Vulnerabilities (CVE)

Total 301387 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-46984 1 Adobe 1 Experience Manager 2025-06-13 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46985 1 Adobe 1 Experience Manager 2025-06-13 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46986 1 Adobe 1 Experience Manager 2025-06-13 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46987 1 Adobe 1 Experience Manager 2025-06-13 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-53425 1 Assimp 1 Assimp 2025-06-13 N/A 6.2 MEDIUM
A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash.
CVE-2025-46988 1 Adobe 1 Experience Manager 2025-06-13 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-52771 1 Dedebiz 1 Dedebiz 2025-06-13 N/A 9.1 CRITICAL
DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the component /admin/file_manage_view.
CVE-2024-52770 1 Dedebiz 1 Dedebiz 2025-06-13 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in the component /admin/file_manage_control of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2025-3623 2025-06-13 N/A 9.1 CRITICAL
The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automator_api_decode_message() function. This makes it possible for unauthenticated to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files.
CVE-2024-52769 1 Dedebiz 1 Dedebiz 2025-06-13 N/A 7.2 HIGH
An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2025-26846 1 Znuny 1 Znuny 2025-06-13 N/A 9.8 CRITICAL
An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata.
CVE-2025-44830 1 Engineercms Project 1 Engineercms 2025-06-13 N/A 9.8 CRITICAL
EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface.
CVE-2025-45779 1 Tenda 2 Ac10, Ac10 Firmware 2025-06-13 N/A 9.8 CRITICAL
Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter.
CVE-2025-44175 1 Tenda 2 Ac10, Ac10 Firmware 2025-06-13 N/A 5.4 MEDIUM
Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function.
CVE-2024-34199 1 Ritlabs 1 Tinyweb 2025-06-13 N/A 8.6 HIGH
TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line.
CVE-2024-34243 1 Pantsel 1 Konga 2025-06-13 N/A 5.4 MEDIUM
Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter.
CVE-2024-34250 1 Bytecodealliance 1 Webassembly Micro Runtime 2025-06-13 N/A 6.2 MEDIUM
A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the "wasm_loader_check_br" function in core/iwasm/interpreter/wasm_loader.c.
CVE-2024-34251 1 Bytecodealliance 1 Webassembly Micro Runtime 2025-06-13 N/A 7.5 HIGH
An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the "block_type_get_arity" function in core/iwasm/interpreter/wasm.h.
CVE-2025-46837 1 Adobe 1 Experience Manager 2025-06-13 N/A 8.7 HIGH
Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
CVE-2025-44868 1 Wavlink 2 Wl-wn530h4, Wl-wn530h4 Firmware 2025-06-13 N/A 9.8 CRITICAL
Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.