Lista CVE - 2025 / Giugno
Visualizzazione 1601 - 1700 di 3683 CVE per Giugno 2025 (Pagina 17 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-55567 | 2025-06-12 | Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM... |
| CVE-2025-29744 | 2025-06-12 | pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers. |
| CVE-2025-44091 | 2025-06-12 | yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function. |
| CVE-2025-46035 | 2025-06-12 | Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request... |
| CVE-2022-4976 | 2025-06-12 | Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities |
| CVE-2025-6005 | 2025-06-12 | kiCode111 like-girl aboutPost.php sql injection |
| CVE-2025-6006 | 2025-06-12 | kiCode111 like-girl ImgUpdaPost.php sql injection |
| CVE-2025-6007 | 2025-06-12 | kiCode111 like-girl CopyadminPost.php sql injection |
| CVE-2025-6008 | 2025-06-12 | kiCode111 like-girl ImgAddPost.php sql injection |
| CVE-2025-6009 | 2025-06-12 | kiCode111 like-girl ipAddPost.php sql injection |
| CVE-2025-5012 | 2025-06-12 | Workreap <= 3.3.2 - Authenticated (Subscriber+) Arbitrary File Upload via 'workreap_temp_upload_to_media' |
| CVE-2025-4973 | 2025-06-12 | Workreap <= 3.3.1 - Authentication Bypass via 'workreap_verify_user_account' |
| CVE-2025-35978 | 2025-06-12 | Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data,... |
| CVE-2025-5301 | 2025-06-12 | Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer) |
| CVE-2025-40592 | 2025-06-12 | A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), Mendix Studio Pro 10.18 (All versions < V10.18.7),... |
| CVE-2025-6003 | 2025-06-12 | WordPress Single Sign-On (SSO) - Multiple Versions - Incorrect Authorization to Sensitive Information Exposure |
| CVE-2025-4613 | 2025-06-12 | Client side RCE in Google Web Designer App |
| CVE-2025-5996 | 2025-06-12 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-4278 | 2025-06-12 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab |
| CVE-2025-2254 | 2025-06-12 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2025-1516 | 2025-06-12 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-1478 | 2025-06-12 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-5195 | 2025-06-12 | Authorization Bypass Through User-Controlled Key in GitLab |
| CVE-2025-0673 | 2025-06-12 | Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab |
| CVE-2025-6021 | 2025-06-12 | Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2 |
| CVE-2025-49181 | 2025-06-12 | Configurations endpoint does not require authorization |
| CVE-2025-49182 | 2025-06-12 | Credential disclosure |
| CVE-2025-49183 | 2025-06-12 | Unencrypted communication (HTTP) |
| CVE-2025-49184 | 2025-06-12 | Information disclosure to unauthorized user |
| CVE-2025-49185 | 2025-06-12 | Stored Cross-Site-Script |
| CVE-2025-49186 | 2025-06-12 | No brute-force protection |
| CVE-2025-49187 | 2025-06-12 | User enumeration |
| CVE-2025-49188 | 2025-06-12 | Sensitive Data in URL |
| CVE-2024-9512 | 2025-06-12 | Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab |
| CVE-2025-49189 | 2025-06-12 | Cookie missing HttpOnly flag |
| CVE-2025-49190 | 2025-06-12 | Server-Side Request Forgery |
| CVE-2025-49191 | 2025-06-12 | Dashboards and iFrames can link malicious web content |
| CVE-2025-49192 | 2025-06-12 | Clickjacking |
| CVE-2025-49193 | 2025-06-12 | Missing HTTP Security Headers |
| CVE-2025-49194 | 2025-06-12 | Unencrypted communication |
| CVE-2025-49195 | 2025-06-12 | No protection against brute-force attacks |
| CVE-2025-49196 | 2025-06-12 | Deprecated TLS version supported |
| CVE-2025-49197 | 2025-06-12 | Deprecated TLS version supported |
| CVE-2025-49198 | 2025-06-12 | Poor quality of randomness in authorization tokens |
| CVE-2025-49199 | 2025-06-12 | Backup files can be modified and uploaded |
| CVE-2025-49200 | 2025-06-12 | Unencrypted backup contains sensitive information |
| CVE-2024-56158 | 2025-06-12 | XWiki allows SQL injection in query endpoint of REST API with Oracle |
| CVE-2025-36573 | 2025-06-12 | Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. A user with local access could potentially exploit this vulnerability, leading to... |
| CVE-2025-49467 | 2025-06-12 | Joomla Extension - jevents.net - SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla |
| CVE-2024-7562 | 2025-06-12 | A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions (InstallShield 2023 R2, InstallShield 2022 R2 and... |
| CVE-2025-5982 | 2025-06-12 | Insufficient Granularity of Access Control in GitLab |
| CVE-2025-49080 | 2025-06-12 | Memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54 |
| CVE-2025-49081 | 2025-06-12 | Input validation vulnerability in the Secure Access prior to version 13.55 |
| CVE-2025-43863 | 2025-06-12 | vantage6 lacks brute-force protection on change password functionality |
| CVE-2025-43866 | 2025-06-12 | Vantage6 Server JWT secret not cryptographically secure |
| CVE-2025-49577 | 2025-06-12 | Citizen allows stored XSS in preference menu headings |
| CVE-2025-49575 | 2025-06-12 | Citizen allows stored XSS in Command Palette tip messages |
| CVE-2025-49579 | 2025-06-12 | Citizen allows stored XSS in menu heading message |
| CVE-2025-49578 | 2025-06-12 | Citizen allows stored XSS in user registration date message |
| CVE-2025-49576 | 2025-06-12 | Citizen allows stored XSS in search no result messages |
| CVE-2025-6031 | 2025-06-12 | Insecure device pairing in end of life Amazon Cloud Cam |
| CVE-2025-4417 | 2025-06-12 | AVEVA PI Connector for CygNet Cross-site Scripting |
| CVE-2025-4418 | 2025-06-12 | AVEVA PI Connector for CygNet Improper Validation of Integrity Check Value |
| CVE-2025-2745 | 2025-06-12 | AVEVA PI Web API Cross-site Scripting |
| CVE-2025-44019 | 2025-06-12 | AVEVA PI Data Archive Uncaught Exception |
| CVE-2025-36539 | 2025-06-12 | AVEVA PI Data Archive Uncaught Exception |
| CVE-2025-5484 | 2025-06-12 | SinoTrack GPS Receiver Weak Authentication |
| CVE-2025-5485 | 2025-06-12 | SinoTrack GPS Receiver Weak Authentication |
| CVE-2025-27689 | 2025-06-12 | Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
| CVE-2025-49589 | 2025-06-12 | PCSX2 Contains a Stack-based Buffer Overflow in IOP Console Logging |
| CVE-2025-41234 | 2025-06-12 | RFD Attack via “Content-Disposition” Header Sourced from Request |
| CVE-2025-41233 | 2025-06-12 | Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response with a... |
| CVE-2025-4233 | 2025-06-12 | Prisma Access Browser: Inappropriate implementation in Cache |
| CVE-2025-4232 | 2025-06-12 | GlobalProtect: Authenticated Code Injection Through Wildcard on macOS |
| CVE-2025-4231 | 2025-06-12 | PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface |
| CVE-2025-4230 | 2025-06-12 | PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI |
| CVE-2025-4228 | 2025-06-12 | Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability |
| CVE-2025-28380 | 2025-06-13 | A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter. |
| CVE-2025-28381 | 2025-06-13 | A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers. |
| CVE-2025-28382 | 2025-06-13 | An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal. |
| CVE-2025-28384 | 2025-06-13 | An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal. |
| CVE-2025-28386 | 2025-06-13 | A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file. |
| CVE-2025-28388 | 2025-06-13 | OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account. |
| CVE-2025-28389 | 2025-06-13 | Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack. |
| CVE-2025-45984 | 2025-06-13 | Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL-LTE300 V1.2.3, BL-F1200_AT1 V1.0.0, BL-X26_AC8 V1.2.8, BLAC450M_AE4 V4.0.0 and BL-X26_DA3 V1.2.7 were discovered to contain a command injection vulnerability via... |
| CVE-2025-45985 | 2025-06-13 | Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain a command injection vulnerability via... |
| CVE-2025-45986 | 2025-06-13 | Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 werediscovered to contain a command injection vulnerability via the... |
| CVE-2025-45987 | 2025-06-13 | Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via... |
| CVE-2025-45988 | 2025-06-13 | Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via... |
| CVE-2025-46060 | 2025-06-13 | Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component |
| CVE-2025-46096 | 2025-06-13 | Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component |
| CVE-2025-30399 | 2025-06-13 | .NET and Visual Studio Remote Code Execution Vulnerability |
| CVE-2025-47959 | 2025-06-13 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2025-4585 | 2025-06-13 | IRM Newsroom <= 1.2.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmflat' Shortcode |
| CVE-2025-5288 | 2025-06-13 | REST API | Custom API Generator For Cross Platform And Import Export In WP 1.0.0 - 2.0.3 - Missing Authorization to Unauthenticated Privilege Escalation via process_handler Function |
| CVE-2025-4584 | 2025-06-13 | IRM Newsroom <= 1.2.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmeventlist' Shortcode |
| CVE-2025-5950 | 2025-06-13 | IndieBlocks <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via kind Parameter |
| CVE-2025-5926 | 2025-06-13 | Link Shield <= 0.5.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-5841 | 2025-06-13 | ACF Onyx Poll <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter |
| CVE-2025-5930 | 2025-06-13 | WP2HTML <= 1.0.2 - Cross-Site Request Forgery to Settings Update |