Patch Tuesday — June 2025

2025-06-10 · 889 CVEs

CVEs published or modified the week of 2025-06-10, partitioned by vendor.

Microsoft (92 CVEs)

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32711Critical9.32025-06-11Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2025-36633High8.82025-06-13In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation.
CVE-2025-4613High8.82025-06-12Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template
CVE-2025-47172High8.82025-06-10Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-47166High8.82025-06-10Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-47163High8.82025-06-10Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-33073High8.8KEV2025-06-10Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
CVE-2025-33066High8.82025-06-10Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-33064High8.82025-06-10Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2025-33053High8.8KEV2025-06-10External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.
CVE-2025-36631High8.42025-06-13In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
CVE-2025-32717High8.42025-06-11Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-47957High8.42025-06-10Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-47953High8.42025-06-10Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47167High8.42025-06-10Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47164High8.42025-06-10Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47162High8.42025-06-10Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-33067High8.42025-06-10Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
CVE-2025-47977High8.22025-06-10Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-33071High8.12025-06-10Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
CVE-2025-33070High8.12025-06-10Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-32710High8.12025-06-10Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVE-2025-29828High8.12025-06-10Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.
CVE-2025-47107High7.82025-06-10InCopy versions 20.2, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-43577High7.82025-06-10Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-43576High7.82025-06-10Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-43575High7.82025-06-10Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-43574High7.82025-06-10Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-43573High7.82025-06-10Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-43550High7.82025-06-10Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-30327High7.82025-06-10InCopy versions 20.2, 19.5.3 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47968High7.82025-06-10Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
CVE-2025-47962High7.82025-06-10Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.
CVE-2025-47955High7.82025-06-10Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-47176High7.82025-06-10'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally.
CVE-2025-47175High7.82025-06-10Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-47174High7.82025-06-10Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-47173High7.82025-06-10Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47170High7.82025-06-10Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-47169High7.82025-06-10Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-47168High7.82025-06-10Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-47165High7.82025-06-10Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-43593High7.82025-06-10InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-43590High7.82025-06-10InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-43589High7.82025-06-10InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-43558High7.82025-06-10InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-33075High7.82025-06-10Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2025-32718High7.82025-06-10Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.
CVE-2025-32716High7.82025-06-10Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2025-32714High7.82025-06-10Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2025-32713High7.82025-06-10Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-32712High7.82025-06-10Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-30317High7.82025-06-10InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-30399High7.52025-06-13Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
CVE-2025-33068High7.52025-06-10Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-33056High7.52025-06-10Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.
CVE-2025-33050High7.52025-06-10Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
CVE-2025-32725High7.52025-06-10Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
CVE-2025-32724High7.52025-06-10Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
CVE-2025-32721High7.32025-06-10Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-47959High7.12025-06-13Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
CVE-2025-47171Medium6.72025-06-10Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.
CVE-2025-33057Medium6.52025-06-10Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.
CVE-2025-32715Medium6.52025-06-10Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
CVE-2025-0913Medium5.52025-06-11os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink.
CVE-2025-47112Medium5.52025-06-10Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-47111Medium5.52025-06-10Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
CVE-2025-43579Medium5.52025-06-10Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass.
CVE-2025-43578Medium5.52025-06-10Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-47956Medium5.52025-06-10External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.
CVE-2025-47106Medium5.52025-06-10InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-47105Medium5.52025-06-10InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-47104Medium5.52025-06-10InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-33065Medium5.52025-06-10Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33063Medium5.52025-06-10Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33062Medium5.52025-06-10Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33061Medium5.52025-06-10Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33060Medium5.52025-06-10Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33059Medium5.52025-06-10Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33058Medium5.52025-06-10Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33055Medium5.52025-06-10Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33052Medium5.52025-06-10Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2025-32722Medium5.52025-06-10Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.
CVE-2025-32720Medium5.52025-06-10Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-32719Medium5.52025-06-10Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-30321Medium5.52025-06-10InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
CVE-2025-24069Medium5.52025-06-10Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-24068Medium5.52025-06-10Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-24065Medium5.52025-06-10Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-47160Medium5.42025-06-10Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-33069Medium5.12025-06-10Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-47969Medium4.42025-06-10Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.

Other vendors (797 CVEs across 242 vendors)

Adobe · 232 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-46840High8.72025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation.
CVE-2025-46837High8.72025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47110High8.42025-06-10Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vuln…
CVE-2025-43585High8.22025-06-10Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
CVE-2025-43586High8.12025-06-10Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation.
CVE-2025-43588High7.82025-06-10Substance3D - Sampler versions 5.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-43581High7.82025-06-10Substance3D - Sampler versions 5.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-47108High7.82025-06-10Substance3D - Painter versions 11.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-27207Medium6.52025-06-10Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation.
CVE-2025-47094Medium6.12025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2025-47049Medium6.12025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability.
CVE-2025-47117Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47116Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47115Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47114Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47113Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47093Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47092Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47091Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47090Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47089Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47088Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47087Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47086Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47085Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47084Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47083Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47082Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47081Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47080Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47079Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47078Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47077Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47076Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47075Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47074Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47073Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47072Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47071Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47070Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47069Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47068Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47067Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47066Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47065Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47063Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47062Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47060Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47057Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47056Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47055Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47052Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47051Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47050Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47048Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47047Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47045Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47044Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47042Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47041Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47040Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47039Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47038Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47037Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47036Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47035Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47034Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47033Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47032Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47031Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47030Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47029Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47027Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47026Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47025Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47022Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47021Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47020Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47019Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47017Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47016Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47015Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47014Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47013Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47012Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47011Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47010Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47008Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47007Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47006Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47005Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47004Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47003Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47002Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47000Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46999Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46997Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46995Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46992Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46991Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46990Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46989Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46988Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46987Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46986Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46985Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46984Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46983Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46982Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46981Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46979Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46978Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46977Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46976Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46975Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46974Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46973Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46972Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46971Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46970Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46968Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46967Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46966Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46965Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46964Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46963Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46960Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46957Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46956Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46955Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46954Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46953Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46952Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46951Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46950Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46949Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46948Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46947Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46946Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46945Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46944Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46943Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46942Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46941Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46940Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46939Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46935Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46934Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46933Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46931Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46930Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46929Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46927Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46926Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46924Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46923Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46922Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46919Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46918Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46917Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46916Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46915Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46914Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46912Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46910Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46909Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46908Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46907Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46906Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46905Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46904Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46903Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46902Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46901Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46900Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46899Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46898Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46895Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46894Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46893Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46892Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46891Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46890Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46889Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation.
CVE-2025-46888Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46887Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46886Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46885Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46883Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46882Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46881Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46880Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46879Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46878Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46877Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46876Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46875Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2025-46874Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2025-46873Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46872Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46871Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46870Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46866Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46865Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46864Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46863Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46862Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46861Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46860Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46859Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46858Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46857Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2025-46855Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46854Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46853Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46851Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46850Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46848Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46847Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46846Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46845Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46844Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46843Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46842Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46841Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46838Medium5.42025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-27206Medium5.32025-06-10Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2025-46913Medium4.82025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46911Medium4.82025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46884Medium4.82025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-46920Medium4.62025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2025-47096Low3.52025-06-10Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, allowing a low impact to the integrity of the component.

N/a · 34 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28389Critical9.82025-06-13Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.
CVE-2025-28388Critical9.82025-06-13OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account.
CVE-2025-28386Critical9.82025-06-13A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file.
CVE-2025-46060Critical9.82025-06-13Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component
CVE-2025-28384Critical9.12025-06-13An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.
CVE-2025-5869High8.02025-06-09A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0.
CVE-2025-5868High8.02025-06-09A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0.
CVE-2025-5867High8.02025-06-09A vulnerability classified as critical was found in RT-Thread 5.1.0.
CVE-2025-5866High8.02025-06-09A vulnerability classified as critical has been found in RT-Thread 5.1.0.
CVE-2025-5865High8.02025-06-09A vulnerability was found in RT-Thread 5.1.0.
CVE-2025-28382High7.52025-06-13An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.
CVE-2025-28381High7.52025-06-13A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers.
CVE-2025-46035High7.52025-06-12Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi…
CVE-2025-44044High7.52025-06-10Keyoti SearchUnit prior to 9.0.0.
CVE-2025-45001High7.52025-06-09react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary.
CVE-2025-5952High7.32025-06-10A vulnerability, which was classified as critical, has been found in Zend.To up to 6.10-6 Beta.
CVE-2024-44906Medium6.52025-06-12uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go.
CVE-2024-44905Medium6.52025-06-12go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go.
CVE-2025-28380Medium6.12025-06-13A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.
CVE-2025-46096Medium6.12025-06-13Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component
CVE-2024-46452Medium6.12025-06-09A Host Header injection vulnerability in the password reset function of VigyBag Open Source Online Shop commit 3f0e21b allows attackers to redirect victim users to a malicious site via a crafted URL.
CVE-2025-46178Medium6.12025-06-09Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project.
CVE-2025-44091Medium5.42025-06-12yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function.
CVE-2023-45256Medium5.42025-06-12Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transa…
CVE-2025-29744Medium5.42025-06-12pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers.
CVE-2024-37396Medium5.42025-06-10A stored cross-site scripting (XSS) vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event.
CVE-2024-37395Medium5.42025-06-10A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instruct…
CVE-2024-37394Medium5.42025-06-10A stored cross-site scripting (XSS) vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard conten…
CVE-2025-44043Medium5.42025-06-10Keyoti SearchUnit prior to 9.0.0.
CVE-2025-45055Medium5.42025-06-09Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerability in the event management module.
CVE-2025-5935Medium5.32025-06-10A vulnerability was found in Open5GS up to 2.7.3.
CVE-2025-5874Medium4.62025-06-09A vulnerability was found in Redash up to 10.1.0/25.1.0.
CVE-2025-5892Medium4.32025-06-09A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1.
CVE-2025-5880Medium4.32025-06-09A vulnerability has been found in Whistle 2.9.98 and classified as problematic.

Sick · 19 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49199High8.82025-06-12The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it.
CVE-2025-49181High8.62025-06-12Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information.
CVE-2025-49194High7.52025-06-12The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels.
CVE-2025-49184High7.52025-06-12A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product.
CVE-2025-49183High7.52025-06-12All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver.
CVE-2025-49182High7.52025-06-12Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.
CVE-2025-49200Medium6.52025-06-12The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and decompressing the backup files.
CVE-2025-49197Medium6.52025-06-12The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account.
CVE-2025-49196Medium6.52025-06-12A service supports the use of a deprecated and unsafe TLS version.
CVE-2025-49185Medium5.52025-06-12The web application is susceptible to cross-site-scripting attacks.
CVE-2025-49195Medium5.32025-06-12The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server.
CVE-2025-49189Medium5.32025-06-12The HttpOnlyflag of the session cookie \"@@\" is set to false.
CVE-2025-49188Medium5.32025-06-12The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering.
CVE-2025-49187Medium5.32025-06-12For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username.
CVE-2025-49191Medium4.82025-06-12Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution.
CVE-2025-49192Medium4.32025-06-12The web application is vulnerable to clickjacking attacks.
CVE-2025-49190Medium4.32025-06-12The application is vulnerable to Server-Side Request Forgery (SSRF).
CVE-2025-49193Medium4.22025-06-12The application fails to implement several security headers.
CVE-2025-49198Low3.12025-06-12The Media Server’s authorization tokens have a poor quality of randomness.

Sap_se · 14 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-42989Critical9.62025-06-10RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2025-42982High8.82025-06-10SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials.
CVE-2025-42983High8.52025-06-10SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable.
CVE-2025-42977High7.62025-06-10SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privileged user.
CVE-2025-42995High7.52025-06-10SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with…
CVE-2025-42994High7.52025-06-10SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability…
CVE-2025-42993Medium6.72025-06-10Due to a missing authorization check vulnerability in SAP S/4HANA (Enterprise Event Enablement), an attacker with access to the Inbound Binding Configuration could create an RFC destination and assign an arbitrary high-privilege user.
CVE-2025-31325Medium5.82025-06-10Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Keyword Documentation), an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected parameter.
CVE-2025-42996Medium5.62025-06-10SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the ability to access or modify non-sensitive information or consume sufficient resources…
CVE-2025-42984Medium5.42025-06-10SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user.
CVE-2025-42998Medium5.32025-06-10The security settings in the SAP Business One Integration Framework are not adequately checked, allowing attackers to bypass the 403 Forbidden error and access restricted pages.
CVE-2025-42991Medium4.32025-06-10SAP S/4HANA (Bank Account Application) does not perform necessary authorization checks.
CVE-2025-42987Medium4.32025-06-10SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter.
CVE-2025-42990Low3.02025-06-10Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL.

Fortinet · 13 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31104High7.22025-06-10An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all…
CVE-2025-22254Medium6.62025-06-10An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiPro…
CVE-2025-24471Medium6.52025-06-10An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.
CVE-2025-22256Medium6.32025-06-10A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via spe…
CVE-2024-50568Medium5.92025-06-10A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an u…
CVE-2024-54019Medium4.82025-06-10A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another…
CVE-2024-50562Medium4.82025-06-10An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log…
CVE-2024-32119Medium4.82025-06-10An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploadi…
CVE-2025-25250Medium4.32025-06-10An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, Forti…
CVE-2024-45329Medium4.32025-06-10A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key m…
CVE-2023-48786Medium4.32025-06-10A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests.
CVE-2023-29184Low3.22025-06-10An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI r…
CVE-2025-22251Low3.12025-06-10An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unau…

Vmware · 12 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22239High8.12025-06-13Arbitrary event injection on Salt Master.
CVE-2025-22236High8.12025-06-13Minion event bus authorization bypass.
CVE-2025-41233Medium6.82025-06-12Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability.
CVE-2025-22237Medium6.72025-06-13An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.
CVE-2025-41234Medium6.52025-06-12Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the…
CVE-2024-38825Medium6.42025-06-13The salt.auth.pki module does not properly authenticate callers.
CVE-2025-22240Medium6.32025-06-13Arbitrary directory creation or file deletion.
CVE-2025-22242Medium5.62025-06-13Worker process denial of service through file read operation.
CVE-2025-22241Medium5.62025-06-13File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”.
CVE-2025-22238Medium4.22025-06-13Directory traversal attack in minion file cache creation.
CVE-2024-38823Low2.72025-06-13Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.
CVE-2024-38822Low2.72025-06-13Multiple methods in the salt master skip minion token validation.

Tenda · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5978High8.82025-06-10A vulnerability was found in Tenda FH1202 1.2.0.14.
CVE-2025-5863High8.82025-06-09A vulnerability was found in Tenda AC5 15.03.06.47.
CVE-2025-5862High8.82025-06-09A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical.
CVE-2025-5861High8.82025-06-09A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical.
CVE-2025-5855High8.82025-06-09A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16.
CVE-2025-5854High8.82025-06-09A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16.
CVE-2025-5853High8.82025-06-09A vulnerability classified as critical was found in Tenda AC6 15.03.05.16.
CVE-2025-5852High8.82025-06-09A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16.
CVE-2025-5851High8.82025-06-09A vulnerability was found in Tenda AC15 15.03.05.19_multi.
CVE-2025-5900Medium4.32025-06-09A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13.
CVE-2025-5864Low3.72025-06-09A vulnerability was found in Tenda TDSEE App up to 1.7.12.

Phpgurukul · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5860High7.32025-06-09A vulnerability, which was classified as critical, was found in PHPGurukul Maid Hiring Management System 1.0.
CVE-2025-5856High7.32025-06-09A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical.
CVE-2025-5859Medium6.32025-06-09A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0.
CVE-2025-5858Medium6.32025-06-09A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0.
CVE-2025-5975Medium4.32025-06-10A vulnerability, which was classified as problematic, was found in PHPGurukul Rail Pass Management System 1.0.
CVE-2025-5976Low3.52025-06-10A vulnerability has been found in PHPGurukul Rail Pass Management System 1.0 and classified as problematic.
CVE-2025-5974Low3.52025-06-10A vulnerability, which was classified as problematic, has been found in PHPGurukul Restaurant Table Booking System 1.0.
CVE-2025-5973Low2.42025-06-10A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0.
CVE-2025-5972Low2.42025-06-10A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0.
CVE-2025-5970Low2.42025-06-10A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as problematic.

Schneider Electric · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5740High7.22025-06-10CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes when an authenticated user on the web server manipulates file path.
CVE-2025-3898Medium6.52025-06-10CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver.
CVE-2025-3116Medium6.52025-06-10CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller.
CVE-2025-3112Medium6.52025-06-10CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends manipulated HTTPS Content-Length header to the webserver.
CVE-2025-5743Medium5.52025-06-10CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote control over the charging station when an authenticated user modifies configuration parameters…
CVE-2025-5742Medium5.42025-06-10CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server
CVE-2025-3905Medium5.42025-06-10CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to modif…
CVE-2025-3899Medium5.42025-06-10CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to mo…
CVE-2025-3117Medium5.42025-06-10CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to m…
CVE-2025-5741Medium4.92025-06-10CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station.
CVESeverityCVSSKEVPublishedSummary
CVE-2025-5911High8.82025-06-10A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical.
CVE-2025-5910High8.82025-06-10A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical.
CVE-2025-5909High8.82025-06-10A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713.
CVE-2025-5908High8.82025-06-10A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713.
CVE-2025-5907High8.82025-06-10A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713.
CVE-2025-5905High8.82025-06-10A vulnerability was found in TOTOLINK T10 4.1.8cu.5207.
CVE-2025-5904High8.82025-06-10A vulnerability was found in TOTOLINK T10 4.1.8cu.5207.
CVE-2025-5903High8.82025-06-10A vulnerability was found in TOTOLINK T10 4.1.8cu.5207.
CVE-2025-5902High8.82025-06-09A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical.
CVE-2025-5901High8.82025-06-09A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical.

Acc · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-40657Critical9.82025-06-10A SQL injection vulnerability has been found in DM Corporative CMS.
CVE-2025-40656Critical9.82025-06-10A SQL injection vulnerability has been found in DM Corporative CMS.
CVE-2025-40655Critical9.82025-06-10A SQL injection vulnerability has been found in DM Corporative CMS.
CVE-2025-40654Critical9.82025-06-10A SQL injection vulnerability has been found in DM Corporative CMS.
CVE-2025-40662High7.52025-06-10Absolute path disclosure vulnerability in DM Corporative CMS.
CVE-2025-40661High7.52025-06-10An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS.
CVE-2025-40660High7.52025-06-10An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS.
CVE-2025-40659High7.52025-06-10An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS.
CVE-2025-40658High7.52025-06-10An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS.

Gitlab · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4278High8.72025-06-12An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2.
CVE-2025-2254High8.72025-06-12An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2.
CVE-2025-0673High7.52025-06-12An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service…
CVE-2025-5996Medium6.52025-06-12An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2.
CVE-2025-1516Medium6.52025-06-12An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2.
CVE-2025-1478Medium6.52025-06-12An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1.
CVE-2024-9512Medium5.32025-06-12An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2.
CVE-2025-5195Medium4.32025-06-12An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1.
CVE-2025-5982Low3.72025-06-12An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2.

Xwiki · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-56158Critical9.82025-06-12XWiki is a generic wiki platform.
CVE-2025-49586High8.82025-06-13XWiki is an open-source wiki software platform.
CVE-2025-49581High8.82025-06-13XWiki is a generic wiki platform.
CVE-2025-49587High8.02025-06-13XWiki is an open-source wiki software platform.
CVE-2025-49585High8.02025-06-13XWiki is a generic wiki platform.
CVE-2025-49582High8.02025-06-13XWiki is a generic wiki platform.
CVE-2025-49580High8.02025-06-13XWiki is a generic wiki platform.
CVE-2025-49584High7.52025-06-13XWiki is a generic wiki platform.
CVE-2025-49583Low3.52025-06-13XWiki is a generic wiki platform.

Apache · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-47849High8.82025-06-10A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same d…
CVE-2025-47713High8.82025-06-10A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type.
CVE-2025-27818High8.82025-06-10A possible security vulnerability has been identified in Apache Kafka.
CVE-2025-26521High8.12025-06-10When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes clust…
CVE-2025-27819High7.52025-06-10In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API.
CVE-2025-27817High7.52025-06-10A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client.
CVE-2025-30675Medium4.72025-06-11In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs.
CVE-2025-22829Medium4.32025-06-10The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0.

Dell · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-36574High8.22025-06-10Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability.
CVE-2025-27689High7.82025-06-12Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability.
CVE-2025-36575High7.52025-06-10Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Exposure of Sensitive Information Through Data Queries vulnerability.
CVE-2025-36573High7.12025-06-12Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability.
CVE-2025-36578Medium6.82025-06-10Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability.
CVE-2025-36580Medium6.12025-06-10Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability.
CVE-2025-36577Medium6.12025-06-10Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability.
CVE-2025-36576Low2.72025-06-10Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability.

Drupal · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48915High8.62025-06-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2…
CVE-2025-48914High8.62025-06-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2…
CVE-2025-48920High7.32025-06-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal etracker allows Cross-Site Scripting (XSS).This issue affects etracker: from 0.0.0 before 3.1.0.
CVE-2025-48447High7.12025-06-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.
CVE-2025-48916Medium6.52025-06-13Missing Authorization vulnerability in Drupal Bookable Calendar allows Forceful Browsing.This issue affects Bookable Calendar: from 0.0.0 before 2.2.13.
CVE-2025-48444Medium5.32025-06-11Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
CVE-2025-48013Medium5.32025-06-11Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
CVE-2025-48917Medium5.02025-06-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal EU Cookie Compliance (GDPR Compliance) allows Cross-Site Scripting (XSS).This issue affects EU Cookie Compliance (GDPR Compliance)…

Unfoldwp · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49282High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magze magze allows PHP Local File Inclusion.This issue affects Magze: from n/a through <= 1.0.9.
CVE-2025-49281High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magways magways allows PHP Local File Inclusion.This issue affects Magways: from n/a through <= 1.2.1.
CVE-2025-49280High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magty magty allows PHP Local File Inclusion.This issue affects Magty: from n/a through <= 1.0.6.
CVE-2025-49279High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogvy blogvy allows PHP Local File Inclusion.This issue affects Blogvy: from n/a through <= 1.0.7.
CVE-2025-49278High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogty blogty allows PHP Local File Inclusion.This issue affects Blogty: from n/a through <= 1.0.11.
CVE-2025-49277High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogprise blogprise allows PHP Local File Inclusion.This issue affects Blogprise: from n/a through <= 1.0.9.
CVE-2025-49276High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogmine blogmine allows PHP Local File Inclusion.This issue affects Blogmine: from n/a through <= 1.1.7.
CVE-2025-49275High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogbyte blogbyte allows PHP Local File Inclusion.This issue affects Blogbyte: from n/a through <= 1.1.1.

Code-projects · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5985High7.32025-06-10A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical.
CVE-2025-5979High7.32025-06-10A vulnerability classified as critical has been found in code-projects School Fees Payment System 1.0.
CVE-2025-5977High7.32025-06-10A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical.
CVE-2025-5906High7.32025-06-10A vulnerability classified as critical has been found in code-projects Laundry System 1.0.
CVE-2025-5971Medium6.32025-06-10A vulnerability was found in code-projects School Fees Payment System 1.0.
CVE-2025-5881Medium6.32025-06-09A vulnerability was found in code-projects Chat System up to 1.0 and classified as critical.
CVE-2025-5857Medium6.32025-06-09A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical.

Geoserver · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30220Critical9.92025-06-10GeoServer is an open source server that allows users to share and edit geospatial data.
CVE-2024-34711Critical9.32025-06-10GeoServer is an open source server that allows users to share and edit geospatial data.
CVE-2025-30145High7.52025-06-10GeoServer is an open source server that allows users to share and edit geospatial data.
CVE-2024-29198High7.52025-06-10GeoServer is an open source software server written in Java that allows users to share and edit geospatial data.
CVE-2024-40625Medium5.52025-06-10GeoServer is an open source server that allows users to share and edit geospatial data.
CVE-2025-27505Medium5.32025-06-10GeoServer is an open source server that allows users to share and edit geospatial data.
CVE-2024-38524Medium5.32025-06-10GeoServer is an open source server that allows users to share and edit geospatial data.

Palo Alto Networks · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4232High8.82025-06-13An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.
CVE-2025-4231High7.22025-06-13A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user.
CVE-2025-4227Low3.52025-06-13An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement fe…
CVE-2025-42292025-06-13An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface.
CVE-2025-42302025-06-13A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user.
CVE-2025-42282025-06-13An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex® XDR Broker VM allows an authenticated administrative user to execute certain files available within the Broker VM and escalate their privileges to root.
CVE-2025-42332025-06-12An insufficient implementation of cache vulnerability in Palo Alto Networks Prisma® Access Browser enables users to bypass certain data control policies.

Siemens · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-40585Critical9.92025-06-10A vulnerability has been identified in Energy Services (All versions with G5DFR).
CVE-2025-40591High7.72025-06-10A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX1500 (All versions < V2.16.5), RUGGEDCOM…
CVE-2025-40567Medium6.52025-06-10A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK53…
CVE-2025-40592Medium6.12025-06-12A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), Mendix Studio Pro 10.18 (All versions < V10.18.7), Mendix Studio Pro 10.6 (All versions < V10.6.24)…
CVE-2025-40569Medium4.82025-06-10A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK53…
CVE-2025-40568Medium4.32025-06-10A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK53…
CVE-2024-41797Medium4.32025-06-10A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 EEC…

Ibm · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-33112High8.42025-06-10IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input.
CVE-2025-25032High7.52025-06-11IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resourc…
CVE-2025-3473Medium6.72025-06-11IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program.
CVE-2025-0917Medium5.52025-06-11IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting.
CVE-2025-0923Medium5.32025-06-11IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.
CVE-2025-0163Medium5.32025-06-11IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts.

Lambertgroup · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31635High7.52025-06-09Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup CLEVER lbg-audio11-html5-shoutcast_history allows Path Traversal.This issue affects CLEVER: from n/a through <= 2.6.
CVE-2025-31925High7.12025-06-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup SHOUT lbg-audio8-html5-radio_ads allows Reflected XSS.This issue affects SHOUT: from n/a through <= 3.5.3.
CVE-2025-31917High7.12025-06-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player universal_video_player allows Reflected XSS.This issue affects Universal Video Player: from n/a throu…
CVE-2025-31426High7.12025-06-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Sticky Radio Player lbg-audio5-html5-shoutcast_sticky allows Reflected XSS.This issue affects Sticky Radio Player: from n/a…
CVE-2025-31058High7.12025-06-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Revolution Video Player revolution_video_player allows Reflected XSS.This issue affects Revolution Video Player: from n/a th…
CVE-2025-31057High7.12025-06-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player elementor_widget_universal_video_player allows Reflected XSS.This issue affects Universal Video Playe…

Aveva · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-44019High7.12025-06-12AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems, resulting in a denial of service.
CVE-2025-36539Medium6.52025-06-12AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems, resulting in a denial of service.
CVE-2025-2745Medium6.52025-06-12A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023 SP1 and prior that, if exploited, could allow an authenticated attacker (with privileges to create/update annotations or upload media files) to persist arbitra…
CVE-2025-4417Medium5.52025-06-12A cross-site scripting vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow an administrator miscreant with local access to the connector admin portal to persist arbitrary Java…
CVE-2025-4418Medium4.42025-06-12An improper validation of integrity check value vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow a miscreant with elevated privileges to modify PI Connector for CygNet loca…
CVESeverityCVSSKEVPublishedSummary
CVE-2025-45988Critical9.82025-06-13Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabil…
CVE-2025-45987Critical9.82025-06-13Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabil…
CVE-2025-45986Critical9.82025-06-13Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 werediscovered to contain a command injection vulnerability via…
CVE-2025-45985Critical9.82025-06-13Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain a command injection vulnerability via…
CVE-2025-45984Critical9.82025-06-13Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL-LTE300 V1.2.3, BL-F1200_AT1 V1.0.0, BL-X26_AC8 V1.2.8, BLAC450M_AE4 V4.0.0 and BL-X26_DA3 V1.2.7 were discovered to contain a command injection v…

Broadcom · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25215High8.82025-06-13An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36.
CVE-2025-25050High8.82025-06-13An out-of-bounds write vulnerability exists in the cv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36.
CVE-2025-24922High8.82025-06-13A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36.
CVE-2025-24311High8.42025-06-13An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36.
CVE-2025-24919High8.12025-06-13A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36.

Cyberdata · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30515Critical9.82025-06-09CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.
CVE-2025-30184Critical9.82025-06-09CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
CVE-2025-30183High7.52025-06-09CyberData 011209 Intercom does not properly store or protect web server admin credentials.
CVE-2025-26468High7.52025-06-09CyberData  011209 Intercom exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition or system disruption.
CVE-2025-30507Medium5.32025-06-09CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.

Kicode111 · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6009Medium4.72025-06-12A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical.
CVE-2025-6008Medium4.72025-06-12A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical.
CVE-2025-6007Medium4.72025-06-12A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0.
CVE-2025-6006Medium4.72025-06-12A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0.
CVE-2025-6005Medium4.72025-06-12A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0.

Libarchive · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5914High7.82025-06-09A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function.
CVE-2025-5915Medium6.62025-06-09A vulnerability has been identified in the libarchive library.
CVE-2025-5918Low3.92025-06-09A vulnerability has been identified in the libarchive library.
CVE-2025-5916Low3.92025-06-09A vulnerability has been identified in the libarchive library.
CVE-2025-5917Low2.82025-06-09A vulnerability has been identified in the libarchive library.

Manageengine · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3835Critical9.62025-06-09Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.
CVE-2025-41444High8.32025-06-09Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.
CVE-2025-36528High8.32025-06-09Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.
CVE-2025-27709High8.32025-06-09Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.
CVE-2025-41437Medium4.32025-06-09Zohocorp ManageEngine OpManager, NetFlow Analyzer, Network Configuration Manager, Firewall Analyzer and OpUtils versions 128565 and below are vulnerable to Reflected XSS on the login page.

Salesforce · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-43698Critical9.12025-06-10Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects.
CVE-2025-43701High7.52025-06-10Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data.  This impacts OmniStudio: before version 254.
CVE-2025-43700High7.52025-06-10Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data.  This impacts OmniStudio: before Spring 2025.
CVE-2025-43697High7.52025-06-10Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data.
CVE-2025-43699Medium5.32025-06-10Client-Side Enforcement of Server-Side Security vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of required permission check.  This impacts OmniStudio: before Spring 2025

Snstheme · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28992High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Anton snsanton allows PHP Local File Inclusion.This issue affects SNS Anton: from n/a through <= 4.1.
CVE-2025-28945High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Valen - Sport, Fashion WooCommerce WordPress Theme valen allows PHP Local File Inclusion.This issue affects V…
CVE-2025-28944High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Avaz snsavaz allows PHP Local File Inclusion.This issue affects Avaz: from n/a through <= 2.8.
CVE-2025-24768High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Nitan snsnitan allows PHP Local File Inclusion.This issue affects Nitan: from n/a through <= 2.9.
CVE-2023-25999High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme BodyCenter - Gym, Fitness WooCommerce WordPress Theme allows PHP Local File Inclusion.

Starcitizen.tools · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49579Medium6.52025-06-12Citizen is a MediaWiki skin that makes extensions part of the cohesive experience.
CVE-2025-49578Medium6.52025-06-12Citizen is a MediaWiki skin that makes extensions part of the cohesive experience.
CVE-2025-49577Medium6.52025-06-12Citizen is a MediaWiki skin that makes extensions part of the cohesive experience.
CVE-2025-49576Medium6.52025-06-12Citizen is a MediaWiki skin that makes extensions part of the cohesive experience.
CVE-2025-49575Medium6.52025-06-12Citizen is a MediaWiki skin that makes extensions part of the cohesive experience.

Themeton · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31429Critical9.82025-06-09Deserialization of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction & Multimedia Theme allows Object Injection.
CVE-2025-31398Critical9.82025-06-09Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose allows Object Injection.
CVE-2025-31396Critical9.82025-06-09Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme allows Object Injection.
CVE-2025-31052Critical9.82025-06-09Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page Beauty Theme nrgfashion allows Object Injection.This issue affects The Fashion - Model Agency One Page Beauty Theme: from n/a through <= 1.4.4.
CVE-2025-31638High7.12025-06-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Spare allows Reflected XSS.

Bzotheme · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28888High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme GiftXtore bw-giftxtore allows PHP Local File Inclusion.This issue affects GiftXtore: from n/a through < 1.7.7.
CVE-2025-27362High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Petito bw-petito allows PHP Local File Inclusion.This issue affects Petito: from n/a through < 1.6.6.
CVE-2025-24770High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme CraftXtore bw-craftxtore allows PHP Local File Inclusion.This issue affects CraftXtore: from n/a through <= 1…
CVE-2023-26005High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Fitrush allows PHP Local File Inclusion.

Haxtheweb · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49141High8.52025-06-09HAX CMS PHP allows users to manage their microsite universe with a PHP backend.
CVE-2025-49137High8.52025-06-09HAX CMS PHP allows users to manage their microsite universe with a PHP backend.
CVE-2025-49138Medium6.52025-06-09HAX CMS PHP allows users to manage their microsite universe with a PHP backend.
CVE-2025-49139Medium5.32025-06-09HAX CMS PHP allows users to manage their microsite universe with a PHP backend.

Holest Engineering · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48123Critical10.02025-06-09Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Code I…
CVE-2025-48129Critical9.82025-06-09Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Privilege Escalation.This issue a…
CVE-2025-48122Critical9.32025-06-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-c…
CVE-2025-48124High7.52025-06-09Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerc…

Jetimob · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-41505Medium6.12025-06-10Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the "Pessoas" (persons) section via the field "Profisso" (professor).
CVE-2024-41504Medium6.12025-06-10Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS).
CVE-2024-41503Medium6.12025-06-10Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the field "Ttulo" (title) inside the filter Save option in the "Busca" (search) function.
CVE-2024-41502Medium6.12025-06-10Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) via the form field "Observaces" (observances) in the "Pessoas" (persons) section when creating or editing either a legal or a natural person.

Mozilla · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49710Critical9.82025-06-11An integer overflow was present in `OrderedHashTable` used by the JavaScript engine.
CVE-2025-49709Critical9.82025-06-11Certain canvas operations could have lead to memory corruption.
CVE-2025-5687High7.82025-06-11A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root.
CVE-2025-5986Medium6.52025-06-11A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled.

Red Hat · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6021High7.52025-06-12A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow.
CVE-2025-25209Medium5.72025-06-09The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace.
CVE-2025-25208Medium5.72025-06-09A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster
CVE-2025-25207Medium5.72025-06-09The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security.

Amd · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-20599High7.92025-06-10Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86 resulting in potential loss of control of cryptographic key pointer/index leading…
CVE-2025-0037Medium6.62025-06-10In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality.
CVE-2025-0036Low3.22025-06-10In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cry…

Amentotech · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4973Critical9.82025-06-12The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1.
CVE-2025-5012High8.82025-06-12The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'workreap_temp_upload_to_media' function in all versions up…
CVE-2025-31920High8.52025-06-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech WP Guppy wp-guppy allows SQL Injection.This issue affects WP Guppy: from n/a through <= 4.3.3.

Discourse · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48877Critical9.82025-06-09Discourse is an open-source discussion platform.
CVE-2025-48053High7.52025-06-09Discourse is an open-source discussion platform.
CVE-2025-48062High7.12025-06-09Discourse is an open-source discussion platform.

Erxes · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-57190Critical9.82025-06-10Erxes <1.6.1 is vulnerable to Incorrect Access Control.
CVE-2024-57189Medium5.42025-06-10In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.
CVE-2024-57186Medium5.42025-06-10In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.

Irmau · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4586Medium6.42025-06-13The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmcalendarview' shortcode in all versions up to, and including, 1.2.19 due to insufficient input sanitization and output escaping on user…
CVE-2025-4585Medium6.42025-06-13The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmflat' shortcode in all versions up to, and including, 1.2.19 due to insufficient input sanitization and output escaping on user supplie…
CVE-2025-4584Medium6.42025-06-13The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'irmeventlist' shortcode in all versions up to, and including, 1.2.19 due to insufficient input sanitization and output escaping on user su…

Ivanti · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5353High8.82025-06-10A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.
CVE-2025-22455High8.82025-06-10A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.
CVE-2025-22463High7.32025-06-10A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password.

Lablup · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49652Critical9.82025-06-09Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled.
CVE-2025-49651High8.12025-06-09Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session.
CVE-2025-49653High8.02025-06-09Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.

Mikado-themes · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49297High8.12025-06-09Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6.
CVE-2025-49296High8.12025-06-09Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6.
CVE-2025-49295High8.12025-06-09Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1.

Ricoh Company, Ltd. · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-46783Critical9.82025-06-13Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0.
CVE-2025-36506Medium6.52025-06-13External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0.
CVE-2025-48825Low2.52025-06-13RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL wi…

Rsjoomla.com · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-324662025-06-11A SQL injection vulnerability in RSMediaGallery!
CVE-2025-324652025-06-11A stored XSS vulnerability in RSTickets!
CVE-2025-300852025-06-11Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered.

Tcman · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-40670High8.82025-06-09Incorrect authorization vulnerability in TCMAN's GIM v11.
CVE-2025-40669Medium6.52025-06-09Incorrect authorization vulnerability in TCMAN's GIM v11.
CVE-2025-40668Medium6.52025-06-09Incorrect authorization vulnerability in TCMAN's GIM v11.

1xinternet · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48918High8.82025-06-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0.
CVE-2025-48919Medium5.02025-06-13Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0.

Absolute · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49080High7.52025-06-12There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54.
CVE-2025-49081Medium4.92025-06-12There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55.

Autodesk · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5335High7.82025-06-10A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application.
CVE-2025-4605Medium6.62025-06-11A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability.

Avaya · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1041Critical9.92025-06-10An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request.
CVE-2025-49186Medium5.32025-06-12The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
CVESeverityCVSSKEVPublishedSummary
CVE-2025-5969High8.82025-06-10A vulnerability has been found in D-Link DIR-632 FW103B08 and classified as critical.
CVE-2025-5912High8.82025-06-10A vulnerability was found in D-Link DIR-632 FW103B08.

Gamerz · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4799High7.22025-06-11The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10.
CVE-2025-4798Medium4.92025-06-11The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10.

Gnu · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5899Medium5.32025-06-09A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb.
CVE-2025-5898Medium5.32025-06-09A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb.

Go Standard Library · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22874High7.52025-06-11Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation.
CVE-2025-4673Medium6.82025-06-11Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

Google · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5959High8.82025-06-11Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2025-5958High8.82025-06-11Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Honding Technology · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5893Critical9.82025-06-09Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials.
CVE-2025-5894High8.82025-06-09Smart Parking Management System from Honding Technology has a Missing Authorization vulnerability, allowing remote attackers with regular privileges to access a specific functionality to create administrator accounts, and subsequently log…

Jsnjfz · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5888Medium4.32025-06-09A vulnerability was found in jsnjfz WebStack-Guns 1.0.
CVE-2025-5887Low3.52025-06-09A vulnerability was found in jsnjfz WebStack-Guns 1.0.

Konica Minolta · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5885Medium4.32025-06-09A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic.
CVE-2025-5884Low3.52025-06-09A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202.

Loftocean · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49507Critical9.82025-06-10Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay cozystay allows Object Injection.This issue affects CozyStay: from n/a through < 1.7.1.
CVE-2025-49454High8.12025-06-10Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt tinysalt allows PHP Local File Inclusion.This issue affects TinySalt: from n/a through < 3.10.0.

Mattermost · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4573Medium4.12025-06-11Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups perm…
CVE-2025-4128Low3.12025-06-11Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API c…

Mik · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-40912Critical9.82025-06-11CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode.
CVE-2025-40914Critical9.82025-06-11Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow.

Motorola · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1699Low2.82025-06-11An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.
CVE-2025-1698Low2.82025-06-11Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.

Nautobot · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49142High7.12025-06-10Nautobot is a Network Source of Truth and Network Automation Platform.
CVE-2025-49143Medium5.92025-06-10Nautobot is a Network Source of Truth and Network Automation Platform.

Nbdkit_project · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-47712Medium6.52025-06-09A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request.
CVE-2025-47711Medium6.52025-06-09There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks.

Nozomi Networks · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-13089High7.22025-06-10An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands.
CVE-2024-13090High7.02025-06-10A privilege escalation vulnerability may enable a service account to elevate its privileges.

Octoprint · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48879Medium6.52025-06-10OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become u…
CVE-2025-48067Medium5.42025-06-10OctoPrint provides a web interface for controlling consumer 3D printers.

Pandora Fms · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-46782025-06-10Improper Neutralization of Special Elements in the chromium_path variable may allow OS command injection.
CVE-2025-46532025-06-10Improper Neutralization of Special Elements in the backup name field may allow OS command injection.

Pure Storage · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-00522025-06-10Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service.
CVE-2025-00512025-06-10Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.

Sap · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23192High8.22025-06-10SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace.
CVE-2025-42988Low3.72025-06-10Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests.

Sinotrack · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5485High8.62025-06-12User names used to access the web management interface are limited to the device identifier, which is a numerical identifier no more than 10 digits.
CVE-2025-5484High8.32025-06-12A username and password are required to authenticate to the central SinoTrack device management interface.

Solarwinds · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26395High7.12025-06-10SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL.
CVE-2025-26394Medium4.82025-06-10SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability.

Thenewsletterplugin · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3582Medium4.82025-06-09The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili…
CVE-2025-3581Medium4.82025-06-09The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stor…

Upkeeper Solutions · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-46812025-06-10Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Abuse.This issue affects upKeeper Instant Privilege Access: before 1.4.0.
CVE-2025-46802025-06-10Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects upKeeper Instant Privilege Access: before 1.4.0.

Vantage6 · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-43863Critical9.82025-06-12vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation.
CVE-2025-43866High7.52025-06-12vantage6 is an open-source infrastructure for privacy preserving analysis.

Virtuemart · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6001High8.32025-06-11A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token.
CVE-2025-6002High7.22025-06-11An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend.

Weidmueller · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-41663Critical9.82025-06-11For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated privileges.
CVE-2025-41661High8.82025-06-11An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection.

72crm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5879Low3.52025-06-09A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0.

A3rev · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5123Medium6.42025-06-13The Contact Us Page – Contact People plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 3.7.4 due to insufficient input sanitization and output escaping.

Acer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5491High8.82025-06-13Acer ControlCenter contains Remote Code Execution vulnerability.

Actions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5890Medium4.32025-06-09A vulnerability classified as problematic has been found in actions toolkit 0.5.0.

Admin_audit_trail_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48448Medium6.52025-06-11Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5.

Airleader · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-46612High7.22025-06-10The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload.

Alex Zaytseff · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48141Critical9.32025-06-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency Payments multi-crypto-currency-payment allows SQL Injection.This issue affects Multi CryptoCurrency Pa…

Amazon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6031High7.52025-06-12Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported.

Amir-mousavi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5939Medium4.42025-06-13The Telegram for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping.

Anchorcms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-46041Medium5.42025-06-09A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).

Andremacola · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5841Medium6.42025-06-13The ACF Onyx Poll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping.

Anujk305 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5913High7.32025-06-10A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0.

Appthaplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31050High7.52025-06-09Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery apptha-slider-gallery allows Path Traversal.This issue affects Apptha Slider Gallery: from n/a through <= 2…

Archify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9062High7.82025-06-11The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC.

Auma · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-41657Medium4.32025-06-10Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.

Autoeastern · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-60302025-06-13Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack.

Axiomthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26592High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Lab lab allows PHP Local File Inclusion.This issue affects Lab: from n/a through <= 1.0.0.

Axlethemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4954High8.82025-06-10The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server

Bagisto · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-40675Medium6.12025-06-09A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0.

Barryvdh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-491302025-06-09Laravel Translation Manager is a package to manage Laravel translation files.

Blackberry · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2474Critical9.82025-06-10Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.

Brewlabs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-39539High7.12025-06-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brewlabs WP Email Delivery wp-email-delivery allows Reflected XSS.This issue affects WP Email Delivery: from n/a through <= 1.20.11.23.

Broadstreetads · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4652Medium6.12025-06-09The Broadstreet WordPress plugin before 1.51.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Caido · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49004High7.52025-06-09Caido is a web security auditing toolkit.

Carmelogarcia · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5980High7.32025-06-10A vulnerability classified as critical was found in code-projects Restaurant Order System 1.0.

Click5 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-47598Medium6.52025-06-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in click5 History Log by click5 history-log-by-click5 allows Stored XSS.This issue affects History Log by click5: from n/a through <= 1.0.13.

Clickandpledge · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49455Critical9.32025-06-10Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge WordPress-WPJobBoard click-pledge-wpjobboard allows Blind SQL Injection.This issue affects WordPress-WPJobBoard: from n/a…

Codervivek · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-45002Medium5.42025-06-09Vigybag v1.0 and before is vulnerable to Cross Site Scripting (XSS) via the upload profile picture function under my profile.

Commerce_alphabank_redirect_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48446High8.82025-06-11Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.

Commerce_eurobank_\(redirect\)_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48445High8.82025-06-11Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.

Conda-forge · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-495982025-06-13conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI.

Crypto Cloud · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48147Medium6.52025-06-09Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway cryptocloud-crypto-payment-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CryptoCloud - Crypto Pay…

Cubewp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4315High8.82025-06-11The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23.

Cyberlord92 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6003Medium5.32025-06-12The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable to unauthorized access due to a misconfigured capability check on a function in all versions up to, and including, the *.5.3 versions of the plugin.

Digitalacornjp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5930Medium4.32025-06-13The WP2HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2.

Dmitriamartin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5815Medium5.32025-06-13The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcm_maybe_set_bot_flags() function in all versions up to, and including, 3.2.2.

Dotcamp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2918Medium6.42025-06-10The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping.

Dt Research · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3052High8.22025-06-10An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software.

Echarge Hardy Barth · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5873Medium6.32025-06-09A vulnerability was detected in eCharge Hardy Barth Salia PLCC up to 2.3.81.

Egauge · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5872Medium5.32025-06-09A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3.

Elastic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43706High7.62025-06-10Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint.

Elementor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3076Medium6.42025-06-10The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text’ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping.

Elfsight · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31045High7.52025-06-09Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in elfsight elfsight Contact Form widget elfsight-contact-form allows Retrieve Embedded Sensitive Data.This issue affects elfsight Contact Form widget…

Emlog · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5886Low3.52025-06-09A vulnerability was found in Emlog up to 2.5.7 and classified as problematic.

Erumfaham · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4840High7.52025-06-10The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

Etj · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-4976Critical9.82025-06-12Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities.

Extreme Networks · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6083Medium4.32025-06-13In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter.

Facturaone · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24767Critical9.32025-06-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Blind SQL Injection.This issue affects TicketBAI Facturas para WooComm…

Fahad Mahmood · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-47463High7.12025-06-09Missing Authorization vulnerability in Fahad Mahmood Stock Locations for WooCommerce stock-locations-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Locations for WooCommerce…

Fantasticplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32291Critical10.02025-06-09Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Using Malicious Files.This issue affects SUMO Affiliates Pro: from n/a through < 11.1.0.

Fastgpt · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49131Medium6.32025-06-09FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents.

Fay-1 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5928Medium4.32025-06-13The WP Sliding Login/Dashboard Panel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1.

Fengoffice · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5877Medium6.32025-06-09A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1.

Frenify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-39475High8.12025-06-09Path Traversal: '.../...//' vulnerability in Frenify Arlo arlo allows PHP Local File Inclusion.This issue affects Arlo: from n/a through <= 6.0.3.

Fujitsu Client Computing Limited · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-35978High7.12025-06-12Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125.

G5plus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48126High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Inclusion.This issue affects Essential Real…

Gavias · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32595High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Krowd krowd allows PHP Local File Inclusion.This issue affects Krowd: from n/a through < 1.5.0.

Getcursor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49150Medium5.92025-06-11Cursor is a code editor built for programming with AI.

Gfi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-35940High8.12025-06-10The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key.

Gimp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6035Medium6.12025-06-13A flaw was found in GIMP.

Gnome · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6052Low3.72025-06-13A flaw was found in how GLib’s GString manages memory when adding data to strings.

Gryphon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-40915High7.02025-06-11Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.

Handcraftedinthealps · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49597Low3.92025-06-13handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library.

Hashicorp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4922High8.12025-06-11Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing.

Hewlett Packard Enterprise (Hpe) · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-37100High7.72025-06-10A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users.

Hikvision · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-39240High7.22025-06-13Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation.

Icegram · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-47527High7.12025-06-09Missing Authorization vulnerability in Icegram Icegram Collect icegram-rainmaker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram Collect: from n/a through <= 1.3.18.

Ifkooo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23974High8.12025-06-09Incorrect Privilege Assignment vulnerability in ifkooo One-Login one-login allows Privilege Escalation.This issue affects One-Login: from n/a through <= 1.4.

Infility · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-47651High8.52025-06-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global: from n/a through <= 2.15.06.

Info@welcart · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-47511Medium6.82025-06-09Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Path Traversal.This issue affects Welcart e-Commerce: from n/a through <= 2.11.13.

Innomotics · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35295Medium6.12025-06-11A vulnerability has been identified in Perfect Harmony GH180 (All versions >= V8.0 < V8.3.3 with NXGPro+ controller manufactured between April 2020 to April 2025).

Inspirythemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4601High8.82025-06-10The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0.

Insyde · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-55567High7.52025-06-12Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01.

Insyde Software · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4275High7.82025-06-11A vulnerability in the digital signature verification process does not properly validate variable attributes which allows an attacker to bypass signature verification by creating a non-authenticated NVRAM variable.

Janboddez · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5950Medium6.42025-06-13The IndieBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘kind’ parameter in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping.

Jconti · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5926Medium6.12025-06-13The Link Shield plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.4.

Jevents.net / Gwe Systems Ltd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-494672025-06-12A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered.

Johnson Controls · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-263832025-06-11The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on.

Juliangruber · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5889Low3.12025-06-09A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0.

K7 Security · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1055Medium5.62025-06-11A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level pri…

Kaisercrazy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6012Medium5.52025-06-13The Auto Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping.

Kamleshyadav · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31424Critical9.32025-06-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through…

Kde · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49091High8.22025-06-11KDE Konsole before 25.04.2 allows remote code execution in a certain scenario.

Keepersecurity · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-29627Medium6.82025-06-09An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module

Keymetric · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5891Medium4.32025-06-09A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6.

Kia · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-60292025-06-13Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack.

Knadh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49136Critical9.02025-06-09listmonk is a standalone, self-hosted, newsletter and mailing list manager.

Kseaborn · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4666Medium6.42025-06-11The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nickname’ parameter in all versions up to, and including, 7.3.15 due to insufficient input sanitization and output escaping.

Leap13 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4774Medium6.42025-06-10The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and…

Libtpms_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49133Medium5.92025-06-10Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu.

Looks_awesome · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32308High7.62025-06-09Missing Authorization vulnerability in looks_awesome Team Builder a-team-showcase allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team Builder: from n/a through <= 1.5.7.

Lucky · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5876Medium5.32025-06-09A vulnerability classified as problematic was found in Lucky LM-520-SC, LM-520-FSC and LM-520-FSC-SAM up to 20250321.

Magentech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-39476High7.52025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Revo revo allows PHP Local File Inclusion.This issue affects Revo: from n/a through <= 4.0.26.

Marcdk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5923Medium6.42025-06-13The Game Review Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 4.8.1 due to insufficient input sanitization and output escaping.

Matrix-org · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48937Medium4.92025-06-10matrix-rust-sdk is an implementation of a Matrix client-server library in Rust.

Metabase · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5895Medium4.32025-06-09A vulnerability was found in Metabase 54.10.

Metalpriceapi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48140Critical9.92025-06-09Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI metalpriceapi allows Code Injection.This issue affects MetalpriceAPI: from n/a through <= 1.1.4.

Microdicom · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5943High8.82025-06-10MicroDicom DICOM Viewer suffers from an out-of-bounds write vulnerability.

Miniorange · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31019High8.82025-06-09Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager password-policy-manager allows Authentication Abuse.This issue affects Password Policy Manager: from n/a through <= 2.0.4.

Modelcontextprotocol · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-495962025-06-13The MCP inspector is a developer tool for testing and debugging MCP servers.

Moreconvert Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-47487High7.12025-06-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moreconvert Team MC Woocommerce Wishlist smart-wishlist-for-more-convert allows Reflected XSS.This issue affects MC Woocommerce Wishlist…

Multivendorx · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48261High7.52025-06-09Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Retrieve Embedded Sensitive Data.This issue affects MultiVendorX: from n/a through <= 4.2.22.

Myscada · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-35941Medium5.52025-06-11A password is exposed locally.

Mystyleplatform · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48281Critical9.32025-06-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-custom-product-designer allows Blind SQL Injection.This issue affects MyStyle Cus…

Netgear · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5934High8.82025-06-10A vulnerability was found in Netgear EX3700 up to 1.0.0.88.

Niklas Portmann · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-368522025-06-10A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache (such as those using Amazon S3, Google Cloud Storage, or similar object storage) that allows any contributor w…

Nobossextensions.com · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-494682025-06-13A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered.

Onlyoffice · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5301Medium6.12025-06-12ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol.

Ossec · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-12442025-06-11Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path.

Papendorf · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5871Medium5.32025-06-09A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic.

Payu India · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31022Critical9.82025-06-09Authentication Bypass Using an Alternate Path or Channel vulnerability in PayU India PayU India payu-india allows Authentication Abuse.This issue affects PayU India: from n/a through < 3.8.8.

Pcsx2 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-495892025-06-12PCSX2 is a free and open-source PlayStation 2 (PS2) emulator.

Pgjdbc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49146High8.22025-06-11pgjdbc is an open source postgresql JDBC Driver.

Pion · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49140High7.52025-06-09Pion Interceptor is a framework for building RTP/RTCP communication software.

Pixelgrade · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31039Critical9.12025-06-09Improper Restriction of XML External Entity Reference vulnerability in pixelgrade Category Icon category-icon allows XML Entity Linking.This issue affects Category Icon: from n/a through <= 1.0.3.

Psf · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47081Medium5.32025-06-09Requests is a HTTP library.

Redqteam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31061High7.12025-06-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Wishlist wishlist allows Reflected XSS.This issue affects Wishlist: from n/a through <= 2.1.0.

Relentlo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48139Medium6.52025-06-09Missing Authorization vulnerability in relentlo StyleAI relentlosoftware allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects StyleAI: from n/a through <= 1.0.4.

Revenera · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-75622025-06-12A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured.

Revmakx · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-47477High7.12025-06-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Reflected XSS.This issue affects Backup and Staging by WP Time Capsu…

Richard Perdaan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48279High7.12025-06-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard Perdaan WC MyParcel Belgium allows Reflected XSS.

Rocket.chat · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8270Medium5.52025-06-11The macOS Rocket.Chat application is affected by a vulnerability that allows bypassing Transparency, Consent, and Control (TCC) policies, enabling the exploitation or abuse of permissions specified in its entitlements (e.g., microphone, c…

Roland Beaussant · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49509Medium5.32025-06-10Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder audio-editor-recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through <= 2…

Romancode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-47561High8.82025-06-09Incorrect Privilege Assignment vulnerability in RomanCode MapSVG mapsvg allows Privilege Escalation.This issue affects MapSVG: from n/a through < 8.6.13.

Rts · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-29902Critical10.02025-06-13Remote code execution that allows unauthorized users to execute arbitrary code on the server machine.

Salesup2019 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48143High7.12025-06-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salesup2019 Formulario de contacto SalesUp!

Saltstack · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-38824Critical9.62025-06-13Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.

Senior-walter · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5984Low3.52025-06-10A vulnerability has been found in SourceCodester Online Student Clearance System 1.0 and classified as problematic.

Simcom · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26412Medium6.82025-06-11The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem.

Smub · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4577Medium6.42025-06-10The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input san…

Sneeit · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32305High7.12025-06-09Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sneeit WordPress FlatNews Theme flatnews allows Reflected XSS.This issue affects WordPress FlatNews Theme: from n/a through <= 5.8.

Sonalsinha21 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-47608Critical9.32025-06-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce recover-wc-abandoned-cart allows SQL Injection.This issue affects Recover abandoned c…

Spicethemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48130High7.52025-06-09Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spicethemes Spice Blocks spice-blocks allows Path Traversal.This issue affects Spice Blocks: from n/a through <= 2.0.7.4.

Stash · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7457High7.82025-06-11The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model.

Stellarwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5144Medium6.42025-06-11The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-date-*’ parameters in all versions up to, and including, 6.13.2 due to insufficient input sanitization and output escaping.

Steph · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5925Medium4.32025-06-10The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95.

Sungrow · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-297562025-06-11SunGrow's back end users system iSolarCloud https://isolarcloud.com  uses an MQTT service to transport data from the user's connected devices to the user's web browser.  The MQTT server however did not have sufficient restrictions in plac…

Taro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5896Medium4.32025-06-09A vulnerability was found in tarojs taro up to 4.1.1.

Thatdevgirl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5233Medium6.42025-06-13The Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hex’ parameter in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping.

The Qt Company · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-59912025-06-11There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module.

Themebon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5938Medium5.32025-06-13The Digital Marketing and Agency Templates Addons for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1.

Thevindu-w · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49148High7.32025-06-11ClipShare is a lightweight and cross-platform tool for clipboard sharing.

Thimpress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48267High8.62025-06-09Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes allows Path Traversal.
CVESeverityCVSSKEVPublishedSummary
CVE-2025-5875High8.82025-06-09A vulnerability classified as critical has been found in TP-LINK Technologies TL-IPC544EP-W4 1.0.9 Build 240428 Rel 69493n.

Trendnet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5870High7.32025-06-09A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical.

Trusted Computing Group · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-2884Medium6.62025-06-10TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm.

Tyche Softwares · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4387High8.82025-06-10The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcap_add_to_cart_popup_upload_files function in all versions up to, and including, 9.16…

Uxper · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49511High7.12025-06-10Cross-Site Request Forgery (CSRF) vulnerability in uxper Civi Framework civi-framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a through <= 2.1.6.

Valvepress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5395High8.82025-06-11The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0.

Vuejs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5897Medium4.32025-06-09A vulnerability was found in vuejs vue-cli up to 5.0.8.

Wasp-lang · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-490062025-06-09Wasp (Web Application Specification) is a Rails-like framework for React, Node.js, and Prisma.

Wazuh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1243High7.22025-06-11Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path.

Webgeniuslab · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-39473High8.12025-06-09Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebGeniusLab Seofy Core seofy-core allows PHP Local File Inclusion.This issue affects Seofy Core: from n/a through <= 1.6.8.

Weboccults · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5288Critical9.82025-06-13The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3.

Wilderforge · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49013Critical9.92025-06-09WilderForge is a Wildermyth coremodding API.

Woobewoo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31059Critical9.32025-06-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in woobewoo WBW Product Table PRO woo-producttables-pro allows SQL Injection.This issue affects WBW Product Table PRO: from n/a through <= 2…

Wp Event Manager · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48125High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Event Manager WP Event Manager wp-event-manager allows PHP Local File Inclusion.This issue affects WP Event Manager…

Wp Swings · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49265High7.52025-06-09Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through <= 2.8.1.

Wpfactory · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49510Medium4.32025-06-10Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce product-quantity-for-woocommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager fo…

Wptravelengine · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5282High7.52025-06-13The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_package() function in all versions up to, and including, 6…

Xagio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3302High7.22025-06-11The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTP_REFERER’ parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping.