Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9422 | 1 Geomywp | 2 Geo My Wordpress, Geo My Wordpress Premium Settings | 2025-06-09 | N/A | 6.6 MEDIUM |
|
The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
|
|||||
| CVE-2022-41404 | 2 Debian, Ini4j Project | 2 Debian Linux, Ini4j | 2025-06-09 | N/A | 7.5 HIGH |
|
An issue in the fetch() method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
|
|||||
| CVE-2022-28391 | 1 Busybox | 1 Busybox | 2025-06-09 | 6.8 MEDIUM | 8.8 HIGH |
|
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.
|
|||||
| CVE-2023-34969 | 3 Debian, Fedoraproject, Freedesktop | 3 Debian Linux, Fedora, Dbus | 2025-06-09 | N/A | 6.5 MEDIUM |
|
D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14 ...
Show More |
|||||
| CVE-2022-42012 | 2 Fedoraproject, Freedesktop | 2 Fedora, Dbus | 2025-06-09 | N/A | 6.5 MEDIUM |
|
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
|
|||||
| CVE-2025-48998 | 1 Dataease | 1 Dataease | 2025-06-09 | N/A | 8.8 HIGH |
|
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. No known workarounds are available.
|
|||||
| CVE-2020-21514 | 1 Fluentd | 2 Fluentd, Fluentd-ui | 2025-06-09 | N/A | 8.8 HIGH |
|
An issue was discovered in Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password.
|
|||||
| CVE-2024-0753 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2025-06-07 | N/A | 6.5 MEDIUM |
|
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
|
|||||
| CVE-2023-51073 | 1 Buffalo | 2 Ls210d, Ls210d Firmware | 2025-06-06 | N/A | 8.1 HIGH |
|
An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh.
|
|||||
| CVE-2023-7231 | 1 Evanliewer | 1 Illi Link Party\! | 2025-06-06 | N/A | 7.3 HIGH |
|
The illi Link Party! WordPress plugin through 1.0 lacks proper access controls, allowing unauthenticated visitors to delete links.
|
|||||
| CVE-2023-48909 | 1 Aarboard | 1 Jave2 | 2025-06-06 | N/A | 8.8 HIGH |
|
An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function.
|
|||||
| CVE-2025-4664 | 1 Google | 1 Chrome | 2025-06-06 | N/A | 4.3 MEDIUM |
|
Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2025-3587 | 1 Zerowdd | 1 Studentmanager | 2025-06-05 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in ZeroWdd/code-projects studentmanager 1.0. This vulnerability affects unknown code of the file /getTeacherList. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2022-34699 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-06-05 | N/A | 7.8 HIGH |
|
Windows Win32k Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-34692 | 1 Microsoft | 1 Exchange Server | 2025-06-05 | N/A | 5.3 MEDIUM |
|
Microsoft Exchange Server Information Disclosure Vulnerability
|
|||||
| CVE-2022-34691 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-05 | N/A | 8.8 HIGH |
|
Active Directory Domain Services Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-33646 | 1 Microsoft | 1 Azure Batch | 2025-06-05 | N/A | 7.0 HIGH |
|
Azure Batch Node Agent Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-33640 | 1 Microsoft | 2 Open Management Infrastructure, System Center Operations Manager | 2025-06-05 | N/A | 7.8 HIGH |
|
System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-33631 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-06-05 | N/A | 7.3 HIGH |
|
Microsoft Excel Security Feature Bypass Vulnerability
|
|||||
| CVE-2022-20389 | 1 Google | 1 Android | 2025-06-05 | N/A | 9.8 CRITICAL |
|
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004
|
|||||
| CVE-2022-20388 | 1 Google | 1 Android | 2025-06-05 | N/A | 9.8 CRITICAL |
|
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323
|
|||||
| CVE-2024-22021 | 1 Veeam | 3 Availability Orchestrator, Disaster Recovery Orchestrator, Recovery Orchestrator | 2025-06-05 | N/A | 4.3 MEDIUM |
|
Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to.
|
|||||
| CVE-2024-11083 | 1 Properfraction | 1 Profilepress | 2025-06-05 | N/A | 5.3 MEDIUM |
|
The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
|
|||||
| CVE-2024-12329 | 1 G5plus | 1 Essential Real Estate | 2025-06-05 | N/A | 4.3 MEDIUM |
|
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs
|
|||||
| CVE-2024-11282 | 1 Wpchill | 1 Passster | 2025-06-05 | N/A | 5.3 MEDIUM |
|
The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
|
|||||
| CVE-2024-12601 | 1 Codepeople | 1 Calculated Fields Form | 2025-06-05 | N/A | 5.3 MEDIUM |
|
The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large values, resulting in slowing server resources if the server does not mitigate Denial of Service attacks.
|
|||||
| CVE-2024-11721 | 1 Dynamiapps | 1 Frontend Admin | 2025-06-05 | N/A | 8.1 HIGH |
|
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the ...
Show More |
|||||
| CVE-2025-1331 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2025-06-05 | N/A | 7.8 HIGH |
|
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.
|
|||||
| CVE-2025-3597 | 1 Firelightwp | 1 Firelight Lightbox | 2025-06-05 | N/A | 5.9 MEDIUM |
|
The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free version too, making it theoretically exploitable there as well.
|
|||||
| CVE-2023-48951 | 1 Openlinksw | 1 Virtuoso | 2025-06-05 | N/A | 7.5 HIGH |
|
An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.
|
|||||
| CVE-2022-42541 | 1 Google | 1 Android | 2025-06-05 | N/A | 9.8 CRITICAL |
|
Remote code execution
|
|||||
| CVE-2025-48999 | 1 Dataease | 1 Dataease | 2025-06-05 | N/A | 8.8 HIGH |
|
DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, `getUrlType()` retrieves `hostName`. Since the judgment statement returns false, it will not enter the if statement and will not be filtered. The payload can be directly concatenated at the replace location to construct a malicious JDBC statement. Version 2.10.10 contains a patch for the issue.
|
|||||
| CVE-2025-49001 | 1 Dataease | 1 Dataease | 2025-06-05 | N/A | 9.8 CRITICAL |
|
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available.
|
|||||
| CVE-2023-6837 | 1 Wso2 | 5 Api Manager, Carbon Identity Application Authentication Endpoint, Carbon Identity Application Authentication Framework and 2 more | 2025-06-05 | N/A | 8.5 HIGH |
|
Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met:
* An IDP configured for federated authentication and JIT provisioning enabled with the "Prompt for username, password and consent" option.
* A service provider that uses the above IDP for federated authentication and has the "Assert identity using mapped local subject identif ...
Show More |
|||||
| CVE-2024-25941 | 1 Freebsd | 1 Freebsd | 2025-06-04 | N/A | 3.3 LOW |
|
The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail.
Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by "pstat -t" may be leaked.
|
|||||
| CVE-2025-25227 | 1 Joomla | 1 Joomla\! | 2025-06-04 | N/A | 7.5 HIGH |
|
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
|
|||||
| CVE-2024-13613 | 1 Kainex | 1 Wise Chat | 2025-06-04 | N/A | 7.5 HIGH |
|
The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments included in chat messages. The vulnerability was partially patched in version 3.3.3.
|
|||||
| CVE-2025-33103 | 1 Ibm | 1 I | 2025-06-04 | N/A | 8.5 HIGH |
|
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system.
|
|||||
| CVE-2024-8700 | 1 Total-soft | 1 Event Calendar | 2025-06-04 | N/A | 7.5 HIGH |
|
The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars.
|
|||||
| CVE-2025-1138 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2025-06-04 | N/A | 4.3 MEDIUM |
|
IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.
|
|||||