Total
298660 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48793 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-11 | N/A | 9.8 CRITICAL |
| Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. | |||||
| CVE-2023-48792 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-11 | N/A | 9.8 CRITICAL |
| Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option. | |||||
| CVE-2023-48127 | 1 Linecorp | 1 Line | 2025-06-11 | N/A | 5.4 MEDIUM |
| An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-47145 | 2 Ibm, Microsoft | 2 Db2, Windows | 2025-06-11 | N/A | 8.4 HIGH |
| IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402. | |||||
| CVE-2023-47132 | 1 N-able | 1 N-central | 2025-06-11 | N/A | 9.8 CRITICAL |
| An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls. | |||||
| CVE-2023-43999 | 1 Linecorp | 1 Line | 2025-06-11 | N/A | 5.4 MEDIUM |
| An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43988 | 1 Linecorp | 1 Line | 2025-06-11 | N/A | 5.4 MEDIUM |
| An issue in nature fitness saijo mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-42833 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-06-11 | N/A | 8.8 HIGH |
| A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-40439 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-11 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information. | |||||
| CVE-2023-3211 | 1 Dmparekh | 1 Wordpress Database Administrator | 2025-06-11 | N/A | 9.8 CRITICAL |
| The WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | |||||
| CVE-2023-35836 | 1 Solax | 2 Pocket Wifi 3, Pocket Wifi 3 Firmware | 2025-06-11 | N/A | 6.5 MEDIUM |
| An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks. | |||||
| CVE-2023-33472 | 1 Scada-lts | 1 Scada-lts | 2025-06-11 | N/A | 8.8 HIGH |
| An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function. | |||||
| CVE-2023-21901 | 1 Oracle | 1 Financial Services Analytical Applications Infrastructure | 2025-06-11 | N/A | 7.4 HIGH |
| Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L). | |||||
| CVE-2023-1405 | 1 Strategy11 | 1 Formidable Forms | 2025-06-11 | N/A | 7.5 HIGH |
| The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present. | |||||
| CVE-2023-0389 | 1 Codepeople | 1 Calculated Fields Form | 2025-06-11 | N/A | 4.8 MEDIUM |
| The Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-3604 | 1 Crmperks | 1 Database For Contact Form 7\, Wpforms\, Elementor Forms | 2025-06-11 | N/A | 7.8 HIGH |
| The Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection. | |||||
| CVE-2022-0775 | 1 Woocommerce | 1 Woocommerce | 2025-06-11 | N/A | 4.3 MEDIUM |
| The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment | |||||
| CVE-2021-42142 | 1 Contiki-ng | 1 Tinydtls | 2025-06-11 | N/A | 9.8 CRITICAL |
| An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops. | |||||
| CVE-2021-24566 | 1 Pluginus | 1 Fox - Currency Switcher Professional For Woocommerce | 2025-06-11 | N/A | 8.8 HIGH |
| The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode. | |||||
| CVE-2021-24432 | 1 Berocket | 1 Advanced Ajax Product Filters | 2025-06-11 | N/A | 6.1 MEDIUM |
| The Advanced AJAX Product Filters WordPress plugin does not sanitise the 'term_id' POST parameter before outputting it in the page, leading to reflected Cross-Site Scripting issue. | |||||