Total
298714 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22997 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-11 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter. | |||||
| CVE-2024-34509 | 2 Debian, Offis | 2 Debian Linux, Dcmtk | 2025-06-11 | N/A | 5.3 MEDIUM |
| dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. | |||||
| CVE-2021-43905 | 1 Microsoft | 1 365 Copilot | 2025-06-11 | 6.8 MEDIUM | 9.6 CRITICAL |
| Microsoft Office app Remote Code Execution Vulnerability | |||||
| CVE-2024-27628 | 1 Offis | 1 Dcmtk | 2025-06-11 | N/A | 8.1 HIGH |
| Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component. | |||||
| CVE-2023-48197 | 1 Grocy Project | 1 Grocy | 2025-06-11 | N/A | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function. | |||||
| CVE-2023-47674 | 1 C-first | 56 Cfr-1004ea, Cfr-1004ea Firmware, Cfr-1008ea and 53 more | 2025-06-11 | N/A | 9.8 CRITICAL |
| Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround. | |||||
| CVE-2023-47488 | 1 Combodo | 1 Itop | 2025-06-11 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page. | |||||
| CVE-2023-47335 | 1 Autelrobotics | 2 Evo Nano Drone, Evo Nano Drone Firmware | 2025-06-11 | N/A | 6.5 MEDIUM |
| Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones. | |||||
| CVE-2023-46849 | 3 Debian, Fedoraproject, Openvpn | 4 Debian Linux, Fedora, Openvpn and 1 more | 2025-06-11 | N/A | 7.5 HIGH |
| Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service. | |||||
| CVE-2023-43591 | 1 Zoom | 1 Rooms | 2025-06-11 | N/A | 7.8 HIGH |
| Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | |||||
| CVE-2024-6690 | 1 Wp-buy | 1 Wp Content Copy Protection \& No Right Click | 2025-06-11 | N/A | 6.1 MEDIUM |
| The wccp-pro WordPress plugin before 15.3 contains an open-redirect flaw via the referrer parameter, allowing redirection of users to external sites | |||||
| CVE-2020-18305 | 1 Extremenetworks | 1 Extremexos | 2025-06-11 | N/A | 8.0 HIGH |
| Extreme Networks EXOS before v.22.7 and before v.30.2 was discovered to contain an issue in its Web GUI which fails to restrict URL access, allowing attackers to access sensitive information or escalate privileges. | |||||
| CVE-2024-13865 | 1 S3bubble | 1 S3player | 2025-06-11 | N/A | 6.1 MEDIUM |
| The S3Player WordPress plugin through 4.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. | |||||
| CVE-2024-50564 | 1 Fortinet | 1 Forticlient | 2025-06-11 | N/A | 3.3 LOW |
| A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped. | |||||
| CVE-2025-4929 | 1 Campcodes | 1 Online Shopping Portal | 2025-06-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /my-account.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5268 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-06-11 | N/A | 6.5 MEDIUM |
| Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. | |||||
| CVE-2024-1663 | 1 Texttheater | 1 Ultimate Noindex Nofollow Tool Ii | 2025-06-11 | N/A | 4.8 MEDIUM |
| The Ultimate Noindex Nofollow Tool II WordPress plugin before 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-2643 | 1 Premio | 1 My Sticky Bar | 2025-06-11 | N/A | 4.8 MEDIUM |
| The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.6.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-34500 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-06-11 | N/A | 6.1 MEDIUM |
| An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the $err var) are not escaped before being passed to Html::rawElement() in the getError() function in the Hooks class. | |||||
| CVE-2024-51406 | 1 Projectfloodlight | 1 Open Sdn Controller | 2025-06-11 | N/A | 6.2 MEDIUM |
| Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts inside and outside the cluster. | |||||