Total
296962 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1289 | 1 Coffee-code | 1 Getnet Para Woocommerce | 2025-06-04 | N/A | 4.8 MEDIUM |
| The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-1303 | 1 Coffee-code | 1 Getnet Para Woocommerce | 2025-06-04 | N/A | 6.1 MEDIUM |
| The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users. | |||||
| CVE-2025-4580 | 1 Dimdavid | 1 File Provider | 2025-06-04 | N/A | 4.3 MEDIUM |
| The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2025-2247 | 1 Mantus667 | 1 Wp-pmanager | 2025-06-04 | N/A | 5.4 MEDIUM |
| The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
| CVE-2025-2248 | 1 Mantus667 | 1 Wp-pmanager | 2025-06-04 | N/A | 5.4 MEDIUM |
| The WP-PManager WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | |||||
| CVE-2025-47161 | 1 Microsoft | 1 Defender For Endpoint | 2025-06-04 | N/A | 7.8 HIGH |
| Microsoft Defender for Endpoint Elevation of Privilege Vulnerability | |||||
| CVE-2025-1138 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2025-06-04 | N/A | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing. | |||||
| CVE-2024-51475 | 1 Ibm | 1 Content Navigator | 2025-06-04 | N/A | 5.4 MEDIUM |
| IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | |||||
| CVE-2025-48174 | 1 Aomedia | 1 Libavif | 2025-06-04 | N/A | 4.5 MEDIUM |
| In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size. | |||||
| CVE-2025-27703 | 1 Absolute | 1 Secure Access | 2025-06-04 | N/A | 6.0 MEDIUM |
| CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the console. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality is low, the impact to system integrity is high and the impact to system availability is low. | |||||
| CVE-2025-27706 | 1 Absolute | 1 Secure Access | 2025-06-04 | N/A | 3.4 LOW |
| CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator visits the page. Attack complexity is low, there are no preexisting attack requirements, privileges required are high and active user interaction is required. There is no impact on confidentiality, the impact on integrity is low and there is no impact on availability. | |||||
| CVE-2025-46078 | 1 Huocms | 1 Huocms | 2025-06-04 | N/A | 5.3 MEDIUM |
| HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server | |||||
| CVE-2025-46080 | 1 Huocms | 1 Huocms | 2025-06-04 | N/A | 5.3 MEDIUM |
| HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server. | |||||
| CVE-2025-41385 | 1 Uchida | 2 Wivia 5, Wivia 5 Firmware | 2025-06-04 | N/A | 7.2 HIGH |
| An OS Command Injection issue exists in wivia 5 all versions. If this vulnerability is exploited, an arbitrary OS command may be executed by a logged-in administrative user. | |||||
| CVE-2025-41406 | 1 Uchida | 2 Wivia 5, Wivia 5 Firmware | 2025-06-04 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user. | |||||
| CVE-2025-47697 | 1 Uchida | 2 Wivia 5, Wivia 5 Firmware | 2025-06-04 | N/A | 7.5 HIGH |
| Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user. | |||||
| CVE-2025-48486 | 1 Freescout | 1 Freescout | 2025-06-04 | N/A | 5.4 MEDIUM |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the cross-site scripiting (XSS) vulnerability is caused by the lack of input validation and sanitization in both \Session::flash and __, allowing user input to be executed without proper filtering. This issue has been patched in version 1.8.180. | |||||
| CVE-2025-48487 | 1 Freescout | 1 Freescout | 2025-06-04 | N/A | 4.8 MEDIUM |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when creating a translation of a phrase that appears in a flash-message after a completed action, it is possible to inject a payload to exploit XSS vulnerability. This issue has been patched in version 1.8.180. | |||||
| CVE-2025-48488 | 1 Freescout | 1 Freescout | 2025-06-04 | N/A | 5.4 MEDIUM |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, deleting the file .htaccess allows an attacker to upload an HTML file containing malicious JavaScript code to the server, which can result in a Cross-Site Scripting (XSS) vulnerability. This issue has been patched in version 1.8.180. | |||||
| CVE-2025-48489 | 1 Freescout | 1 Freescout | 2025-06-04 | N/A | 4.8 MEDIUM |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180. | |||||