Total
298054 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-39611 | 1 Softwarefx | 1 Chart Fx | 2025-06-16 | N/A | 7.5 HIGH |
An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests. | |||||
CVE-2023-34322 | 1 Xen | 1 Xen | 2025-06-16 | N/A | 7.8 HIGH |
For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on the shadow of the guest root page table. In the course of dealing with shortage of memory in the shadow pool associated with a domain, shadows of page tables may be torn down. This tearing down may include the shadow root page table that the CPU in question is presently running on. While a precaution exists to supposedly prevent the tearing down of the underlying live page table, the time window covered by that precaution isn't large enough. | |||||
CVE-2023-32880 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2025-06-16 | N/A | 4.4 MEDIUM |
In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308076. | |||||
CVE-2023-32875 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2025-06-16 | N/A | 4.4 MEDIUM |
In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08304217. | |||||
CVE-2023-32401 | 1 Apple | 1 Macos | 2025-06-16 | N/A | 7.8 HIGH |
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution. | |||||
CVE-2023-31506 | 1 Getgrav | 1 Grav | 2025-06-16 | N/A | 5.4 MEDIUM |
A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element. | |||||
CVE-2023-26999 | 1 Netscout | 1 Ngeniusone | 2025-06-16 | N/A | 9.8 CRITICAL |
An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file. | |||||
CVE-2025-29401 | 1 Emlog | 1 Emlog | 2025-06-16 | N/A | 9.8 CRITICAL |
An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
CVE-2023-51295 | 1 Phpjabbers | 1 Event Booking Calendar | 2025-06-16 | N/A | 6.5 MEDIUM |
PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | |||||
CVE-2023-51328 | 1 Phpjabbers | 1 Cleaning Business Software | 2025-06-16 | N/A | 5.4 MEDIUM |
PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters. | |||||
CVE-2025-28073 | 1 Phplist | 1 Phplist | 2025-06-16 | N/A | 6.1 MEDIUM |
phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized. | |||||
CVE-2025-28074 | 1 Phplist | 1 Phplist | 2025-06-16 | N/A | 6.1 MEDIUM |
phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript. | |||||
CVE-2025-47816 | 1 Gnu | 1 Pspp | 2025-06-16 | N/A | 2.9 LOW |
libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document. | |||||
CVE-2025-4538 | 1 Keking | 1 Kkfileview | 2025-06-16 | 6.5 MEDIUM | 6.3 MEDIUM |
A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2025-44831 | 1 Engineercms Project | 1 Engineercms | 2025-06-16 | N/A | 9.8 CRITICAL |
EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface. | |||||
CVE-2025-45859 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-06-16 | N/A | 5.4 MEDIUM |
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface. | |||||
CVE-2023-53154 | 1 Cjson Project | 1 Cjson | 2025-06-16 | N/A | 2.9 LOW |
parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called. | |||||
CVE-2025-6177 | 2025-06-16 | N/A | 7.4 HIGH | ||
Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP). | |||||
CVE-2025-6133 | 2025-06-16 | 6.5 MEDIUM | 6.3 MEDIUM | ||
A vulnerability was found in Projectworlds Life Insurance Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /insertagent.php. The manipulation of the argument agent_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-6132 | 2025-06-16 | 7.5 HIGH | 7.3 HIGH | ||
A vulnerability has been found in Chanjet CRM 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysconfig/departmentsetting.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |