Total
301387 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-46984 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-46985 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-46986 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-46987 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2024-53425 | 1 Assimp | 1 Assimp | 2025-06-13 | N/A | 6.2 MEDIUM |
A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash. | |||||
CVE-2025-46988 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2024-52771 | 1 Dedebiz | 1 Dedebiz | 2025-06-13 | N/A | 9.1 CRITICAL |
DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the component /admin/file_manage_view. | |||||
CVE-2024-52770 | 1 Dedebiz | 1 Dedebiz | 2025-06-13 | N/A | 9.8 CRITICAL |
An arbitrary file upload vulnerability in the component /admin/file_manage_control of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
CVE-2025-3623 | 2025-06-13 | N/A | 9.1 CRITICAL | ||
The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automator_api_decode_message() function. This makes it possible for unauthenticated to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files. | |||||
CVE-2024-52769 | 1 Dedebiz | 1 Dedebiz | 2025-06-13 | N/A | 7.2 HIGH |
An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
CVE-2025-26846 | 1 Znuny | 1 Znuny | 2025-06-13 | N/A | 9.8 CRITICAL |
An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata. | |||||
CVE-2025-44830 | 1 Engineercms Project | 1 Engineercms | 2025-06-13 | N/A | 9.8 CRITICAL |
EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface. | |||||
CVE-2025-45779 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-06-13 | N/A | 9.8 CRITICAL |
Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter. | |||||
CVE-2025-44175 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-06-13 | N/A | 5.4 MEDIUM |
Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function. | |||||
CVE-2024-34199 | 1 Ritlabs | 1 Tinyweb | 2025-06-13 | N/A | 8.6 HIGH |
TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line. | |||||
CVE-2024-34243 | 1 Pantsel | 1 Konga | 2025-06-13 | N/A | 5.4 MEDIUM |
Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter. | |||||
CVE-2024-34250 | 1 Bytecodealliance | 1 Webassembly Micro Runtime | 2025-06-13 | N/A | 6.2 MEDIUM |
A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the "wasm_loader_check_br" function in core/iwasm/interpreter/wasm_loader.c. | |||||
CVE-2024-34251 | 1 Bytecodealliance | 1 Webassembly Micro Runtime | 2025-06-13 | N/A | 7.5 HIGH |
An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the "block_type_get_arity" function in core/iwasm/interpreter/wasm.h. | |||||
CVE-2025-46837 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 8.7 HIGH |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
CVE-2025-44868 | 1 Wavlink | 2 Wl-wn530h4, Wl-wn530h4 Firmware | 2025-06-13 | N/A | 9.8 CRITICAL |
Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. |