Vulnerabilities (CVE)

Total 301191 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-46922 1 Adobe 1 Experience Manager 2025-06-12 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46920 1 Adobe 1 Experience Manager 2025-06-12 N/A 4.6 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46919 1 Adobe 1 Experience Manager 2025-06-12 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-3004 1 Forestblog Project 1 Forestblog 2025-06-12 4.0 MEDIUM 3.5 LOW
A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-31116 1 Opensecurity 1 Mobile Security Framework 2025-06-12 N/A 4.4 MEDIUM
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. This vulnerability is fixed in 4.3.2.
CVE-2025-29405 1 Emlog 1 Emlog 2025-06-12 N/A 6.3 MEDIUM
An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5.* allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-51322 1 Zucchetti 1 Ad Hoc Infinity 2025-06-12 N/A 5.4 MEDIUM
Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmd_container.jsp components
CVE-2025-4256 1 Seacms 1 Seacms 2025-06-12 4.0 MEDIUM 3.5 LOW
A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-45240 1 Qianfox 1 Foxcms 2025-06-12 N/A 6.5 MEDIUM
foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php.
CVE-2025-45238 1 Qianfox 1 Foxcms 2025-06-12 N/A 9.1 CRITICAL
foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method.
CVE-2025-45239 1 Qianfox 1 Foxcms 2025-06-12 N/A 5.3 MEDIUM
An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.
CVE-2025-4327 1 Mrcms 1 Mrcms 2025-06-12 5.0 MEDIUM 4.3 MEDIUM
A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected.
CVE-2025-4329 1 74cms 1 74cms 2025-06-12 4.0 MEDIUM 4.3 MEDIUM
A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-49113 2025-06-12 N/A 9.9 CRITICAL
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
CVE-2024-8012 1 Ivanti 1 Workspace Control 2025-06-12 N/A 7.8 HIGH
An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
CVE-2024-44107 1 Ivanti 1 Workspace Control 2025-06-12 N/A 8.8 HIGH
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.
CVE-2024-44106 1 Ivanti 1 Workspace Control 2025-06-12 N/A 8.8 HIGH
Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
CVE-2024-44105 1 Ivanti 1 Workspace Control 2025-06-12 N/A 8.2 HIGH
Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials.
CVE-2024-44104 1 Ivanti 1 Workspace Control 2025-06-12 N/A 8.8 HIGH
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
CVE-2024-44103 1 Ivanti 1 Workspace Control 2025-06-12 N/A 8.8 HIGH
DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.