Lista CVE - 2025 / Giugno
Visualizzazione 1701 - 1800 di 3683 CVE per Giugno 2025 (Pagina 18 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-5233 | 2025-06-13 | Color Palette <= 4.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via hex Parameter |
| CVE-2025-4586 | 2025-06-13 | IRM Newsroom <= 1.2.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmcalendarview' Shortcode |
| CVE-2025-5939 | 2025-06-13 | Telegram for WP <= 1.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-5123 | 2025-06-13 | Contact Us Page – Contact People <= 3.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via style Parameter |
| CVE-2025-5938 | 2025-06-13 | Digital Marketing and Agency Templates Addons for Elementor <= 1.1.1 - Cross-Site Request Forgery to Import |
| CVE-2025-5928 | 2025-06-13 | WP Sliding Login/Dashboard Panel <= 2.1.1 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-5491 | 2025-06-13 | Acer ControlCenter - Remote Code Execution |
| CVE-2025-5815 | 2025-06-13 | Traffic Monitor <= 3.2.2 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2025-5282 | 2025-06-13 | WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion |
| CVE-2025-4229 | 2025-06-13 | PAN-OS: Traffic Information Disclosure Vulnerability |
| CVE-2025-4227 | 2025-06-13 | GlobalProtect App: Interception in Endpoint Traffic Policy Enforcement |
| CVE-2024-38822 | 2025-06-13 | CVE-2024-38822 Salt Advisory |
| CVE-2025-5923 | 2025-06-13 | Game Review Block <= 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter |
| CVE-2024-38823 | 2025-06-13 | CVE-2024-38823 Salt Advisory |
| CVE-2024-38825 | 2025-06-13 | CVE-2024-38825 Salt Advisory |
| CVE-2025-22236 | 2025-06-13 | CVE-2025-22236 salt advisory |
| CVE-2025-22237 | 2025-06-13 | CVE-2025-22237 salt advisory |
| CVE-2025-22238 | 2025-06-13 | CVE-2025-22238 salt advisory |
| CVE-2025-22239 | 2025-06-13 | CVE-2025-22239 salt advisory |
| CVE-2025-22240 | 2025-06-13 | CVE-2025-22240 salt advisory |
| CVE-2025-22241 | 2025-06-13 | CVE-2025-22241 salt advisory |
| CVE-2025-22242 | 2025-06-13 | CVE-2025-22242 salt advisory |
| CVE-2024-38824 | 2025-06-13 | CVE-2024-38824 salt advisory |
| CVE-2025-39240 | 2025-06-13 | Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing... |
| CVE-2025-6012 | 2025-06-13 | Auto Attachments <= 1.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2025-36506 | 2025-06-13 | External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If an attacker sends a specially crafted request, arbitrary files... |
| CVE-2025-46783 | 2025-06-13 | Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this vulnerability is exploited, arbitrary code may be executed on the PC where the... |
| CVE-2025-48825 | 2025-06-13 | RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack... |
| CVE-2025-29902 | 2025-06-13 | Remote code execution that allows unauthorized users to execute arbitrary code on the server machine. |
| CVE-2025-49468 | 2025-06-13 | Joomla Extension - nobossextensions.com - SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla |
| CVE-2025-36633 | 2025-06-13 | Local Privilege Escalation |
| CVE-2025-6029 | 2025-06-13 | KIA-branded Aftermarket Generic Smart Keyless Entry System Replay Attack |
| CVE-2025-36631 | 2025-06-13 | Local Privilege Escalation |
| CVE-2025-6030 | 2025-06-13 | Autoeastern Smart Keyless Entry System Replay Attack |
| CVE-2025-6035 | 2025-06-13 | Gimp: gimp integer overflow |
| CVE-2025-48916 | 2025-06-13 | Bookable Calendar - Less critical - Access bypass - SA-CONTRIB-2025-070 |
| CVE-2025-48918 | 2025-06-13 | Simple Klaro - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-071 |
| CVE-2025-48917 | 2025-06-13 | EU Cookie Compliance (GDPR Compliance) - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-072 |
| CVE-2025-48919 | 2025-06-13 | Simple Klaro - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-073 |
| CVE-2025-48920 | 2025-06-13 | etracker - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-074 |
| CVE-2025-6052 | 2025-06-13 | Glib: integer overflow in g_string_maybe_expand() leading to potential buffer overflow in glib gstring |
| CVE-2025-48914 | 2025-06-13 | COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-075 |
| CVE-2025-48915 | 2025-06-13 | COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-076 |
| CVE-2025-49580 | 2025-06-13 | XWiki allows privilege escalation through link refactoring |
| CVE-2025-49581 | 2025-06-13 | XWiki allows remote code execution through default value of wiki macro wiki-type parameters |
| CVE-2025-49582 | 2025-06-13 | XWiki's required right warnings for macros are incomplete |
| CVE-2025-49583 | 2025-06-13 | XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right |
| CVE-2025-49584 | 2025-06-13 | XWiki makes title of inaccessible pages available through the class property values REST API |
| CVE-2025-49585 | 2025-06-13 | XWiki does not require right warnings for XClass definitions |
| CVE-2025-49586 | 2025-06-13 | XWiki allows remote code execution through preview of XClass changes in AWM editor |
| CVE-2025-49587 | 2025-06-13 | XWiki does not require right warnings for notification displayer objects |
| CVE-2025-49597 | 2025-06-13 | handcraftedinthealps goodby-csv Potential Gadget Chain allowing Remote Code Execution |
| CVE-2025-49596 | 2025-06-13 | MCP Inspector proxy server lacks authentication between the Inspector client and proxy |
| CVE-2025-49598 | 2025-06-13 | conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing |
| CVE-2025-24311 | 2025-06-13 | Dell ControlVault3/ControlVault3 Plus cv_send_blockdata out-of-bounds read vulnerability |
| CVE-2025-24922 | 2025-06-13 | Dell ControlVault3/ControlVault3 Plus securebio_identify stack-based buffer overflow vulnerability |
| CVE-2025-25050 | 2025-06-13 | Dell ControlVault3/ControlVault3 Plus cv_upgrade_sensor_firmware out-of-bounds write vulnerability |
| CVE-2025-6083 | 2025-06-13 | ExtremeCloud Universal ZTNA Improper Authorization |
| CVE-2025-25215 | 2025-06-13 | Dell ControlVault3/ControlVault3 Plus cv_close arbitrary free vulnerability |
| CVE-2025-24919 | 2025-06-13 | Dell ControlVault3/ControlVault3 Plus deserialization of untrusted input vulnerability |
| CVE-2025-33108 | 2025-06-14 | IBM Backup Recovery and Media Services for i code execution |
| CVE-2025-6059 | 2025-06-14 | Seraphinite Accelerator <= 2.27.21 - Cross-Site Request Forgery to Multiple Administrative Actions |
| CVE-2025-3234 | 2025-06-14 | File Manager Pro – Filester <= 1.8.8 - Authenticated (Administrator+) Arbitrary File Upload |
| CVE-2025-5487 | 2025-06-14 | AutomatorWP <= 5.2.5 - Authenticated (Administrator+) SQL Injection via field_conditions |
| CVE-2025-6065 | 2025-06-14 | Image Resizer On The Fly <= 1.1 - Unauthenticated Arbitrary File Deletion |
| CVE-2025-6064 | 2025-06-14 | WP URL Shortener <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-4216 | 2025-06-14 | DIOT SCADA with MQTT <= 1.0.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-6040 | 2025-06-14 | Easy Flashcards <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-4187 | 2025-06-14 | UserPro - Community and User Profile WordPress Plugin <= 5.1.10 - Unauthenticated Arbitrary File Read |
| CVE-2025-4200 | 2025-06-14 | Zagg - Electronics & Accessories WooCommerce WordPress Theme <= 1.4.1 - Unauthenticated Local File Inclusion |
| CVE-2025-6055 | 2025-06-14 | Zen Sticky Social <= 0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-5589 | 2025-06-14 | StreamWeasels Kick Integration <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via status-classic-offline-text Parameter |
| CVE-2025-4592 | 2025-06-14 | AI Image Lab – Free AI Image Generator <= 1.0.6 - Cross-Site Request Forgery to API Key Update |
| CVE-2025-6070 | 2025-06-14 | Restrict File Access <= 1.1.2 - Authenticated (Subscriber+) Arbitrary File Read |
| CVE-2025-6062 | 2025-06-14 | Yougler Blogger Profile Page <= v1.01 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-5336 | 2025-06-14 | Click to Chat <= 4.22 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via data-no_number Parameter |
| CVE-2025-6061 | 2025-06-14 | kk Youtube Video <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-6063 | 2025-06-14 | XiSearch bar <= 2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-5337 | 2025-06-14 | Slider, Gallery, and Carousel by MetaSlider <= 3.98.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via aria-label Parameter |
| CVE-2025-4667 | 2025-06-14 | Simply Schedule Appointments <= 1.6.8.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes |
| CVE-2025-5238 | 2025-06-14 | YITH WooCommerce Wishlist <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2025-1411 | 2025-06-15 | IBM Security Verify Directory Container command execution |
| CVE-2025-36041 | 2025-06-15 | IBM MQ improper certificate validation |
| CVE-2025-6089 | 2025-06-15 | Astun Technology iShare Maps atCheckJS.aspx redirect |
| CVE-2025-21085 | 2025-06-15 | PingFederate OAuth Grant attribute duplication may use excessive memory |
| CVE-2025-6090 | 2025-06-15 | H3C GR-5400AX aspForm UpdateIpv6params buffer overflow |
| CVE-2025-22854 | 2025-06-15 | Possible thread exhaustion from processing http responses in PingFederate Google Adapter |
| CVE-2024-25573 | 2025-06-15 | Stored Cross-Site Scripting in Administrative Console Context |
| CVE-2025-6091 | 2025-06-15 | H3C GR-3000AX aspForm UpdateIpv6Params buffer overflow |
| CVE-2025-6092 | 2025-06-15 | comfyanonymous comfyui Incomplete Fix CVE-2024-10099 image cross site scripting |
| CVE-2025-5990 | 2025-06-15 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller |
| CVE-2025-5964 | 2025-06-15 | Path traversal in M-Files API |
| CVE-2025-6093 | 2025-06-15 | uYanki board-stm32f103rc-berial heartrate1_hal.c heartrate1_i2c_hal_write stack-based overflow |
| CVE-2025-6094 | 2025-06-15 | qianfox FoxCMS Download.php batchCope sql injection |
| CVE-2025-6095 | 2025-06-15 | codesiddhant Jasmin Ransomware checklogin.php sql injection |
| CVE-2025-6096 | 2025-06-15 | codesiddhant Jasmin Ransomware dashboard.php sql injection |
| CVE-2025-27587 | 2025-06-16 | OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then... |
| CVE-2025-6097 | 2025-06-16 | UTT 进取 750W Administrator Password setSysAdm formDefineManagement unverified password change |
| CVE-2025-6098 | 2025-06-16 | UTT 进取 750W API setSysAdm strcpy buffer overflow |
| CVE-2025-6099 | 2025-06-16 | szluyu99 gin-vue-blog PATCH Request manager.go improper authorization |