Total
301191 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-46922 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-46920 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 4.6 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-46919 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-3004 | 1 Forestblog Project | 1 Forestblog | 2025-06-12 | 4.0 MEDIUM | 3.5 LOW |
A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-31116 | 1 Opensecurity | 1 Mobile Security Framework | 2025-06-12 | N/A | 4.4 MEDIUM |
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. This vulnerability is fixed in 4.3.2. | |||||
CVE-2025-29405 | 1 Emlog | 1 Emlog | 2025-06-12 | N/A | 6.3 MEDIUM |
An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5.* allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
CVE-2024-51322 | 1 Zucchetti | 1 Ad Hoc Infinity | 2025-06-12 | N/A | 5.4 MEDIUM |
Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmd_container.jsp components | |||||
CVE-2025-4256 | 1 Seacms | 1 Seacms | 2025-06-12 | 4.0 MEDIUM | 3.5 LOW |
A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-45240 | 1 Qianfox | 1 Foxcms | 2025-06-12 | N/A | 6.5 MEDIUM |
foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php. | |||||
CVE-2025-45238 | 1 Qianfox | 1 Foxcms | 2025-06-12 | N/A | 9.1 CRITICAL |
foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method. | |||||
CVE-2025-45239 | 1 Qianfox | 1 Foxcms | 2025-06-12 | N/A | 5.3 MEDIUM |
An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal. | |||||
CVE-2025-4327 | 1 Mrcms | 1 Mrcms | 2025-06-12 | 5.0 MEDIUM | 4.3 MEDIUM |
A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected. | |||||
CVE-2025-4329 | 1 74cms | 1 74cms | 2025-06-12 | 4.0 MEDIUM | 4.3 MEDIUM |
A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-49113 | 2025-06-12 | N/A | 9.9 CRITICAL | ||
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. | |||||
CVE-2024-8012 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | N/A | 7.8 HIGH |
An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | |||||
CVE-2024-44107 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | N/A | 8.8 HIGH |
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. | |||||
CVE-2024-44106 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | N/A | 8.8 HIGH |
Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | |||||
CVE-2024-44105 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | N/A | 8.2 HIGH |
Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials. | |||||
CVE-2024-44104 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | N/A | 8.8 HIGH |
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | |||||
CVE-2024-44103 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | N/A | 8.8 HIGH |
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. |