Lista CVE - 2025 / Giugno
Visualizzazione 201 - 300 di 3683 CVE per Giugno 2025 (Pagina 3 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-4138 | 2025-06-03 | Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory |
| CVE-2025-4435 | 2025-06-03 | Tarfile extracts filtered members when errorlevel=0 |
| CVE-2024-12718 | 2025-06-03 | Bypass extraction filter to modify file metadata outside extraction directory |
| CVE-2025-5497 | 2025-06-03 | slackero phpwcms Feedimport processing.inc.php deserialization |
| CVE-2025-5498 | 2025-06-03 | slackero phpwcms Custom Source Tab cnt21.readform.inc.php is_file deserialization |
| CVE-2025-5499 | 2025-06-03 | slackero phpwcms image_resized.php getimagesize deserialization |
| CVE-2025-5501 | 2025-06-03 | Open5GS NGAP PathSwitchRequest Message ngap-handler.c ngap_handle_path_switch_request_transfer assertion |
| CVE-2025-5502 | 2025-06-03 | TOTOLINK X15 formMapReboot command injection |
| CVE-2025-5503 | 2025-06-03 | TOTOLINK X15 formMapReboot stack-based overflow |
| CVE-2025-5504 | 2025-06-03 | TOTOLINK X2000R formWsc command injection |
| CVE-2025-36564 | 2025-06-03 | Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation. |
| CVE-2025-46548 | 2025-06-03 | Apache Pekko Management, Apache Pekko Management, Apache Pekko Management, Akka Management, Akka Management, Akka Management: management API basic authentication is not effective |
| CVE-2024-45655 | 2025-06-03 | IBM Application Gateway incorrect permission assignment |
| CVE-2025-5505 | 2025-06-03 | TOTOLINK A3002RU Virtual Server Page formPortFw cross site scripting |
| CVE-2025-5506 | 2025-06-03 | TOTOLINK A3002RU NAT Mapping Page cross site scripting |
| CVE-2025-25019 | 2025-06-03 | IBM QRadar Suite Software and IBM Cloud Pak for Security session fixation |
| CVE-2025-25022 | 2025-06-03 | IBM QRadar Suite Software and IBM Cloud Pak for Security information disclosure |
| CVE-2025-25021 | 2025-06-03 | IBM QRadar Suite Software and IBM Cloud Pak for Security code injection |
| CVE-2025-1334 | 2025-06-03 | IBM QRadar Suite Software and IBM Cloud Pak for Security information disclosure |
| CVE-2025-25020 | 2025-06-03 | IBM QRadar Suite Software and IBM Cloud Pak for Security improper input validation |
| CVE-2025-5507 | 2025-06-03 | TOTOLINK A3002RU MAC Filtering Page cross site scripting |
| CVE-2025-5508 | 2025-06-03 | TOTOLINK A3002RU IP Port Filtering Page cross site scripting |
| CVE-2025-5509 | 2025-06-03 | quequnlong shiyi-blog upload path traversal |
| CVE-2025-5510 | 2025-06-03 | quequnlong shiyi-blog optimize server-side request forgery |
| CVE-2025-30167 | 2025-06-03 | Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| CVE-2025-5511 | 2025-06-03 | quequnlong shiyi-blog photos improper authorization |
| CVE-2025-5512 | 2025-06-03 | quequnlong shiyi-blog Administrator Backend verifyPassword improper authentication |
| CVE-2025-5513 | 2025-06-03 | quequnlong shiyi-blog add cross site scripting |
| CVE-2025-5515 | 2025-06-03 | TOTOLINK X2000R formMapDel command injection |
| CVE-2025-30359 | 2025-06-03 | webpack-dev-server users' source code may be stolen when they access a malicious web site |
| CVE-2025-30360 | 2025-06-03 | webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser |
| CVE-2025-5516 | 2025-06-03 | TOTOLINK X2000R URL Filtering Page formFilter cross site scripting |
| CVE-2025-5520 | 2025-06-03 | Open5GS AMF/MME emm_state_authentication assertion |
| CVE-2025-48950 | 2025-06-03 | MaxKB Python Sandbox Bypass in Function Library |
| CVE-2025-48953 | 2025-06-03 | Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads |
| CVE-2025-48997 | 2025-06-03 | Multer vulnerable to Denial of Service via unhandled exception |
| CVE-2025-48998 | 2025-06-03 | Dataease MYSQL JDBC File Reading Vulnerability |
| CVE-2025-5521 | 2025-06-03 | WuKongOpenSource WukongCRM updataPassword cross-site request forgery |
| CVE-2025-5522 | 2025-06-03 | jack0240 魏 bskms 蓝天幼儿园管理系统 User Creation addUser improper authorization |
| CVE-2025-35036 | 2025-06-03 | hibernate-validator insecure default Expression Language interpolation |
| CVE-2025-5523 | 2025-06-03 | enilu web-flash File Upload upload fileService.upload cross site scripting |
| CVE-2025-5525 | 2025-06-03 | Jrohy trojan linux.go LogChan os command injection |
| CVE-2025-5527 | 2025-06-03 | Tenda RX3 SetStaticRouteCfg save_staticroute_data stack-based overflow |
| CVE-2025-48999 | 2025-06-03 | Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability |
| CVE-2025-49001 | 2025-06-03 | Dataease Authentication Bypass Vulnerability |
| CVE-2025-49002 | 2025-06-03 | Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability |
| CVE-2025-48951 | 2025-06-03 | Auth0-PHP SDK Deserialization of Untrusted Data vulnerability |
| CVE-2025-49000 | 2025-06-03 | InvenTree has uncontrolled memory allocation via built-in label-sheet plugin |
| CVE-2025-5542 | 2025-06-03 | TOTOLINK X2000R Virtual Server Page formPortFw cross site scripting |
| CVE-2025-5543 | 2025-06-03 | TOTOLINK X2000R Parent Controls Page cross site scripting |
| CVE-2025-24015 | 2025-06-03 | Deno's AES GCM authentication tags are not verified |
| CVE-2025-5544 | 2025-06-03 | aaluoxiang oa_system UserpanelController.java image path traversal |
| CVE-2025-5545 | 2025-06-03 | aaluoxiang oa_system ProcedureController.java image path traversal |
| CVE-2025-5546 | 2025-06-03 | PHPGurukul Daily Expense Tracker System expense-reports-detailed.php sql injection |
| CVE-2025-23095 | 2025-06-04 | An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation. |
| CVE-2025-23096 | 2025-06-04 | An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation. |
| CVE-2025-23101 | 2025-06-04 | An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation. |
| CVE-2025-23106 | 2025-06-04 | An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation. |
| CVE-2025-27811 | 2025-06-04 | A local privilege escalation in the razer_elevation_service.exe in Razer Synapse 4 through 4.0.86.2502180127 allows a local attacker to escalate their privileges via a vulnerable COM interface in the target service. |
| CVE-2025-29093 | 2025-06-04 | File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/Gallery/Images component. |
| CVE-2025-29094 | 2025-06-04 | Cross Site Scripting vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Marketing/Forms, Marketing/Offers and Content/Pages components. |
| CVE-2025-46011 | 2025-06-04 | Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges. |
| CVE-2025-46203 | 2025-06-04 | An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint. |
| CVE-2025-46204 | 2025-06-04 | An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint. |
| CVE-2025-5547 | 2025-06-04 | FreeFloat FTP Server CDUP Command buffer overflow |
| CVE-2025-5548 | 2025-06-04 | FreeFloat FTP Server NOOP Command buffer overflow |
| CVE-2025-5549 | 2025-06-04 | FreeFloat FTP Server PASV Command buffer overflow |
| CVE-2025-5550 | 2025-06-04 | FreeFloat FTP Server PBSZ Command buffer overflow |
| CVE-2025-5551 | 2025-06-04 | FreeFloat FTP Server SYSTEM Command buffer overflow |
| CVE-2025-49223 | 2025-06-04 | billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2025-5552 | 2025-06-04 | ChestnutCMS API Endpoint exec deserialization |
| CVE-2025-5553 | 2025-06-04 | PHPGurukul Rail Pass Management System download-pass.php sql injection |
| CVE-2025-5554 | 2025-06-04 | PHPGurukul Rail Pass Management System pass-bwdates-reports-details.php sql injection |
| CVE-2025-5556 | 2025-06-04 | PHPGurukul Teacher Subject Allocation Management System edit-teacher-info.php sql injection |
| CVE-2025-5557 | 2025-06-04 | PHPGurukul Teacher Subject Allocation Management System edit-course.php sql injection |
| CVE-2025-5531 | 2025-06-04 | Staff Directory – Employee Directory for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-5532 | 2025-06-04 | Faculty Staff and Student Directory Plugin – Campus Directory <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-5558 | 2025-06-04 | PHPGurukul Teacher Subject Allocation Management System changeimage.php sql injection |
| CVE-2025-5560 | 2025-06-04 | PHPGurukul Curfew e-Pass Management System index.php sql injection |
| CVE-2025-5539 | 2025-06-04 | Simplify Contact Management: WP Easy Contact <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-5561 | 2025-06-04 | PHPGurukul Curfew e-Pass Management System view-pass-detail.php sql injection |
| CVE-2024-31127 | 2025-06-04 | MacOS Zscaler Client Connector Local Privilege Escalation |
| CVE-2025-20981 | 2025-06-04 | Improper access control in AudioService prior to SMR Jun-2025 Release 1 allows local attackers to access sensitive information. |
| CVE-2025-20984 | 2025-06-04 | Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch. |
| CVE-2025-20985 | 2025-06-04 | Improper privilege management in ThemeManager prior to SMR Jun-2025 Release 1 allows local privileged attackers to reuse trial items. |
| CVE-2025-20986 | 2025-06-04 | Improper access control in ScreenCapture for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to take screenshots. |
| CVE-2025-20987 | 2025-06-04 | Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a auth_token. |
| CVE-2025-20988 | 2025-06-04 | Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory. |
| CVE-2025-20989 | 2025-06-04 | Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmac_key. |
| CVE-2025-20991 | 2025-06-04 | Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable. |
| CVE-2025-20992 | 2025-06-04 | Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory. |
| CVE-2025-20993 | 2025-06-04 | Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory. |
| CVE-2025-20994 | 2025-06-04 | Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files. |
| CVE-2025-20995 | 2025-06-04 | Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to read and write arbitrary files. |
| CVE-2025-20996 | 2025-06-04 | Improper authorization in Smart Switch installed on non-Samsung Device prior to version 3.7.64.10 allows local attackers to read data with the privilege of Smart Switch. User interaction is required for... |
| CVE-2025-5562 | 2025-06-04 | PHPGurukul Curfew e-Pass Management System edit-category-detail.php sql injection |
| CVE-2025-5566 | 2025-06-04 | PHPGurukul Notice Board System search-notice.php sql injection |
| CVE-2025-5569 | 2025-06-04 | IdeaCMS getList.html Goods sql injection |
| CVE-2025-5571 | 2025-06-04 | D-Link DCS-932L setSystemAdmin os command injection |
| CVE-2025-48710 | 2025-06-04 | kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where... |