Total
298949 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5935 | 2025-06-12 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-33061 | 2025-06-12 | N/A | 5.5 MEDIUM | ||
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-22463 | 2025-06-12 | N/A | 7.3 HIGH | ||
| A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password. | |||||
| CVE-2025-32712 | 2025-06-12 | N/A | 7.8 HIGH | ||
| Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-33069 | 2025-06-12 | N/A | 5.1 MEDIUM | ||
| Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature locally. | |||||
| CVE-2025-48937 | 2025-06-12 | N/A | 4.9 MEDIUM | ||
| matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. This vulnerability is fixed in 0.11.1 and 0.12.0. | |||||
| CVE-2025-26395 | 2025-06-12 | N/A | 7.1 HIGH | ||
| SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. The attack requires authentication using an administrator-level account and user interaction is required. | |||||
| CVE-2025-22455 | 2025-06-12 | N/A | 8.8 HIGH | ||
| A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials. | |||||
| CVE-2025-47163 | 2025-06-12 | N/A | 8.8 HIGH | ||
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-31325 | 2025-06-12 | N/A | 5.8 MEDIUM | ||
| Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Keyword Documentation), an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected parameter. When a victim accesses the affected page, the script executes in their browser, providing the attacker limited access to restricted information. The vulnerability does not affect data integrity or availability and operates entirely within the context of the client's browser. | |||||
| CVE-2025-33067 | 2025-06-12 | N/A | 8.4 HIGH | ||
| Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally. | |||||
| CVE-2025-27207 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
| Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-47165 | 2025-06-12 | N/A | 7.8 HIGH | ||
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-33066 | 2025-06-12 | N/A | 8.8 HIGH | ||
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-3076 | 2025-06-12 | N/A | 6.4 MEDIUM | ||
| The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text’ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-47164 | 2025-06-12 | N/A | 8.4 HIGH | ||
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-40657 | 2025-06-12 | N/A | N/A | ||
| A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp. | |||||
| CVE-2025-32718 | 2025-06-12 | N/A | 7.8 HIGH | ||
| Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-4680 | 2025-06-12 | N/A | N/A | ||
| Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects upKeeper Instant Privilege Access: before 1.4.0. | |||||
| CVE-2024-50562 | 2025-06-12 | N/A | 4.8 MEDIUM | ||
| An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out. | |||||