Total
298054 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-27709 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports. | |||||
CVE-2025-36528 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports. | |||||
CVE-2025-41444 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module. | |||||
CVE-2024-37396 | 1 Vanderbilt | 1 Redcap | 2025-06-16 | N/A | 5.4 MEDIUM |
A stored cross-site scripting (XSS) vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to the execution of malicious scripts when the event is viewed. Updating to version 14.2.1 or later is recommended to remediate this vulnerability. | |||||
CVE-2025-5971 | 1 Fabian | 1 School Fees Payment System | 2025-06-16 | 6.5 MEDIUM | 6.3 MEDIUM |
A vulnerability was found in code-projects School Fees Payment System 1.0. It has been classified as critical. This affects an unknown part of the file /ajx.php. The manipulation of the argument name_startsWith leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-5979 | 1 Fabian | 1 School Fees Payment System | 2025-06-16 | 7.5 HIGH | 7.3 HIGH |
A vulnerability classified as critical has been found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /branch.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-46060 | 1 Totolink | 2 N600r, N600r Firmware | 2025-06-16 | N/A | 9.8 CRITICAL |
Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component | |||||
CVE-2025-47044 | 1 Adobe | 1 Experience Manager | 2025-06-16 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-47045 | 1 Adobe | 1 Experience Manager | 2025-06-16 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-47047 | 1 Adobe | 1 Experience Manager | 2025-06-16 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-47048 | 1 Adobe | 1 Experience Manager | 2025-06-16 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-47049 | 1 Adobe | 1 Experience Manager | 2025-06-16 | N/A | 6.1 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page. | |||||
CVE-2025-47050 | 1 Adobe | 1 Experience Manager | 2025-06-16 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-47051 | 1 Adobe | 1 Experience Manager | 2025-06-16 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-47052 | 1 Adobe | 1 Experience Manager | 2025-06-16 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-47055 | 1 Adobe | 1 Experience Manager | 2025-06-16 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-47056 | 1 Adobe | 1 Experience Manager | 2025-06-16 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-47057 | 1 Adobe | 1 Experience Manager | 2025-06-16 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-47060 | 1 Adobe | 1 Experience Manager | 2025-06-16 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-47062 | 1 Adobe | 1 Experience Manager | 2025-06-16 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. |