Vulnerabilities (CVE)

Total 298054 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-39611 1 Softwarefx 1 Chart Fx 2025-06-16 N/A 7.5 HIGH
An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests.
CVE-2023-34322 1 Xen 1 Xen 2025-06-16 N/A 7.8 HIGH
For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on the shadow of the guest root page table. In the course of dealing with shortage of memory in the shadow pool associated with a domain, shadows of page tables may be torn down. This tearing down may include the shadow root page table that the CPU in question is presently running on. While a precaution exists to supposedly prevent the tearing down of the underlying live page table, the time window covered by that precaution isn't large enough.
CVE-2023-32880 2 Google, Mediatek 22 Android, Mt6762, Mt6765 and 19 more 2025-06-16 N/A 4.4 MEDIUM
In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308076.
CVE-2023-32875 2 Google, Mediatek 58 Android, Mt6580, Mt6731 and 55 more 2025-06-16 N/A 4.4 MEDIUM
In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08304217.
CVE-2023-32401 1 Apple 1 Macos 2025-06-16 N/A 7.8 HIGH
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution.
CVE-2023-31506 1 Getgrav 1 Grav 2025-06-16 N/A 5.4 MEDIUM
A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.
CVE-2023-26999 1 Netscout 1 Ngeniusone 2025-06-16 N/A 9.8 CRITICAL
An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file.
CVE-2025-29401 1 Emlog 1 Emlog 2025-06-16 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2023-51295 1 Phpjabbers 1 Event Booking Calendar 2025-06-16 N/A 6.5 MEDIUM
PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.
CVE-2023-51328 1 Phpjabbers 1 Cleaning Business Software 2025-06-16 N/A 5.4 MEDIUM
PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters.
CVE-2025-28073 1 Phplist 1 Phplist 2025-06-16 N/A 6.1 MEDIUM
phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized.
CVE-2025-28074 1 Phplist 1 Phplist 2025-06-16 N/A 6.1 MEDIUM
phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript.
CVE-2025-47816 1 Gnu 1 Pspp 2025-06-16 N/A 2.9 LOW
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document.
CVE-2025-4538 1 Keking 1 Kkfileview 2025-06-16 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-44831 1 Engineercms Project 1 Engineercms 2025-06-16 N/A 9.8 CRITICAL
EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface.
CVE-2025-45859 1 Totolink 2 A3002r, A3002r Firmware 2025-06-16 N/A 5.4 MEDIUM
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface.
CVE-2023-53154 1 Cjson Project 1 Cjson 2025-06-16 N/A 2.9 LOW
parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.
CVE-2025-6177 2025-06-16 N/A 7.4 HIGH
Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).
CVE-2025-6133 2025-06-16 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in Projectworlds Life Insurance Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /insertagent.php. The manipulation of the argument agent_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6132 2025-06-16 7.5 HIGH 7.3 HIGH
A vulnerability has been found in Chanjet CRM 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysconfig/departmentsetting.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.