Total
297966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12071 | 1 Codeigniter | 1 Codeigniter | 2025-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled. | |||||
| CVE-2025-5242 | 2025-06-07 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2025-5223 | 2025-06-07 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2025-5097 | 2025-06-07 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2025-5026 | 2025-06-07 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2024-22988 | 1 Zkteco | 1 Zkbio Wdms | 2025-06-07 | N/A | 9.8 CRITICAL |
| ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp. | |||||
| CVE-2024-0753 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2025-06-07 | N/A | 6.5 MEDIUM |
| In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | |||||
| CVE-2025-28073 | 2025-06-07 | N/A | 6.1 MEDIUM | ||
| phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized. | |||||
| CVE-2025-28074 | 2025-06-07 | N/A | 6.1 MEDIUM | ||
| phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript. | |||||
| CVE-2025-31027 | 1 Jocoxdesign | 1 Tiger | 2025-06-06 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0. | |||||
| CVE-2025-48146 | 1 Lupsonline | 1 Seo Flow | 2025-06-06 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Lups SEO Flow by LupsOnline allows Stored XSS. This issue affects SEO Flow by LupsOnline: from n/a through 2.2.0. | |||||
| CVE-2025-39509 | 1 Themencode | 1 Tnc Flipbook | 2025-06-06 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode TNC FlipBook allows Stored XSS. This issue affects TNC FlipBook: from n/a through 12.1.0. | |||||
| CVE-2025-39507 | 1 Nasatheme | 1 Nasa Core | 2025-06-06 | N/A | 7.5 HIGH |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core allows PHP Local File Inclusion. This issue affects Nasa Core: from n/a through 6.3.2. | |||||
| CVE-2025-39493 | 1 Valvepress | 1 Rankie | 2025-06-06 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in ValvePress Rankie allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rankie: from n/a through 1.8.0. | |||||
| CVE-2025-39482 | 1 Imithemes | 1 Eventer | 2025-06-06 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in imithemes Eventer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Eventer: from n/a through 3.9.6. | |||||
| CVE-2025-47544 | 1 Acowebs | 1 Dynamic Pricing With Discount Rules For Woocommerce | 2025-06-06 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce allows Blind SQL Injection. This issue affects Dynamic Pricing With Discount Rules for WooCommerce: from n/a through 4.5.8. | |||||
| CVE-2024-24262 | 1 Ireader | 1 Media-server | 2025-06-06 | N/A | 7.5 HIGH |
| media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c. | |||||
| CVE-2024-22900 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2025-06-06 | N/A | 8.8 HIGH |
| Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function. | |||||
| CVE-2023-51073 | 1 Buffalo | 2 Ls210d, Ls210d Firmware | 2025-06-06 | N/A | 8.1 HIGH |
| An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh. | |||||
| CVE-2024-37826 | 1 Vercot | 1 Serva | 2025-06-06 | N/A | 7.5 HIGH |
| A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||||