Lista CVE - 2025 / Giugno
Visualizzazione 1501 - 1600 di 3683 CVE per Giugno 2025 (Pagina 16 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-46949 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-46942 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-46838 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-47041 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-47073 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-46878 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-46978 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-47016 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-46991 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-46882 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-46922 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-46997 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-46971 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-47075 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-46874 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) |
| CVE-2025-46985 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-46951 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-47060 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-47029 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-47015 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-47065 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-47091 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-47077 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-46954 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-47052 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-46901 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-46917 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-46995 | 2025-06-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-5984 | 2025-06-10 | SourceCodester Online Student Clearance System add-fee.php cross site scripting |
| CVE-2025-5985 | 2025-06-10 | code-projects School Fees Payment System improper authentication |
| CVE-2025-47713 | 2025-06-10 | Apache CloudStack: Domain Admin can reset Admin password in Root Domain |
| CVE-2025-47849 | 2025-06-10 | Apache CloudStack: Insecure access of user's API/Secret Keys in the same domain |
| CVE-2025-26521 | 2025-06-10 | Apache CloudStack: CKS cluster in project exposes user API keys |
| CVE-2025-22829 | 2025-06-10 | Apache CloudStack: Unauthorised access to dedicated resources in Quota plugin |
| CVE-2025-30675 | 2025-06-10 | Apache CloudStack: Unauthorised template/ISO list access to the domain/resource admins |
| CVE-2025-32717 | 2025-06-10 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2024-7457 | 2025-06-10 | macOS Stash network-management utility: Unauthorized Manipulation of System Network Preferences |
| CVE-2024-8270 | 2025-06-10 | macOS Rocket.Chat: TCC Policy Bypass via Dylib Injection Due to Missing Code Signing Flags and Dangerous Entitlements |
| CVE-2025-1055 | 2025-06-10 | K7 Security Anti-Malware: IOCTL in K7RKScan.sys Allows Arbitrary Termination of High-Privilege and System Processes by a Low-Privilege User |
| CVE-2024-9062 | 2025-06-10 | macOS Archify: Local Privilege Escalation |
| CVE-2025-49091 | 2025-06-11 | KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This... |
| CVE-2025-4275 | 2025-06-11 | SecureFlashDxe: Incorrect UEFI variable attributes check allows usage of invalid certificate |
| CVE-2025-5958 | 2025-06-11 | Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-5959 | 2025-06-11 | Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-1243 | 2025-06-11 | Remote code execution and local privilege escalation in Wazuh Windows agent via NetNTLMv2 hash theft |
| CVE-2024-1244 | 2025-06-11 | Remote code execution and local privilege escalation due to UNC access and NetNTLMv2 hash theft |
| CVE-2025-4666 | 2025-06-11 | ZotPress <= 7.3.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'nickname' |
| CVE-2025-4798 | 2025-06-11 | WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Read |
| CVE-2025-4799 | 2025-06-11 | WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Deletion |
| CVE-2025-5395 | 2025-06-11 | WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.115.0 - Authenticated (Author+) Arbitrary File Upload |
| CVE-2024-35295 | 2025-06-11 | A vulnerability has been identified in Perfect Harmony GH180 (All versions >= V8.0 < V8.3.3 with NXGPro+ controller manufactured between April 2020 to April 2025). The maintenance connection of affected... |
| CVE-2025-5991 | 2025-06-11 | Use after free in QHttp2ProtocolHandler |
| CVE-2025-29756 | 2025-06-11 | MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters |
| CVE-2025-41661 | 2025-06-11 | Weidmueller: Security routers IE-SR-2TX are affected by CSRF |
| CVE-2025-41663 | 2025-06-11 | Weidmueller: Security routers IE-SR-2TX are affected by Command Injection |
| CVE-2025-26412 | 2025-06-11 | Undocumented Root Shell Access in SIMCom SIM7600G Modem |
| CVE-2025-4315 | 2025-06-11 | CubeWP – All-in-One Dynamic Content Framework <= 1.1.23 - Authenticated (Subscriber+) Privilege Escalation |
| CVE-2025-4573 | 2025-06-11 | LDAP Injection in Mattermost Enterprise Edition When Using Active Directory |
| CVE-2025-4128 | 2025-06-11 | Mattermost Guest User Information Disclosure Vulnerability |
| CVE-2025-3302 | 2025-06-11 | Xagio SEO <= 7.1.0.16 - Unauthenticated Stored Cross-Site Scripting via 'HTTP_REFERER' |
| CVE-2025-5687 | 2025-06-11 | A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.* This... |
| CVE-2025-49709 | 2025-06-11 | Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4. |
| CVE-2025-49710 | 2025-06-11 | An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4. |
| CVE-2025-5986 | 2025-06-11 | A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This... |
| CVE-2025-5144 | 2025-06-11 | The Events Calendar <= 6.13.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2025-35941 | 2025-06-11 | mySCADA PRO Manager Password Disclosure |
| CVE-2025-32711 | 2025-06-11 | M365 Copilot Information Disclosure Vulnerability |
| CVE-2025-4922 | 2025-06-11 | Nomad Vulnerable To Incorrect ACL Policy Lookup Attached To A Job |
| CVE-2025-4605 | 2025-06-11 | USD File Parsing Memory Allocation Vulnerability |
| CVE-2025-40914 | 2025-06-11 | Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow |
| CVE-2025-48444 | 2025-06-11 | Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-064 |
| CVE-2025-48013 | 2025-06-11 | Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-065 |
| CVE-2025-0163 | 2025-06-11 | IBM Security Verify Access information disclosure |
| CVE-2025-3473 | 2025-06-11 | IBM Security Guardium privilege escalation |
| CVE-2025-48445 | 2025-06-11 | Commerce Eurobank (Redirect) - Moderately critical - Access bypass - SA-CONTRIB-2025-066 |
| CVE-2025-49146 | 2025-06-11 | pgjdbc Client Allows Fallback to Insecure Authentication Despite channelBinding=require Configuration |
| CVE-2025-48446 | 2025-06-11 | Commerce Alphabank Redirect - Moderately critical - Access bypass - SA-CONTRIB-2025-067 |
| CVE-2025-48448 | 2025-06-11 | Admin Audit Trail - Less critical - Denial of Service - SA-CONTRIB-2025-068 |
| CVE-2025-48447 | 2025-06-11 | Lightgallery - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-069 |
| CVE-2025-49148 | 2025-06-11 | ClipShare Server Allows Local Privilege Escalation via DLL Hijacking |
| CVE-2025-26383 | 2025-06-11 | The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on. |
| CVE-2025-1698 | 2025-06-11 | Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service. |
| CVE-2025-1699 | 2025-06-11 | An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access. |
| CVE-2025-6001 | 2025-06-11 | VirtueMart - Cross Site Request Forgery (CSRF) |
| CVE-2025-6002 | 2025-06-11 | VirtueMart - Unrestricted File Upload |
| CVE-2025-22874 | 2025-06-11 | Usage of ExtKeyUsageAny disables policy validation in crypto/x509 |
| CVE-2025-4673 | 2025-06-11 | Sensitive headers not cleared on cross-origin redirect in net/http |
| CVE-2025-40915 | 2025-06-11 | Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens |
| CVE-2025-0913 | 2025-06-11 | Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall |
| CVE-2025-25032 | 2025-06-11 | IBM Cognos Analytics denial of service |
| CVE-2025-0917 | 2025-06-11 | IBM Cognos Analytics cross-site scripting |
| CVE-2025-0923 | 2025-06-11 | IBM Cognos Analytics information disclosure |
| CVE-2025-40912 | 2025-06-11 | CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode |
| CVE-2025-49150 | 2025-06-11 | Cursor Agent Potentially Leaks Information using JSON schema |
| CVE-2025-32465 | 2025-06-11 | Extension - rsjoomla.com - Stored XSS vulnerability in RSTickets! component 1.9.12 - 3.3.0 for Joomla |
| CVE-2025-32466 | 2025-06-11 | Extension - rsjoomla.com - SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla |
| CVE-2025-30085 | 2025-06-11 | Extension - rsjoomla.com - Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla |
| CVE-2023-45256 | 2025-06-12 | Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter... |
| CVE-2024-44905 | 2025-06-12 | go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go. |
| CVE-2024-44906 | 2025-06-12 | uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go. The maintainer has stated that the issue is fixed in v1.2.15. |