Lista CVE - 2025 / Giugno
Visualizzazione 101 - 200 di 840 CVE per Giugno 2025 (Pagina 2 di 9)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-5445 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_checkFWByBBS os command injection |
| CVE-2024-12168 | 2025-06-02 | DLL Hijacking in Yandex Telemost |
| CVE-2025-5446 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_checkCredentialsByBBS os command injection |
| CVE-2025-26396 | 2025-06-02 | SolarWinds Dameware Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability |
| CVE-2025-37089 | 2025-06-02 | A command injection remote code execution vulnerability exists in HPE... |
| CVE-2025-37090 | 2025-06-02 | A server-side request forgery vulnerability exists in HPE StoreOnce Software. |
| CVE-2025-5447 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 ssid1MACFilter os command injection |
| CVE-2025-37091 | 2025-06-02 | A command injection remote code execution vulnerability exists in HPE... |
| CVE-2025-37092 | 2025-06-02 | A command injection remote code execution vulnerability exists in HPE... |
| CVE-2025-37093 | 2025-06-02 | An authentication bypass vulnerability exists in HPE StoreOnce Software. |
| CVE-2025-37094 | 2025-06-02 | A directory traversal arbitrary file deletion vulnerability exists in HPE... |
| CVE-2025-37095 | 2025-06-02 | A directory traversal information disclosure vulnerability exists in HPE StoreOnce... |
| CVE-2025-37096 | 2025-06-02 | A command injection remote code execution vulnerability exists in HPE... |
| CVE-2025-20001 | 2025-06-02 | An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A... |
| CVE-2024-54028 | 2025-06-02 | An integer underflow vulnerability exists in the OLE Document DIFAT... |
| CVE-2024-52035 | 2025-06-02 | An integer overflow vulnerability exists in the OLE Document File... |
| CVE-2024-48877 | 2025-06-02 | A memory corruption vulnerability exists in the Shared String Table... |
| CVE-2025-48866 | 2025-06-02 | ModSecurity has possible DoS vulnerability in sanitiseArg action |
| CVE-2025-48940 | 2025-06-02 | MyBB's upgrade component vulnerable to local file inclusion |
| CVE-2025-48941 | 2025-06-02 | MyBB may disclosure unviewable threads' titles in searches |
| CVE-2025-48994 | 2025-06-02 | SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack |
| CVE-2025-48995 | 2025-06-02 | SignXML's signature verification with HMAC is vulnerable to a timing attack |
| CVE-2024-7073 | 2025-06-02 | Unauthenticated Server-Side Request Forgery (SSRF) in Multiple WSO2 Products via SOAP Admin Services |
| CVE-2024-7074 | 2025-06-02 | Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Service Leading to Remote Code Execution |
| CVE-2024-3509 | 2025-06-02 | Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor |
| CVE-2024-8008 | 2025-06-02 | Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation |
| CVE-2024-1440 | 2025-06-02 | Open Redirection in Multiple WSO2 Products via Multi-Option Authentication Endpoint |
| CVE-2025-5036 | 2025-06-02 | RFA File Parsing Use-After-Free Vulnerability |
| CVE-2025-20297 | 2025-06-02 | Reflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation component |
| CVE-2025-20298 | 2025-06-02 | Incorrect permission assignment on Universal Forwarder for Windows during new installation or upgrade |
| CVE-2025-5086 | 2025-06-02 | Deserialization of Untrusted Data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 |
| CVE-2025-49069 | 2025-06-02 | WordPress Contact Forms by Cimatti plugin <= 1.9.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-1051 | 2025-06-02 | Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2025-48387 | 2025-06-02 | tar-fs has issue where extract can write outside the specified dir with a specific tarball |
| CVE-2025-48996 | 2025-06-02 | Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint |
| CVE-2025-47585 | 2025-06-02 | WordPress Booking and Rental Manager <= 2.3.8 - Broken Access Control Vulnerability |
| CVE-2025-3919 | 2025-06-02 | WordPress Comments Import & Export <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2025-5419 | 2025-06-02 | Out of bounds read and write in V8 in Google... |
| CVE-2025-5068 | 2025-06-02 | Use after free in Blink in Google Chrome prior to... |
| CVE-2025-23097 | 2025-06-03 | An issue was discovered in Samsung Mobile Processor Exynos 1380.... |
| CVE-2025-23098 | 2025-06-03 | An issue was discovered in Samsung Mobile Processor Exynos 980,... |
| CVE-2025-23100 | 2025-06-03 | An issue was discovered in Samsung Mobile Processor Exynos 1280,... |
| CVE-2025-23102 | 2025-06-03 | An issue was discovered in Samsung Mobile Processor Exynos 9820,... |
| CVE-2025-23103 | 2025-06-03 | An issue was discovered in Samsung Mobile Processor Exynos 1480... |
| CVE-2025-23107 | 2025-06-03 | An issue was discovered in Samsung Mobile Processor Exynos 1480... |
| CVE-2025-32105 | 2025-06-03 | A buffer overflow in the the Sangoma IMG2020 HTTP server... |
| CVE-2025-32106 | 2025-06-03 | In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request... |
| CVE-2025-43923 | 2025-06-03 | An issue was discovered in ReportController in Unicom Focal Point... |
| CVE-2025-43924 | 2025-06-03 | Cross Site Scripting vulnerability was discovered in Unicom Focal Point... |
| CVE-2025-43925 | 2025-06-03 | An issue was discovered in Unicom Focal Point 7.6.1. The... |
| CVE-2025-44148 | 2025-06-03 | Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows... |
| CVE-2025-45854 | 2025-06-03 | /server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code... |
| CVE-2025-45855 | 2025-06-03 | An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of... |
| CVE-2025-46154 | 2025-06-03 | Foxcms v1.25 has a SQL time injection in the $_POST['dbname']... |
| CVE-2025-4047 | 2025-06-03 | Broken Link Checker <= 2.4.4 - Missing Autorization to Authenticated (Subscriber+) Plugin Status Dashboard View |
| CVE-2025-2939 | 2025-06-03 | Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated PHP Object Injection to Limited Remote Code Execution |
| CVE-2025-4224 | 2025-06-03 | wpForo + wpForo Advanced Attachments <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-4797 | 2025-06-03 | Golo <= 1.7.0 - Authentication Bypass to Account Takeover |
| CVE-2025-31710 | 2025-06-03 | In engineermode service, there is a possible command injection due... |
| CVE-2025-31711 | 2025-06-03 | In cplog service, there is a possible system crash due... |
| CVE-2025-31712 | 2025-06-03 | In cplog service, there is a possible out of bounds... |
| CVE-2024-53010 | 2025-06-03 | Improper Access Control in Core |
| CVE-2024-53013 | 2025-06-03 | Buffer Copy Without Checking Size of Input in Audio |
| CVE-2024-53015 | 2025-06-03 | Use After Free in Computer Vision |
| CVE-2024-53016 | 2025-06-03 | Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver |
| CVE-2024-53017 | 2025-06-03 | Use of Out-of-range Pointer Offset in Camera Driver |
| CVE-2024-53018 | 2025-06-03 | Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver |
| CVE-2024-53019 | 2025-06-03 | Buffer Over-read in Data Network Stack & Connectivity |
| CVE-2024-53020 | 2025-06-03 | Buffer Over-read in Data Network Stack & Connectivity |
| CVE-2024-53021 | 2025-06-03 | Buffer Over-read in Data Network Stack & Connectivity |
| CVE-2024-53026 | 2025-06-03 | Buffer Over-read in Data Network Stack & Connectivity |
| CVE-2025-21463 | 2025-06-03 | Buffer Over-read in WLAN Host Communication |
| CVE-2025-21480 | 2025-06-03 | Incorrect Authorization in Graphics Windows |
| CVE-2025-21485 | 2025-06-03 | Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service |
| CVE-2025-21486 | 2025-06-03 | Untrusted Pointer Dereference in DSP Service |
| CVE-2025-27029 | 2025-06-03 | Buffer Over-read in WLAN HAL |
| CVE-2025-27031 | 2025-06-03 | Use After Free in Bluetooth HOST |
| CVE-2025-27038 | 2025-06-03 | Use After Free in Graphics |
| CVE-2025-3584 | 2025-06-03 | Newsletter < 8.8.2 - Admin+ Stored XSS via Subscription |
| CVE-2025-3662 | 2025-06-03 | FancyBox for WordPress < 3.3.6 - Unauthenticated Stored XSS |
| CVE-2025-4567 | 2025-06-03 | Post Slider and Carousel with Widget < 3.2.10 - Admin+ Stored XSS |
| CVE-2025-21479 | 2025-06-03 | Incorrect Authorization in Graphics |
| CVE-2025-41428 | 2025-06-03 | Improper limitation of a pathname to a restricted directory ('Path... |
| CVE-2025-46355 | 2025-06-03 | Incorrect default permissions issue in PC Time Tracer prior to... |
| CVE-2025-1725 | 2025-06-03 | Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads |
| CVE-2025-4420 | 2025-06-03 | Vayu Blocks <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via containerWidth Parameter |
| CVE-2025-5116 | 2025-06-03 | WP Plugin Info Card <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via containerid Parameter |
| CVE-2025-5103 | 2025-06-03 | Ultimate Gift Cards for WooCommerce <= 3.1.4 - Authenticated (Administrator+) SQL Injection via wps_wgm_save_post Function |
| CVE-2025-4392 | 2025-06-03 | Shared Files <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function |
| CVE-2025-31359 | 2025-06-03 | A directory traversal vulnerability exists in the PVMP package unpacking... |
| CVE-2024-36486 | 2025-06-03 | A privilege escalation vulnerability exists in the virtual machine archive... |
| CVE-2024-54189 | 2025-06-03 | A privilege escalation vulnerability exists in the Snapshot functionality of... |
| CVE-2024-52561 | 2025-06-03 | A privilege escalation vulnerability exists in the Snapshot functionality of... |
| CVE-2025-5492 | 2025-06-03 | D-Link DI-500WF-WT /usr/sbin/jhttpd msp_info.htm sub_456DE8 command injection |
| CVE-2025-5493 | 2025-06-03 | Baison Channel Middleware Product ToJsonByControlName sql injection |
| CVE-2025-5340 | 2025-06-03 | Music Player for Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via album_buy_url Parameter |
| CVE-2025-4671 | 2025-06-03 | Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes |
| CVE-2025-4205 | 2025-06-03 | Popup Maker <= 1.20.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via popupID Parameter |
| CVE-2025-5495 | 2025-06-03 | Netgear WNR614 URL improper authentication |
| CVE-2025-4517 | 2025-06-03 | Arbitrary writes via tarfile realpath overflow |