Total
301598 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32880 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2025-06-16 | N/A | 4.4 MEDIUM |
| In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308076. | |||||
| CVE-2023-32875 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2025-06-16 | N/A | 4.4 MEDIUM |
| In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08304217. | |||||
| CVE-2023-32401 | 1 Apple | 1 Macos | 2025-06-16 | N/A | 7.8 HIGH |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-31506 | 1 Getgrav | 1 Grav | 2025-06-16 | N/A | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element. | |||||
| CVE-2023-26999 | 1 Netscout | 1 Ngeniusone | 2025-06-16 | N/A | 9.8 CRITICAL |
| An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file. | |||||
| CVE-2025-29401 | 1 Emlog | 1 Emlog | 2025-06-16 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2023-51295 | 1 Phpjabbers | 1 Event Booking Calendar | 2025-06-16 | N/A | 6.5 MEDIUM |
| PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | |||||
| CVE-2023-51328 | 1 Phpjabbers | 1 Cleaning Business Software | 2025-06-16 | N/A | 5.4 MEDIUM |
| PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters. | |||||
| CVE-2025-28073 | 1 Phplist | 1 Phplist | 2025-06-16 | N/A | 6.1 MEDIUM |
| phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized. | |||||
| CVE-2025-28074 | 1 Phplist | 1 Phplist | 2025-06-16 | N/A | 6.1 MEDIUM |
| phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript. | |||||
| CVE-2025-47816 | 1 Gnu | 1 Pspp | 2025-06-16 | N/A | 2.9 LOW |
| libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document. | |||||
| CVE-2025-4538 | 1 Keking | 1 Kkfileview | 2025-06-16 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-44831 | 1 Engineercms Project | 1 Engineercms | 2025-06-16 | N/A | 9.8 CRITICAL |
| EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface. | |||||
| CVE-2025-45859 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-06-16 | N/A | 5.4 MEDIUM |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface. | |||||
| CVE-2023-53154 | 1 Cjson Project | 1 Cjson | 2025-06-16 | N/A | 2.9 LOW |
| parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called. | |||||
| CVE-2024-38822 | 2025-06-16 | N/A | 2.7 LOW | ||
| Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion. | |||||
| CVE-2024-25675 | 1 Misp | 1 Misp | 2025-06-16 | N/A | 9.8 CRITICAL |
| An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp. | |||||
| CVE-2022-23180 | 1 Themehunk | 1 Contact Form \& Lead Form Elementor Builder | 2025-06-16 | N/A | 4.3 MEDIUM |
| The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings | |||||
| CVE-2025-5126 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2025-06-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. The manipulation of the argument year/month/day/hour/minute leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5127 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2025-06-16 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. The manipulation of the argument cmd leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||