Total
8284 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52488 | 2025-06-23 | N/A | 8.6 HIGH | ||
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been patched in version 10.0.1. | |||||
| CVE-2024-24215 | 1 Cellinx | 1 Nvt Web Server | 2025-06-20 | N/A | 5.3 MEDIUM |
| An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request. | |||||
| CVE-2024-23224 | 1 Apple | 1 Macos | 2025-06-20 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.3, macOS Ventura 13.6.4. An app may be able to access sensitive user data. | |||||
| CVE-2023-48132 | 1 Linecorp | 1 Line | 2025-06-20 | N/A | 5.4 MEDIUM |
| An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-48129 | 1 Linecorp | 1 Line | 2025-06-20 | N/A | 5.4 MEDIUM |
| An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43997 | 1 Linecorp | 1 Line | 2025-06-20 | N/A | 5.4 MEDIUM |
| An issue in Yoruichi hobby base mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43996 | 1 Linecorp | 1 Line | 2025-06-20 | N/A | 5.4 MEDIUM |
| An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43995 | 1 Linecorp | 1 Line | 2025-06-20 | N/A | 5.4 MEDIUM |
| An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43992 | 1 Linecorp | 1 Line | 2025-06-20 | N/A | 5.4 MEDIUM |
| An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2020-36771 | 1 Cloudlinux | 1 Cagefs | 2025-06-20 | N/A | 7.8 HIGH |
| CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user. | |||||
| CVE-2024-38467 | 1 Guoxinled | 1 Synthesis Image System | 2025-06-20 | N/A | 7.5 HIGH |
| Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API. | |||||
| CVE-2024-20920 | 1 Oracle | 1 Solaris | 2025-06-20 | N/A | 3.8 LOW |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). | |||||
| CVE-2023-52101 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-20 | N/A | 9.1 CRITICAL |
| Component exposure vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service availability and integrity. | |||||
| CVE-2023-51142 | 1 Zkteco | 1 Biotime | 2025-06-20 | N/A | 7.5 HIGH |
| An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information. | |||||
| CVE-2023-42934 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-20 | N/A | 4.2 MEDIUM |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information. | |||||
| CVE-2024-54961 | 1 Nagios | 1 Nagios Xi | 2025-06-18 | N/A | 6.5 MEDIUM |
| Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying the usernames and email addresses of all current users. | |||||
| CVE-2025-22973 | 1 Qibosoft | 1 Qibocms X1 | 2025-06-18 | N/A | 7.5 HIGH |
| An issue in QiboSoft QiboCMS X1.0 allows a remote attacker to obtain sensitive information via the http_curl() function in the '/application/common. php' file that directly retrieves the URL request response content. | |||||
| CVE-2024-21095 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2025-06-18 | N/A | 8.2 HIGH |
| Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 19.12.0-19.12.22, 20.12.0-20.12.21, 21.12.0-21.12.18, 22.12.0-22.12.12 and 23.12.0-23.12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). | |||||
| CVE-2024-1102 | 2 Jberet, Redhat | 2 Jberet, Jboss Enterprise Application Platform | 2025-06-18 | N/A | 6.5 MEDIUM |
| A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection. | |||||
| CVE-2024-33669 | 1 Passbolt | 1 Passbolt Browser Extension | 2025-06-18 | N/A | 6.1 MEDIUM |
| An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt's HTTPS queries to the Pwned Password API to more easily brute force passwords that are manually typed by the user. | |||||