Total
297957 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27709 | 2025-06-09 | N/A | 8.3 HIGH | ||
| Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports. | |||||
| CVE-2025-22490 | 2025-06-09 | N/A | N/A | ||
| A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later | |||||
| CVE-2025-3485 | 2025-06-09 | N/A | 7.2 HIGH | ||
| Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the extractFileFromZip method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26524. | |||||
| CVE-2025-38003 | 2025-06-09 | N/A | N/A | ||
| In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the removal of bcm_op's is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection. | |||||
| CVE-2025-5873 | 2025-06-09 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in eCharge Hardy Barth Salia PLCC 2.2.0. It has been declared as critical. This vulnerability affects unknown code of the file /firmware.php of the component Web UI. The manipulation of the argument media leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-4948 | 2025-06-09 | N/A | 7.5 HIGH | ||
| A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk. | |||||
| CVE-2025-32914 | 2025-06-09 | N/A | 7.4 HIGH | ||
| A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds. | |||||
| CVE-2025-32049 | 2025-06-09 | N/A | 7.5 HIGH | ||
| A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS). | |||||
| CVE-2025-2784 | 2025-06-09 | N/A | 7.0 HIGH | ||
| A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. | |||||
| CVE-2025-26873 | 2025-06-09 | N/A | 9.0 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Shine theme Traveler.This issue affects Traveler: from n/a before 3.2.1. | |||||
| CVE-2018-12071 | 1 Codeigniter | 1 Codeigniter | 2025-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled. | |||||
| CVE-2025-5242 | 2025-06-07 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2025-5223 | 2025-06-07 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2025-5097 | 2025-06-07 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2025-5026 | 2025-06-07 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2024-22988 | 1 Zkteco | 1 Zkbio Wdms | 2025-06-07 | N/A | 9.8 CRITICAL |
| ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp. | |||||
| CVE-2024-0753 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2025-06-07 | N/A | 6.5 MEDIUM |
| In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | |||||
| CVE-2025-28073 | 2025-06-07 | N/A | 6.1 MEDIUM | ||
| phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized. | |||||
| CVE-2025-28074 | 2025-06-07 | N/A | 6.1 MEDIUM | ||
| phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript. | |||||
| CVE-2025-31027 | 1 Jocoxdesign | 1 Tiger | 2025-06-06 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0. | |||||