Total
297019 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21485 | 2025-06-04 | N/A | 7.8 HIGH | ||
| Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC. | |||||
| CVE-2024-53013 | 2025-06-04 | N/A | 6.6 MEDIUM | ||
| Memory corruption may occur while processing voice call registration with user. | |||||
| CVE-2025-20996 | 2025-06-04 | N/A | 5.0 MEDIUM | ||
| Improper authorization in Smart Switch installed on non-Samsung Device prior to version 3.7.64.10 allows local attackers to read data with the privilege of Smart Switch. User interaction is required for triggering this vulnerability. | |||||
| CVE-2025-32106 | 2025-06-04 | N/A | 9.8 CRITICAL | ||
| In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code. | |||||
| CVE-2024-13967 | 2025-06-04 | N/A | 8.8 HIGH | ||
| This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web Server of EIBPORT. This issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9.8. | |||||
| CVE-2025-2939 | 2025-06-04 | N/A | 5.6 MEDIUM | ||
| The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute arbitrary functions, though it does not allow user supplied parameters only single functions can be called so the impact is limited. | |||||
| CVE-2024-36486 | 2025-06-04 | N/A | 7.8 HIGH | ||
| A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation. | |||||
| CVE-2025-20993 | 2025-06-04 | N/A | 4.0 MEDIUM | ||
| Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory. | |||||
| CVE-2025-48998 | 2025-06-04 | N/A | N/A | ||
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. No known workarounds are available. | |||||
| CVE-2025-5506 | 2025-06-04 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been classified as problematic. Affected is an unknown function of the component NAT Mapping Page. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5503 | 2025-06-04 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. This affects the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-48710 | 2025-06-04 | N/A | 4.1 MEDIUM | ||
| kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in unauthenticated remote code execution on cluster nodes. | |||||
| CVE-2025-4047 | 2025-06-04 | N/A | 4.3 MEDIUM | ||
| The Broken Link Checker plugin for WordPress is vulnerable to unauthorized data access due to a missing capability check on the ajax_full_status and ajax_dashboard_status functions in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view the plugin's status. | |||||
| CVE-2024-53015 | 2025-06-04 | N/A | 6.6 MEDIUM | ||
| Memory corruption while processing IOCTL command to handle buffers associated with a session. | |||||
| CVE-2025-41428 | 2025-06-04 | N/A | 5.3 MEDIUM | ||
| Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker. | |||||
| CVE-2025-46154 | 2025-06-04 | N/A | 8.4 HIGH | ||
| Foxcms v1.25 has a SQL time injection in the $_POST['dbname'] parameter of installdb.php. | |||||
| CVE-2025-5520 | 2025-06-04 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmm_state_authentication/emm_state_authentication of the component AMF/MME. The manipulation leads to reachable assertion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 9f5d133657850e6167231527514ee1364d37a884. It is recommended to apply a patch to fix this issue. This is a different issue than CVE-2025-1893. | |||||
| CVE-2025-47725 | 2025-06-04 | N/A | N/A | ||
| Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2025-21486 | 2025-06-04 | N/A | 7.8 HIGH | ||
| Memory corruption during dynamic process creation call when client is only passing address and length of shell binary. | |||||
| CVE-2025-20988 | 2025-06-04 | N/A | 5.5 MEDIUM | ||
| Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory. | |||||