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials. |
CVE-2025-5894 | High | 8.8 | — | 2025-06-09 | Smart Parking Management System from Honding Technology has a Missing Authorization vulnerability, allowing remote attackers with regular privileges to access a specific functionality to create administrator accounts, and subsequently log… |
Jsnjfz · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5888 | Medium | 4.3 | — | 2025-06-09 | A vulnerability was found in jsnjfz WebStack-Guns 1.0. |
CVE-2025-5887 | Low | 3.5 | — | 2025-06-09 | A vulnerability was found in jsnjfz WebStack-Guns 1.0. |
Konica Minolta · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5885 | Medium | 4.3 | — | 2025-06-09 | A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. |
CVE-2025-5884 | Low | 3.5 | — | 2025-06-09 | A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202. |
Loftocean · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49507 | Critical | 9.8 | — | 2025-06-10 | Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay cozystay allows Object Injection.This issue affects CozyStay: from n/a through < 1.7.1. |
CVE-2025-49454 | High | 8.1 | — | 2025-06-10 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt tinysalt allows PHP Local File Inclusion.This issue affects TinySalt: from n/a through < 3.10.0. |
Mattermost · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4573 | Medium | 4.1 | — | 2025-06-11 | Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups perm… |
CVE-2025-4128 | Low | 3.1 | — | 2025-06-11 | Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API c… |
Mik · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-40912 | Critical | 9.8 | — | 2025-06-11 | CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. |
CVE-2025-40914 | Critical | 9.8 | — | 2025-06-11 | Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. |
Motorola · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-1699 | Low | 2.8 | — | 2025-06-11 | An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access. |
CVE-2025-1698 | Low | 2.8 | — | 2025-06-11 | Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service. |
Nautobot · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49142 | High | 7.1 | — | 2025-06-10 | Nautobot is a Network Source of Truth and Network Automation Platform. |
CVE-2025-49143 | Medium | 5.9 | — | 2025-06-10 | Nautobot is a Network Source of Truth and Network Automation Platform. |
Nbdkit_project · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-47712 | Medium | 6.5 | — | 2025-06-09 | A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. |
CVE-2025-47711 | Medium | 6.5 | — | 2025-06-09 | There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. |
Nozomi Networks · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-13089 | High | 7.2 | — | 2025-06-10 | An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. |
CVE-2024-13090 | High | 7.0 | — | 2025-06-10 | A privilege escalation vulnerability may enable a service account to elevate its privileges. |
Octoprint · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48879 | Medium | 6.5 | — | 2025-06-10 | OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become u… |
CVE-2025-48067 | Medium | 5.4 | — | 2025-06-10 | OctoPrint provides a web interface for controlling consumer 3D printers. |
Pandora Fms · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4678 | — | — | — | 2025-06-10 | Improper Neutralization of Special Elements in the chromium_path variable may allow OS command injection. |
CVE-2025-4653 | — | — | — | 2025-06-10 | Improper Neutralization of Special Elements in the backup name field may allow OS command injection. |
Pure Storage · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-0052 | — | — | — | 2025-06-10 | Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service. |
CVE-2025-0051 | — | — | — | 2025-06-10 | Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service. |
Sap · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-23192 | High | 8.2 | — | 2025-06-10 | SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. |
CVE-2025-42988 | Low | 3.7 | — | 2025-06-10 | Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. |
Sinotrack · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5485 | High | 8.6 | — | 2025-06-12 | User names used to access the web management interface are limited to the device identifier, which is a numerical identifier no more than 10 digits. |
CVE-2025-5484 | High | 8.3 | — | 2025-06-12 | A username and password are required to authenticate to the central SinoTrack device management interface. |
Solarwinds · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-26395 | High | 7.1 | — | 2025-06-10 | SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. |
CVE-2025-26394 | Medium | 4.8 | — | 2025-06-10 | SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. |
Thenewsletterplugin · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-3582 | Medium | 4.8 | — | 2025-06-09 | The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili… |
CVE-2025-3581 | Medium | 4.8 | — | 2025-06-09 | The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stor… |
Upkeeper Solutions · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4681 | — | — | — | 2025-06-10 | Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Abuse.This issue affects upKeeper Instant Privilege Access: before 1.4.0. |
CVE-2025-4680 | — | — | — | 2025-06-10 | Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects upKeeper Instant Privilege Access: before 1.4.0. |
Vantage6 · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-43863 | Critical | 9.8 | — | 2025-06-12 | vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. |
CVE-2025-43866 | High | 7.5 | — | 2025-06-12 | vantage6 is an open-source infrastructure for privacy preserving analysis. |
Virtuemart · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-6001 | High | 8.3 | — | 2025-06-11 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. |
CVE-2025-6002 | High | 7.2 | — | 2025-06-11 | An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend. |
Weidmueller · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-41663 | Critical | 9.8 | — | 2025-06-11 | For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges. |
CVE-2025-41661 | High | 8.8 | — | 2025-06-11 | An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection. |
72crm · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5879 | Low | 3.5 | — | 2025-06-09 | A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. |
A3rev · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5123 | Medium | 6.4 | — | 2025-06-13 | The Contact Us Page – Contact People plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 3.7.4 due to insufficient input sanitization and output escaping. |
Acer · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5491 | High | 8.8 | — | 2025-06-13 | Acer ControlCenter contains Remote Code Execution vulnerability. |
Actions · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5890 | Medium | 4.3 | — | 2025-06-09 | A vulnerability classified as problematic has been found in actions toolkit 0.5.0. |
Admin_audit_trail_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48448 | Medium | 6.5 | — | 2025-06-11 | Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5. |
Airleader · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-46612 | High | 7.2 | — | 2025-06-10 | The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. |
Alex Zaytseff · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48141 | Critical | 9.3 | — | 2025-06-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency Payments multi-crypto-currency-payment allows SQL Injection.This issue affects Multi CryptoCurrency Pa… |
Amazon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-6031 | High | 7.5 | — | 2025-06-12 | Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. |
Amir-mousavi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5939 | Medium | 4.4 | — | 2025-06-13 | The Telegram for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping. |
Anchorcms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-46041 | Medium | 5.4 | — | 2025-06-09 | A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add). |
Andremacola · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5841 | Medium | 6.4 | — | 2025-06-13 | The ACF Onyx Poll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. |
Anujk305 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5913 | High | 7.3 | — | 2025-06-10 | A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0. |
Appthaplugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-31050 | High | 7.5 | — | 2025-06-09 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery apptha-slider-gallery allows Path Traversal.This issue affects Apptha Slider Gallery: from n/a through <= 2… |
Archify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9062 | High | 7.8 | — | 2025-06-11 | The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. |
Auma · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-41657 | Medium | 4.3 | — | 2025-06-10 | Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker. |
Autoeastern · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-6030 | — | — | — | 2025-06-13 | Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. |
Axiomthemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-26592 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Lab lab allows PHP Local File Inclusion.This issue affects Lab: from n/a through <= 1.0.0. |
Axlethemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4954 | High | 8.8 | — | 2025-06-10 | The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server |
Bagisto · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-40675 | Medium | 6.1 | — | 2025-06-09 | A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. |
Barryvdh · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49130 | — | — | — | 2025-06-09 | Laravel Translation Manager is a package to manage Laravel translation files. |
Blackberry · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-2474 | Critical | 9.8 | — | 2025-06-10 | Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec. |
Brewlabs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-39539 | High | 7.1 | — | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brewlabs WP Email Delivery wp-email-delivery allows Reflected XSS.This issue affects WP Email Delivery: from n/a through <= 1.20.11.23. |
Broadstreetads · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4652 | Medium | 6.1 | — | 2025-06-09 | The Broadstreet WordPress plugin before 1.51.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |
Caido · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49004 | High | 7.5 | — | 2025-06-09 | Caido is a web security auditing toolkit. |
Carmelogarcia · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5980 | High | 7.3 | — | 2025-06-10 | A vulnerability classified as critical was found in code-projects Restaurant Order System 1.0. |
Click5 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-47598 | Medium | 6.5 | — | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in click5 History Log by click5 history-log-by-click5 allows Stored XSS.This issue affects History Log by click5: from n/a through <= 1.0.13. |
Clickandpledge · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49455 | Critical | 9.3 | — | 2025-06-10 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge WordPress-WPJobBoard click-pledge-wpjobboard allows Blind SQL Injection.This issue affects WordPress-WPJobBoard: from n/a… |
Codervivek · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-45002 | Medium | 5.4 | — | 2025-06-09 | Vigybag v1.0 and before is vulnerable to Cross Site Scripting (XSS) via the upload profile picture function under my profile. |
Commerce_alphabank_redirect_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48446 | High | 8.8 | — | 2025-06-11 | Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3. |
Commerce_eurobank_\(redirect\)_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48445 | High | 8.8 | — | 2025-06-11 | Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1. |
Conda-forge · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49598 | — | — | — | 2025-06-13 | conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. |
Crypto Cloud · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48147 | Medium | 6.5 | — | 2025-06-09 | Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway cryptocloud-crypto-payment-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CryptoCloud - Crypto Pay… |
Cubewp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4315 | High | 8.8 | — | 2025-06-11 | The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. |
Cyberlord92 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-6003 | Medium | 5.3 | — | 2025-06-12 | The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable to unauthorized access due to a misconfigured capability check on a function in all versions up to, and including, the *.5.3 versions of the plugin. |
Digitalacornjp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5930 | Medium | 4.3 | — | 2025-06-13 | The WP2HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. |
Dmitriamartin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5815 | Medium | 5.3 | — | 2025-06-13 | The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcm_maybe_set_bot_flags() function in all versions up to, and including, 3.2.2. |
Dotcamp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-2918 | Medium | 6.4 | — | 2025-06-10 | The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. |
Dt Research · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-3052 | High | 8.2 | — | 2025-06-10 | An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. |
Echarge Hardy Barth · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5873 | Medium | 6.3 | — | 2025-06-09 | A vulnerability was detected in eCharge Hardy Barth Salia PLCC up to 2.3.81. |
Egauge · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5872 | Medium | 5.3 | — | 2025-06-09 | A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. |
Elastic · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-43706 | High | 7.6 | — | 2025-06-10 | Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint. |
Elementor · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-3076 | Medium | 6.4 | — | 2025-06-10 | The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text’ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. |
Elfsight · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-31045 | High | 7.5 | — | 2025-06-09 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in elfsight elfsight Contact Form widget elfsight-contact-form allows Retrieve Embedded Sensitive Data.This issue affects elfsight Contact Form widget… |
Emlog · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5886 | Low | 3.5 | — | 2025-06-09 | A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. |
Erumfaham · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4840 | High | 7.5 | — | 2025-06-10 | The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection |
Etj · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2022-4976 | Critical | 9.8 | — | 2025-06-12 | Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. |
Extreme Networks · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-6083 | Medium | 4.3 | — | 2025-06-13 | In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter. |
Facturaone · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-24767 | Critical | 9.3 | — | 2025-06-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Blind SQL Injection.This issue affects TicketBAI Facturas para WooComm… |
Fahad Mahmood · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-47463 | High | 7.1 | — | 2025-06-09 | Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce… |
Fantasticplugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-32291 | Critical | 10.0 | — | 2025-06-09 | Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Using Malicious Files.This issue affects SUMO Affiliates Pro: from n/a through < 11.1.0. |
Fastgpt · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49131 | Medium | 6.3 | — | 2025-06-09 | FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. |
Fay-1 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5928 | Medium | 4.3 | — | 2025-06-13 | The WP Sliding Login/Dashboard Panel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. |
Fengoffice · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5877 | Medium | 6.3 | — | 2025-06-09 | A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. |
Frenify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-39475 | High | 8.1 | — | 2025-06-09 | Path Traversal: '.../...//' vulnerability in Frenify Arlo arlo allows PHP Local File Inclusion.This issue affects Arlo: from n/a through <= 6.0.3. |
Fujitsu Client Computing Limited · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-35978 | High | 7.1 | — | 2025-06-12 | Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. |
G5plus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48126 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Inclusion.This issue affects Essential Real… |
Gavias · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-32595 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Krowd krowd allows PHP Local File Inclusion.This issue affects Krowd: from n/a through < 1.5.0. |
Getcursor · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49150 | Medium | 5.9 | — | 2025-06-11 | Cursor is a code editor built for programming with AI. |
Gfi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-35940 | High | 8.1 | — | 2025-06-10 | The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. |
Gimp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-6035 | Medium | 6.1 | — | 2025-06-13 | A flaw was found in GIMP. |
Gnome · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-6052 | Low | 3.7 | — | 2025-06-13 | A flaw was found in how GLib’s GString manages memory when adding data to strings. |
Gryphon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-40915 | High | 7.0 | — | 2025-06-11 | Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. |
Handcraftedinthealps · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49597 | Low | 3.9 | — | 2025-06-13 | handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. |
Hashicorp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4922 | High | 8.1 | — | 2025-06-11 | Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. |
Hewlett Packard Enterprise (Hpe) · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-37100 | High | 7.7 | — | 2025-06-10 | A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users. |
Hikvision · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-39240 | High | 7.2 | — | 2025-06-13 | Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. |
Icegram · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-47527 | High | 7.1 | — | 2025-06-09 | Missing Authorization vulnerability in Icegram Icegram Collect icegram-rainmaker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect: from n/a through <= 1.3.18. |
Ifkooo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-23974 | High | 8.1 | — | 2025-06-09 | Incorrect Privilege Assignment vulnerability in ifkooo One-Login one-login allows Privilege Escalation.This issue affects One-Login: from n/a through <= 1.4. |
Infility · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-47651 | High | 8.5 | — | 2025-06-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global: from n/a through <= 2.15.06. |
Info@welcart · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-47511 | Medium | 6.8 | — | 2025-06-09 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Path Traversal.This issue affects Welcart e-Commerce: from n/a through <= 2.11.13. |
Innomotics · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-35295 | Medium | 6.1 | — | 2025-06-11 | A vulnerability has been identified in Perfect Harmony GH180 (All versions >= V8.0 < V8.3.3 with NXGPro+ controller manufactured between April 2020 to April 2025). |
Inspirythemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4601 | High | 8.8 | — | 2025-06-10 | The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. |
Insyde · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-55567 | High | 7.5 | — | 2025-06-12 | Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. |
Insyde Software · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4275 | High | 7.8 | — | 2025-06-11 | A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable. |
Janboddez · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5950 | Medium | 6.4 | — | 2025-06-13 | The IndieBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘kind’ parameter in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping. |
Jconti · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5926 | Medium | 6.1 | — | 2025-06-13 | The Link Shield plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.4. |
Jevents.net / Gwe Systems Ltd · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49467 | — | — | — | 2025-06-12 | A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. |
Johnson Controls · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-26383 | — | — | — | 2025-06-11 | The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on. |
Juliangruber · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5889 | Low | 3.1 | — | 2025-06-09 | A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. |
K7 Security · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-1055 | Medium | 5.6 | — | 2025-06-11 | A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level pri… |
Kaisercrazy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-6012 | Medium | 5.5 | — | 2025-06-13 | The Auto Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping. |
Kamleshyadav · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-31424 | Critical | 9.3 | — | 2025-06-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through… |
Kde · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49091 | High | 8.2 | — | 2025-06-11 | KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. |
Keepersecurity · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-29627 | Medium | 6.8 | — | 2025-06-09 | An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module |
Keymetric · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5891 | Medium | 4.3 | — | 2025-06-09 | A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. |
Kia · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-6029 | — | — | — | 2025-06-13 | Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack. |
Knadh · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49136 | Critical | 9.0 | — | 2025-06-09 | listmonk is a standalone, self-hosted, newsletter and mailing list manager. |
Kseaborn · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4666 | Medium | 6.4 | — | 2025-06-11 | The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nickname’ parameter in all versions up to, and including, 7.3.15 due to insufficient input sanitization and output escaping. |
Leap13 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4774 | Medium | 6.4 | — | 2025-06-10 | The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and… |
Libtpms_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49133 | Medium | 5.9 | — | 2025-06-10 | Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. |
Looks_awesome · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-32308 | High | 7.6 | — | 2025-06-09 | Missing Authorization vulnerability in looks_awesome Team Builder a-team-showcase allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team Builder: from n/a through <= 1.5.7. |
Lucky · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5876 | Medium | 5.3 | — | 2025-06-09 | A vulnerability classified as problematic was found in Lucky LM-520-SC, LM-520-FSC and LM-520-FSC-SAM up to 20250321. |
Magentech · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-39476 | High | 7.5 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Revo revo allows PHP Local File Inclusion.This issue affects Revo: from n/a through <= 4.0.26. |
Marcdk · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5923 | Medium | 6.4 | — | 2025-06-13 | The Game Review Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 4.8.1 due to insufficient input sanitization and output escaping. |
Matrix-org · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48937 | Medium | 4.9 | — | 2025-06-10 | matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. |
Metabase · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5895 | Medium | 4.3 | — | 2025-06-09 | A vulnerability was found in Metabase 54.10. |
Metalpriceapi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48140 | Critical | 9.9 | — | 2025-06-09 | Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI metalpriceapi allows Code Injection.This issue affects MetalpriceAPI: from n/a through <= 1.1.4. |
Microdicom · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5943 | High | 8.8 | — | 2025-06-10 | MicroDicom DICOM Viewer suffers from an out-of-bounds write vulnerability. |
Miniorange · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-31019 | High | 8.8 | — | 2025-06-09 | Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager password-policy-manager allows Authentication Abuse.This issue affects Password Policy Manager: from n/a through <= 2.0.4. |
Modelcontextprotocol · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49596 | — | — | — | 2025-06-13 | The MCP inspector is a developer tool for testing and debugging MCP servers. |
Moreconvert Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-47487 | High | 7.1 | — | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moreconvert Team MC Woocommerce Wishlist smart-wishlist-for-more-convert allows Reflected XSS.This issue affects MC Woocommerce Wishlist… |
Multivendorx · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48261 | High | 7.5 | — | 2025-06-09 | Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Retrieve Embedded Sensitive Data.This issue affects MultiVendorX: from n/a through <= 4.2.22. |
Myscada · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-35941 | Medium | 5.5 | — | 2025-06-11 | A password is exposed locally. |
Mystyleplatform · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48281 | Critical | 9.3 | — | 2025-06-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-custom-product-designer allows Blind SQL Injection.This issue affects MyStyle Cus… |
Netgear · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5934 | High | 8.8 | — | 2025-06-10 | A vulnerability was found in Netgear EX3700 up to 1.0.0.88. |
Niklas Portmann · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-36852 | — | — | — | 2025-06-10 | A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache (such as those using Amazon S3, Google Cloud Storage, or similar object storage) that allows any contributor w… |
Nobossextensions.com · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49468 | — | — | — | 2025-06-13 | A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. |
Onlyoffice · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5301 | Medium | 6.1 | — | 2025-06-12 | ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. |
Ossec · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1244 | — | — | — | 2025-06-11 | Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. |
Papendorf · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5871 | Medium | 5.3 | — | 2025-06-09 | A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. |
Payu India · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-31022 | Critical | 9.8 | — | 2025-06-09 | Authentication Bypass Using an Alternate Path or Channel vulnerability in PayU India PayU India payu-india allows Authentication Abuse.This issue affects PayU India: from n/a through < 3.8.8. |
Pcsx2 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49589 | — | — | — | 2025-06-12 | PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. |
Pgjdbc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49146 | High | 8.2 | — | 2025-06-11 | pgjdbc is an open source postgresql JDBC Driver. |
Pion · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49140 | High | 7.5 | — | 2025-06-09 | Pion Interceptor is a framework for building RTP/RTCP communication software. |
Pixelgrade · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-31039 | Critical | 9.1 | — | 2025-06-09 | Improper Restriction of XML External Entity Reference vulnerability in pixelgrade Category Icon category-icon allows XML Entity Linking.This issue affects Category Icon: from n/a through <= 1.0.3. |
Psf · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-47081 | Medium | 5.3 | — | 2025-06-09 | Requests is a HTTP library. |
Redqteam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-31061 | High | 7.1 | — | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Wishlist wishlist allows Reflected XSS.This issue affects Wishlist: from n/a through <= 2.1.0. |
Relentlo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48139 | Medium | 6.5 | — | 2025-06-09 | Missing Authorization vulnerability in relentlo StyleAI relentlosoftware allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects StyleAI: from n/a through <= 1.0.4. |
Revenera · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7562 | — | — | — | 2025-06-12 | A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. |
Revmakx · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-47477 | High | 7.1 | — | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Reflected XSS.This issue affects Backup and Staging by WP Time Capsu… |
Richard Perdaan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48279 | High | 7.1 | — | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard Perdaan WC MyParcel Belgium allows Reflected XSS. |
Rocket.chat · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-8270 | Medium | 5.5 | — | 2025-06-11 | The macOS Rocket.Chat application is affected by a vulnerability that allows bypassing Transparency, Consent, and Control (TCC) policies, enabling the exploitation or abuse of permissions specified in its entitlements (e.g., microphone, c… |
Roland Beaussant · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49509 | Medium | 5.3 | — | 2025-06-10 | Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder audio-editor-recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through <= 2… |
Romancode · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-47561 | High | 8.8 | — | 2025-06-09 | Incorrect Privilege Assignment vulnerability in RomanCode MapSVG mapsvg allows Privilege Escalation.This issue affects MapSVG: from n/a through < 8.6.13. |
Rts · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-29902 | Critical | 10.0 | — | 2025-06-13 | Remote code execution that allows unauthorized users to execute arbitrary code on the server machine. |
Salesup2019 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48143 | High | 7.1 | — | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salesup2019 Formulario de contacto SalesUp! |
Saltstack · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-38824 | Critical | 9.6 | — | 2025-06-13 | Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory. |
Senior-walter · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5984 | Low | 3.5 | — | 2025-06-10 | A vulnerability has been found in SourceCodester Online Student Clearance System 1.0 and classified as problematic. |
Simcom · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-26412 | Medium | 6.8 | — | 2025-06-11 | The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. |
Smub · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4577 | Medium | 6.4 | — | 2025-06-10 | The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input san… |
Sneeit · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-32305 | High | 7.1 | — | 2025-06-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit WordPress FlatNews Theme flatnews allows Reflected XSS.This issue affects WordPress FlatNews Theme: from n/a through <= 5.8. |
Sonalsinha21 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-47608 | Critical | 9.3 | — | 2025-06-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce recover-wc-abandoned-cart allows SQL Injection.This issue affects Recover abandoned c… |
Spicethemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48130 | High | 7.5 | — | 2025-06-09 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spicethemes Spice Blocks spice-blocks allows Path Traversal.This issue affects Spice Blocks: from n/a through <= 2.0.7.4. |
Stash · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-7457 | High | 7.8 | — | 2025-06-11 | The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. |
Stellarwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5144 | Medium | 6.4 | — | 2025-06-11 | The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-date-*’ parameters in all versions up to, and including, 6.13.2 due to insufficient input sanitization and output escaping. |
Steph · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5925 | Medium | 4.3 | — | 2025-06-10 | The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. |
Sungrow · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-29756 | — | — | — | 2025-06-11 | SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in plac… |
Taro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5896 | Medium | 4.3 | — | 2025-06-09 | A vulnerability was found in tarojs taro up to 4.1.1. |
Thatdevgirl · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5233 | Medium | 6.4 | — | 2025-06-13 | The Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hex’ parameter in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. |
The Qt Company · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5991 | — | — | — | 2025-06-11 | There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. |
Themebon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5938 | Medium | 5.3 | — | 2025-06-13 | The Digital Marketing and Agency Templates Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. |
Thevindu-w · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49148 | High | 7.3 | — | 2025-06-11 | ClipShare is a lightweight and cross-platform tool for clipboard sharing. |
Thimpress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48267 | High | 8.6 | — | 2025-06-09 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes allows Path Traversal. |
Tp-link · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5875 | High | 8.8 | — | 2025-06-09 | A vulnerability classified as critical has been found in TP-LINK Technologies TL-IPC544EP-W4 1.0.9 Build 240428 Rel 69493n. |
Trendnet · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5870 | High | 7.3 | — | 2025-06-09 | A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical. |
Trusted Computing Group · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-2884 | Medium | 6.6 | — | 2025-06-10 | TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. |
Tyche Softwares · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4387 | High | 8.8 | — | 2025-06-10 | The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcap_add_to_cart_popup_upload_files function in all versions up to, and including, 9.16… |
Uxper · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49511 | High | 7.1 | — | 2025-06-10 | Cross-Site Request Forgery (CSRF) vulnerability in uxper Civi Framework civi-framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a through <= 2.1.6. |
Valvepress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5395 | High | 8.8 | — | 2025-06-11 | The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. |
Vuejs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5897 | Medium | 4.3 | — | 2025-06-09 | A vulnerability was found in vuejs vue-cli up to 5.0.8. |
Wasp-lang · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49006 | — | — | — | 2025-06-09 | Wasp (Web Application Specification) is a Rails-like framework for React, Node.js, and Prisma. |
Wazuh · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-1243 | High | 7.2 | — | 2025-06-11 | Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. |
Webgeniuslab · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-39473 | High | 8.1 | — | 2025-06-09 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebGeniusLab Seofy Core seofy-core allows PHP Local File Inclusion.This issue affects Seofy Core: from n/a through <= 1.6.8. |
Weboccults · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5288 | Critical | 9.8 | — | 2025-06-13 | The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3. |
Wilderforge · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49013 | Critical | 9.9 | — | 2025-06-09 | WilderForge is a Wildermyth coremodding API. |
Woobewoo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-31059 | Critical | 9.3 | — | 2025-06-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in woobewoo WBW Product Table PRO woo-producttables-pro allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through <= 2… |
Wp Event Manager · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48125 | High | 8.1 | — | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Event Manager WP Event Manager wp-event-manager allows PHP Local File Inclusion.This issue affects WP Event Manager… |
Wp Swings · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49265 | High | 7.5 | — | 2025-06-09 | Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through <= 2.8.1. |
Wpfactory · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49510 | Medium | 4.3 | — | 2025-06-10 | Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce product-quantity-for-woocommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager fo… |
Wptravelengine · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5282 | High | 7.5 | — | 2025-06-13 | The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_package() function in all versions up to, and including, 6… |
Xagio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-3302 | High | 7.2 | — | 2025-06-11 | The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTP_REFERER’ parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. |