Total
297010 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-54189 | 2025-06-04 | N/A | 7.8 HIGH | ||
| A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary file, potentially leading to privilege escalation. | |||||
| CVE-2025-48961 | 2025-06-04 | N/A | 7.3 HIGH | ||
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39938. | |||||
| CVE-2025-46355 | 2025-06-04 | N/A | 7.3 HIGH | ||
| Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker. | |||||
| CVE-2025-3919 | 2025-06-04 | N/A | 6.4 MEDIUM | ||
| The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings parameters. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts on the plugin settings page that will execute whenever an administrative user accesses an injected page. The vulnerability was partially fixed in version 2.4.3 and fully fixed in version 2.4.4 | |||||
| CVE-2024-45655 | 2025-06-04 | N/A | 5.5 MEDIUM | ||
| IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment. | |||||
| CVE-2025-20995 | 2025-06-04 | N/A | 4.9 MEDIUM | ||
| Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to read and write arbitrary files. | |||||
| CVE-2025-49069 | 2025-06-04 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Cross Site Request Forgery.This issue affects Contact Forms by Cimatti: from n/a through 1.9.8. | |||||
| CVE-2025-5523 | 2025-06-04 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability classified as problematic has been found in enilu web-flash 1.0. This affects the function fileService.upload of the file src/main/java/cn/enilu/flash/api/controller/FileController/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-49000 | 2025-06-04 | N/A | 3.5 LOW | ||
| InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in `label-sheet` plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a denial-of-service via memory exhaustion. the issue is fixed in versions 0.17.13 and higher. No workaround is available aside from upgrading to the patched version. | |||||
| CVE-2025-21463 | 2025-06-04 | N/A | 7.5 HIGH | ||
| Transient DOS while processing the EHT operation IE in the received beacon frame. | |||||
| CVE-2025-21485 | 2025-06-04 | N/A | 7.8 HIGH | ||
| Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC. | |||||
| CVE-2024-53013 | 2025-06-04 | N/A | 6.6 MEDIUM | ||
| Memory corruption may occur while processing voice call registration with user. | |||||
| CVE-2025-20996 | 2025-06-04 | N/A | 5.0 MEDIUM | ||
| Improper authorization in Smart Switch installed on non-Samsung Device prior to version 3.7.64.10 allows local attackers to read data with the privilege of Smart Switch. User interaction is required for triggering this vulnerability. | |||||
| CVE-2025-32106 | 2025-06-04 | N/A | 9.8 CRITICAL | ||
| In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code. | |||||
| CVE-2024-13967 | 2025-06-04 | N/A | 8.8 HIGH | ||
| This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web Server of EIBPORT. This issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9.8. | |||||
| CVE-2025-2939 | 2025-06-04 | N/A | 5.6 MEDIUM | ||
| The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute arbitrary functions, though it does not allow user supplied parameters only single functions can be called so the impact is limited. | |||||
| CVE-2024-36486 | 2025-06-04 | N/A | 7.8 HIGH | ||
| A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation. | |||||
| CVE-2025-20993 | 2025-06-04 | N/A | 4.0 MEDIUM | ||
| Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory. | |||||
| CVE-2025-48998 | 2025-06-04 | N/A | N/A | ||
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. No known workarounds are available. | |||||
| CVE-2025-5506 | 2025-06-04 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been classified as problematic. Affected is an unknown function of the component NAT Mapping Page. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||