Total
298694 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45194 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-06-11 | N/A | 4.8 MEDIUM |
| In Zimbra Collaboration (ZCS) 9.0 and 10.0, a vulnerability in the Webmail Modern UI allows execution of stored Cross-Site Scripting (XSS) payloads. An attacker with administrative access to the Zimbra Administration Panel can inject malicious JavaScript code while configuring an email account. This injected code is stored on the server and executed in the context of the victim's browser when interacting with specific elements in the web interface. (The vulnerability can be mitigated by properly sanitizing input parameters to prevent the injection of malicious code.) | |||||
| CVE-2024-6486 | 1 Orangelab | 1 Imagemagick Engine | 2025-06-11 | N/A | 7.2 HIGH |
| The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "cli_path" parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server leading to remote code execution. | |||||
| CVE-2024-33788 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-11 | N/A | 8.0 HIGH |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. | |||||
| CVE-2025-22996 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-11 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter. | |||||
| CVE-2025-25193 | 2 Microsoft, Netty | 2 Windows, Netty | 2025-06-11 | N/A | 5.5 MEDIUM |
| Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. A similar issue was previously reported as CVE-2024-47535. This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. Commit d1fbda62d3a47835d3fb35db8bd42ecc205a5386 contains an updated fix. | |||||
| CVE-2025-22997 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-11 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter. | |||||
| CVE-2024-34509 | 2 Debian, Offis | 2 Debian Linux, Dcmtk | 2025-06-11 | N/A | 5.3 MEDIUM |
| dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. | |||||
| CVE-2021-43905 | 1 Microsoft | 1 365 Copilot | 2025-06-11 | 6.8 MEDIUM | 9.6 CRITICAL |
| Microsoft Office app Remote Code Execution Vulnerability | |||||
| CVE-2024-27628 | 1 Offis | 1 Dcmtk | 2025-06-11 | N/A | 8.1 HIGH |
| Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component. | |||||
| CVE-2023-48197 | 1 Grocy Project | 1 Grocy | 2025-06-11 | N/A | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function. | |||||
| CVE-2023-47674 | 1 C-first | 56 Cfr-1004ea, Cfr-1004ea Firmware, Cfr-1008ea and 53 more | 2025-06-11 | N/A | 9.8 CRITICAL |
| Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround. | |||||
| CVE-2023-47488 | 1 Combodo | 1 Itop | 2025-06-11 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page. | |||||
| CVE-2023-47335 | 1 Autelrobotics | 2 Evo Nano Drone, Evo Nano Drone Firmware | 2025-06-11 | N/A | 6.5 MEDIUM |
| Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones. | |||||
| CVE-2023-46849 | 3 Debian, Fedoraproject, Openvpn | 4 Debian Linux, Fedora, Openvpn and 1 more | 2025-06-11 | N/A | 7.5 HIGH |
| Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service. | |||||
| CVE-2023-43591 | 1 Zoom | 1 Rooms | 2025-06-11 | N/A | 7.8 HIGH |
| Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | |||||
| CVE-2024-6690 | 1 Wp-buy | 1 Wp Content Copy Protection \& No Right Click | 2025-06-11 | N/A | 6.1 MEDIUM |
| The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites | |||||
| CVE-2020-18305 | 1 Extremenetworks | 1 Extremexos | 2025-06-11 | N/A | 8.0 HIGH |
| Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges. | |||||
| CVE-2024-13865 | 1 S3bubble | 1 S3player | 2025-06-11 | N/A | 6.1 MEDIUM |
| The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. | |||||
| CVE-2024-50564 | 1 Fortinet | 1 Forticlient | 2025-06-11 | N/A | 3.3 LOW |
| A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped. | |||||
| CVE-2025-4929 | 1 Campcodes | 1 Online Shopping Portal | 2025-06-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /my-account.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||