Lista CVE - 2025 / Giugno
Visualizzazione 2001 - 2100 di 3683 CVE per Giugno 2025 (Pagina 21 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-39486 | 2025-06-17 | WordPress Rankie plugin < 1.8.2 - SQL Injection vulnerability |
| CVE-2025-39479 | 2025-06-17 | WordPress Smart Notification Plugin <= 10.3 - SQL Injection vulnerability |
| CVE-2025-32549 | 2025-06-17 | WordPress WPGYM <= 65.0 - Local File Inclusion Vulnerability |
| CVE-2025-32510 | 2025-06-17 | WordPress Ovatheme Events Manager plugin <= 1.8.4 - Arbitrary File Upload vulnerability |
| CVE-2025-31919 | 2025-06-17 | WordPress Spare <= 1.7 - PHP Object Injection Vulnerability |
| CVE-2025-30988 | 2025-06-17 | WordPress Elite Video Player <= 10.0.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-30618 | 2025-06-17 | WordPress Rapyd Payment Extension for WooCommerce plugin <= 1.2.0 - PHP Object Injection Vulnerability |
| CVE-2025-30562 | 2025-06-17 | WordPress Navigation Tree Elementor plugin <= 1.0.1 - SQL Injection Vulnerability |
| CVE-2025-29002 | 2025-06-17 | WordPress Simen <= 4.6 - Local File Inclusion Vulnerability |
| CVE-2025-28991 | 2025-06-17 | WordPress Evon <= 3.4 - Local File Inclusion Vulnerability |
| CVE-2025-28972 | 2025-06-17 | WordPress WP Employee Attendance System <= 3.5 - SQL Injection Vulnerability |
| CVE-2025-24773 | 2025-06-17 | WordPress WPCRM - CRM for Contact form CF7 & WooCommerce <= 3.2.0 - SQL Injection Vulnerability |
| CVE-2025-24761 | 2025-06-17 | WordPress DSK <= 2.2 - Local File Inclusion Vulnerability |
| CVE-2025-49508 | 2025-06-17 | WordPress CozyStay < 1.7.1 - Local File Inclusion Vulnerability |
| CVE-2025-49452 | 2025-06-17 | WordPress PostaPanduri <= 2.1.3 - SQL Injection Vulnerability |
| CVE-2025-49451 | 2025-06-17 | WordPress Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery <= 1.0.12 - Directory Traversal Vulnerability |
| CVE-2025-49071 | 2025-06-17 | WordPress Flozen < 1.5.1 - Arbitrary File Upload Vulnerability |
| CVE-2025-48333 | 2025-06-17 | WordPress eForm - WordPress Form Builder < 4.19.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-48111 | 2025-06-17 | WordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-33122 | 2025-06-17 | IBM i privilege escalation |
| CVE-2025-47865 | 2025-06-17 | A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affected installations. |
| CVE-2025-47866 | 2025-06-17 | An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations. |
| CVE-2025-47867 | 2025-06-17 | A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and... |
| CVE-2025-49219 | 2025-06-17 | An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to... |
| CVE-2025-49220 | 2025-06-17 | An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to... |
| CVE-2025-34509 | 2025-06-17 | Sitecore XM and XP Hardcoded Credentials |
| CVE-2025-49848 | 2025-06-17 | Out-of-bounds Write in Write in LS Electric GMWin 4 |
| CVE-2025-49849 | 2025-06-17 | Out-of-bounds Read in Write in LS Electric GMWin 4 |
| CVE-2025-49850 | 2025-06-17 | Out-of-bounds Read in Write in LS Electric GMWin 4 |
| CVE-2025-49154 | 2025-06-17 | An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have... |
| CVE-2025-49155 | 2025-06-17 | An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected... |
| CVE-2025-49156 | 2025-06-17 | A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain... |
| CVE-2025-49157 | 2025-06-17 | A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first... |
| CVE-2025-49158 | 2025-06-17 | An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first... |
| CVE-2025-49487 | 2025-06-17 | An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an attacker with physical access to a machine to execute arbitrary code... |
| CVE-2025-34510 | 2025-06-17 | Sitecore XM, XC, and XP Post-Auth RCE via Zip Slip |
| CVE-2025-34511 | 2025-06-17 | Sitecore PowerShell Extension RCE via Unrestricted Upload |
| CVE-2025-5141 | 2025-06-17 | Core Privileged Access Manager (BoKS) Leakage of Sensitive Data via the Cache |
| CVE-2025-30678 | 2025-06-17 | A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. |
| CVE-2025-30679 | 2025-06-17 | A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. |
| CVE-2025-30680 | 2025-06-17 | A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations. Please note: this... |
| CVE-2025-49847 | 2025-06-17 | llama.cpp Vulnerable to Buffer Overflow via Malicious GGUF Model |
| CVE-2025-30640 | 2025-06-17 | A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the... |
| CVE-2025-30641 | 2025-06-17 | A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations. Please note: an... |
| CVE-2025-30642 | 2025-06-17 | A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations. Please note: an... |
| CVE-2025-49211 | 2025-06-17 | A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability... |
| CVE-2025-32412 | 2025-06-17 | Fuji Electric Smart Editor Out-of-bounds Read |
| CVE-2025-41413 | 2025-06-17 | Fuji Electric Smart Editor Out-of-bounds Write |
| CVE-2025-41388 | 2025-06-17 | Fuji Electric Smart Editor Stack-based Buffer Overflow |
| CVE-2025-49212 | 2025-06-17 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220... |
| CVE-2025-49213 | 2025-06-17 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212... |
| CVE-2025-49214 | 2025-06-17 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the... |
| CVE-2025-49215 | 2025-06-17 | A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the... |
| CVE-2025-49216 | 2025-06-17 | An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations. |
| CVE-2025-49217 | 2025-06-17 | An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213... |
| CVE-2025-49218 | 2025-06-17 | A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to... |
| CVE-2025-48443 | 2025-06-17 | Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to... |
| CVE-2025-49843 | 2025-06-17 | conda-smithy Has Incorrect Default File Permissions |
| CVE-2025-49824 | 2025-06-17 | conda-smithy Insecure Encryption Vulnerable to Oracle Padding Attack |
| CVE-2025-49384 | 2025-06-17 | Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its... |
| CVE-2025-49385 | 2025-06-17 | Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its... |
| CVE-2025-49593 | 2025-06-17 | Portainer HTTP Headers May Leak to Malicious Container Registries |
| CVE-2025-49825 | 2025-06-17 | Teleport allows remote authentication bypass |
| CVE-2025-49149 | 2025-06-17 | Dify has XSS vulnerability |
| CVE-2025-26198 | 2025-06-18 | CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL... |
| CVE-2025-26199 | 2025-06-18 | CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based attackers.... |
| CVE-2025-29646 | 2025-06-18 | An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker to cause a Denial of Service via a crafted PFCP SessionEstablishmentRequest packet with restoration indication = true... |
| CVE-2025-44951 | 2025-06-18 | A missing length check in `ogs_pfcp_dev_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow... |
| CVE-2025-44952 | 2025-06-18 | A missing length check in `ogs_pfcp_subnet_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow... |
| CVE-2025-45661 | 2025-06-18 | A cross-site scripting (XSS) vulnerability in miniTCG v1.3.1 beta allows attackers to execute abritrary web scripts or HTML via injecting a crafted payload into the id parameter at /members/edit.php. |
| CVE-2025-45784 | 2025-06-18 | D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using... |
| CVE-2025-45786 | 2025-06-18 | Real Estate Management 1.0 is vulnerable to Cross Site Scripting (XSS) in /store/index.php. |
| CVE-2025-46109 | 2025-06-18 | SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a remote attacker to obtain sensitive information via a crafted GET request |
| CVE-2025-46157 | 2025-06-18 | An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form |
| CVE-2025-49015 | 2025-06-18 | The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due... |
| CVE-2025-23252 | 2025-06-18 | The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricted components. A successful exploit of this vulnerability may lead to information disclosure. |
| CVE-2025-4413 | 2025-06-18 | Pixabay Images <= 3.4 - Authenticated (Author+) Arbitrary File Upload |
| CVE-2025-50202 | 2025-06-18 | Lychee Path Traversal Vulnerability |
| CVE-2025-51381 | 2025-06-18 | An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and earlier. If this vulnerability is exploited, an attacker may bypass the authentication of the product from within the LAN to which... |
| CVE-2025-4955 | 2025-06-18 | tarteaucitron.io < 1.9.5 - Contributor+ Stored XSS |
| CVE-2025-1562 | 2025-06-18 | Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.3 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation |
| CVE-2025-5981 | 2025-06-18 | Arbitrary File write in OSV-SCALIBR |
| CVE-2025-6086 | 2025-06-18 | CSV Me <= 2.0 - Authenticated (Administrator+) Arbitrary File Upload |
| CVE-2025-5237 | 2025-06-18 | Target Video Easy Publish <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter |
| CVE-2025-23999 | 2025-06-18 | WordPress Breeze plugin <= 2.2.13 - Broken Access Control vulnerability |
| CVE-2025-38005 | 2025-06-18 | dmaengine: ti: k3-udma: Add missing locking |
| CVE-2025-38006 | 2025-06-18 | net: mctp: Don't access ifa_index when missing |
| CVE-2025-38007 | 2025-06-18 | HID: uclogic: Add NULL check in uclogic_input_configured() |
| CVE-2025-38008 | 2025-06-18 | mm/page_alloc: fix race condition in unaccepted memory handling |
| CVE-2025-38009 | 2025-06-18 | wifi: mt76: disable napi on driver removal |
| CVE-2025-38010 | 2025-06-18 | phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking |
| CVE-2025-38011 | 2025-06-18 | drm/amdgpu: csa unmap use uninterruptible lock |
| CVE-2025-38012 | 2025-06-18 | sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator |
| CVE-2025-38013 | 2025-06-18 | wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request |
| CVE-2025-38014 | 2025-06-18 | dmaengine: idxd: Refactor remove call with idxd_cleanup() helper |
| CVE-2025-38015 | 2025-06-18 | dmaengine: idxd: fix memory leak in error handling path of idxd_alloc |
| CVE-2025-38016 | 2025-06-18 | HID: bpf: abort dispatch if device destroyed |
| CVE-2025-38017 | 2025-06-18 | fs/eventpoll: fix endless busy loop after timeout has expired |
| CVE-2025-38018 | 2025-06-18 | net/tls: fix kernel panic when alloc_page failed |
| CVE-2025-38019 | 2025-06-18 | mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices |