Total
296991 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5531 | 2025-06-04 | N/A | 6.4 MEDIUM | ||
| The Employee Directory – Staff Listing & Team Directory Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-31710 | 2025-06-04 | N/A | 5.9 MEDIUM | ||
| In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. | |||||
| CVE-2025-5566 | 2025-06-04 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical has been found in PHPGurukul Notice Board System 1.0. This affects an unknown part of the file /search-notice.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-20994 | 2025-06-04 | N/A | 4.5 MEDIUM | ||
| Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files. | |||||
| CVE-2018-25112 | 2025-06-04 | N/A | 7.5 HIGH | ||
| An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device. | |||||
| CVE-2025-5562 | 2025-06-04 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/edit-category-detail.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5561 | 2025-06-04 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-49163 | 2025-06-04 | N/A | 6.7 MEDIUM | ||
| Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file. | |||||
| CVE-2025-27031 | 2025-06-04 | N/A | 7.8 HIGH | ||
| memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed. | |||||
| CVE-2025-5601 | 2025-06-04 | N/A | 7.8 HIGH | ||
| Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2025-30167 | 2025-06-04 | N/A | 7.3 HIGH | ||
| Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%\jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user). | |||||
| CVE-2025-5571 | 2025-06-04 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-20992 | 2025-06-04 | N/A | 4.0 MEDIUM | ||
| Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory. | |||||
| CVE-2025-31712 | 2025-06-04 | N/A | 5.1 MEDIUM | ||
| In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. | |||||
| CVE-2025-47724 | 2025-06-04 | N/A | N/A | ||
| Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2025-47728 | 2025-06-04 | N/A | N/A | ||
| Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2025-30415 | 2025-06-04 | N/A | 7.5 HIGH | ||
| Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077. | |||||
| CVE-2025-4392 | 2025-06-04 | N/A | 7.2 HIGH | ||
| The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitize_file() function. This makes it possible for unauthenticated attackers to bypass the plugin’s MIME-only checks and inject arbitrary web scripts in pages that will execute whenever a user accesses the html file. | |||||
| CVE-2025-5598 | 2025-06-04 | N/A | N/A | ||
| Path Traversal vulnerability in WF Steuerungstechnik GmbH airleader MASTER allows Retrieve Embedded Sensitive Data.This issue affects airleader MASTER: 3.0046. | |||||
| CVE-2025-31711 | 2025-06-04 | N/A | 5.1 MEDIUM | ||
| In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed. | |||||