Total
301084 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4872 | 1 Freefloat | 1 Ftp Server | 2025-06-12 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component CCC Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4905 | 1 Washington | 1 Basestation | 2025-06-12 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The code maintainer tagged the issue as closed. But there is no new commit nor release in the GitHub repository available so far. | |||||
| CVE-2025-28371 | 1 Engeniustech | 2 Enh500, Enh500 Firmware | 2025-06-12 | N/A | 6.5 MEDIUM |
| EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a password change request with an invalid current password and set a new password. | |||||
| CVE-2025-44108 | 1 Flatpress | 1 Flatpress | 2025-06-12 | N/A | 4.8 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently. | |||||
| CVE-2024-55063 | 1 Easyvirt | 1 Dc Netscope | 2025-06-12 | N/A | 8.8 HIGH |
| Multiple Code Injection vulnerabilities in EasyVirt DC NetScope <= 8.7.0 allows remote authenticated attackers to execute arbitrary code via the (1) lang parameter to /international/keyboard/options; the (2) keyboard_layout or (3) keyboard_variant parameter to /international/settings/keyboard; the (4) timezone parameter to /international/settings/timezone. | |||||
| CVE-2025-30072 | 1 Tiiwee | 2 Twx1hakv2, Twx1hakv2 Firmware | 2025-06-12 | N/A | 7.6 HIGH |
| Tiiwee X1 Alarm System TWX1HAKV2 allows Authentication Bypass by Capture-replay, leading to physical Access to the protected facilities without triggering an alarm. | |||||
| CVE-2025-3908 | 2 Linux, Openvpn | 2 Linux Kernel, Openvpn3linux | 2025-06-12 | N/A | 6.2 MEDIUM |
| The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory. | |||||
| CVE-2025-28203 | 1 Govicture | 2 Rx1800, Rx1800 Firmware | 2025-06-12 | N/A | 8.8 HIGH |
| Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability. | |||||
| CVE-2025-43714 | 1 Openai | 1 Chatgpt | 2025-06-12 | N/A | 6.5 MEDIUM |
| The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents (instead of, for example, rendering them as text inside a code block), which enables HTML injection within most modern graphical web browsers. | |||||
| CVE-2025-4940 | 1 1000projects | 1 Daily College Class Work Report Book | 2025-06-12 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in 1000 Projects Daily College Class Work Report Book 1.0. This issue affects some unknown processing of the file /admin_info.php. The manipulation of the argument batch leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2929 | 1 Tychesoftwares | 1 Order Delivery Date For Woocommerce | 2025-06-12 | N/A | 7.1 HIGH |
| The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2025-41231 | 1 Vmware | 1 Cloud Foundation | 2025-06-12 | N/A | 7.3 HIGH |
| VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information. | |||||
| CVE-2025-3582 | 1 Thenewsletterplugin | 1 Newsletter | 2025-06-12 | N/A | 4.8 MEDIUM |
| The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-4977 | 1 Netgear | 2 Dgnd3700, Dgnd3700 Firmware | 2025-06-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some unknown functionality of the file /BRS_top.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | |||||
| CVE-2025-4978 | 1 Netgear | 2 Dgnd3700, Dgnd3700 Firmware | 2025-06-12 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | |||||
| CVE-2024-53359 | 1 Zalo | 1 Zalo | 2025-06-12 | N/A | 7.5 HIGH |
| An issue in Zalo v23.09.01 allows attackers to obtain sensitive user information via a crafted GET request. | |||||
| CVE-2025-4980 | 1 Netgear | 2 Dgnd3700, Dgnd3700 Firmware | 2025-06-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | |||||
| CVE-2025-26086 | 1 Rsiqueue | 1 Management System | 2025-06-12 | N/A | 7.5 HIGH |
| An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction of sensitive database contents without authentication. | |||||
| CVE-2025-22157 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2025-06-12 | N/A | 8.8 HIGH |
| This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server This PrivEsc (Privilege Escalation) vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged user. Atlassian recommends that Jira Core Data Center and Server and Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Jira Core Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.20 Jira Service Management Data Center and Server 5.12: Upgrade to a release greater than or equal to 5.12.20 Jira Core Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Service Management Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5 Jira Core Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Service Management Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0 Jira Core Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 Jira Service Management Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1 See the release notes. You can download the latest version of Jira Core Data Center and Jira Service Management Data Center from the download center. This vulnerability was reported via our Atlassian (Internal) program. | |||||
| CVE-2025-5000 | 1 Linksys | 4 Fgw3000-ah, Fgw3000-ah Firmware, Fgw3000-hk and 1 more | 2025-06-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function control_panel_sw of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument filename leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||