Lista CVE - 2025 / Giugno
Visualizzazione 3301 - 3400 di 3683 CVE per Giugno 2025 (Pagina 34 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-52993 | 2025-06-27 | A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user (e.g., nixbld* or... |
| CVE-2025-6738 | 2025-06-27 | huija bicycleSharingServer UserServiceImpl.java userDao.selectUserByUserNameLike sql injection |
| CVE-2025-6748 | 2025-06-27 | Bharti Airtel Thanks App files cleartext storage in a file or on disk |
| CVE-2025-6749 | 2025-06-27 | huija bicycleSharingServer AdminController.java searchAdminMessageShow sql injection |
| CVE-2025-6750 | 2025-06-27 | HDF5 H5Omtime.c H5O__mtime_new_encode heap-based overflow |
| CVE-2025-6751 | 2025-06-27 | Linksys E8450 HTTP POST Request portal.cgi set_device_language buffer overflow |
| CVE-2025-6752 | 2025-06-27 | Linksys WRT1900ACS/EA7200/EA7450/EA7500 IGD Layer3Forwarding SetDefaultConnectionService stack-based overflow |
| CVE-2025-6753 | 2025-06-27 | huija bicycleSharingServer AdminController.java selectAdminByNameLike sql injection |
| CVE-2025-6488 | 2025-06-27 | isMobile <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via device Parameter |
| CVE-2025-36529 | 2025-06-27 | An OS command injection issue exists in multiple versions of TB-eye network recorders and AHD recorders. If this vulnerability is exploited, an arbitrary OS command may be executed by an... |
| CVE-2025-41418 | 2025-06-27 | Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request. |
| CVE-2025-5035 | 2025-06-27 | Firelight Lightbox < 2.3.16 - Contributor+ Stored XSS |
| CVE-2025-5093 | 2025-06-27 | Responsive Lightbox & Gallery < 2.5.2 - Contributor+ Stored XSS |
| CVE-2025-5194 | 2025-06-27 | WP Map Block by aBlocks < 2.0.3 - Contributor+ Stored XSS via Marker |
| CVE-2025-5526 | 2025-06-27 | BuddyPress Docs < 2.2.5 - Subscriber+ Arbitrary Document Read/Update |
| CVE-2025-6689 | 2025-06-27 | FL3R Accessibility Suite <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via fl3raccessibilitysuite Shortcode |
| CVE-2025-4587 | 2025-06-27 | A/B Testing for WordPress <= 1.18.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-6550 | 2025-06-27 | The Pack Elementor addon <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-5940 | 2025-06-27 | Osom Blocks <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter |
| CVE-2025-5936 | 2025-06-27 | VR Calendar <= 2.4.7 - Cross-Site Request Forgery to Calendar Sync |
| CVE-2025-6688 | 2025-06-27 | Simple Payment 1.3.6 - 2.3.8 - Authentication Bypass to Admin |
| CVE-2025-5306 | 2025-06-27 | Command Injection in Netflow path |
| CVE-2025-2940 | 2025-06-27 | Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated Server-Side Request Forgery |
| CVE-2024-12827 | 2025-06-27 | DWT - Directory & Listing WordPress Theme <= 3.3.6 - Unauthenticated Arbitrary User Password Reset |
| CVE-2025-5398 | 2025-06-27 | Ninja Forms <= 3.10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via CSTI |
| CVE-2025-6761 | 2025-06-27 | Kingdee Cloud-Starry-Sky Enterprise Edition Freemarker Engine DynamicForm 4 Action.class plugin.buildMobilePopHtml special elements used in a template engine |
| CVE-2025-6762 | 2025-06-27 | diyhi bbs HTTP Header login getUrl server-side request forgery |
| CVE-2025-6763 | 2025-06-27 | Comet System H3531 Web-based Management setupA.cfg missing authentication |
| CVE-2025-49448 | 2025-06-27 | WordPress FW Food Menu plugin <= 6.0.0 - Arbitrary File Deletion Vulnerability |
| CVE-2025-49423 | 2025-06-27 | WordPress Bulk YouTube Post Creator plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49416 | 2025-06-27 | WordPress FW Gallery plugin <= 8.0.0 - Local File Inclusion Vulnerability |
| CVE-2025-24760 | 2025-06-27 | WordPress Sofass theme <= 1.3.4 - Local File Inclusion Vulnerability |
| CVE-2025-23973 | 2025-06-27 | WordPress SpecFit-Virtual Try On Woocommerce plugin <= 7.0.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-23967 | 2025-06-27 | WordPress GG Bought Together for WooCommerce plugin <= 1.0.2 - SQL Injection Vulnerability |
| CVE-2023-25998 | 2025-06-27 | WordPress Samex - Clean, Minimal Shop WooCommerce WordPress Theme <= 2.6 - Local File Inclusion Vulnerability |
| CVE-2025-52834 | 2025-06-27 | WordPress Homey theme <= 2.4.5 - SQL Injection Vulnerability |
| CVE-2025-52829 | 2025-06-27 | WordPress DirectIQ Email Marketing plugin <= 2.0 - SQL Injection Vulnerability |
| CVE-2025-52827 | 2025-06-27 | WordPress Nuss theme <= 1.3.3 - PHP Object Injection Vulnerability |
| CVE-2025-52826 | 2025-06-27 | WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability |
| CVE-2025-52824 | 2025-06-27 | WordPress Mobile DJ Manager plugin <= 1.7.6 - Privilege Escalation Vulnerability |
| CVE-2025-52818 | 2025-06-27 | WordPress Trusty Whistleblowing plugin <= 1.5.2 - Broken Access Control Vulnerability |
| CVE-2025-52817 | 2025-06-27 | WordPress Abandoned Contact Form 7 plugin <= 2.0 - Broken Access Control Vulnerability |
| CVE-2025-52816 | 2025-06-27 | WordPress Zita theme <= 1.6.5 - Local File Inclusion Vulnerability |
| CVE-2025-52815 | 2025-06-27 | WordPress CityGov theme <= 1.9 - Local File Inclusion Vulnerability |
| CVE-2025-52814 | 2025-06-27 | WordPress BRW plugin <= 1.7.9 - Local File Inclusion Vulnerability |
| CVE-2025-52812 | 2025-06-27 | WordPress Domnoo theme <= 1.49 - Local File Inclusion Vulnerability |
| CVE-2025-52811 | 2025-06-27 | WordPress Davenport - Versatile Blog and Magazine WordPress Theme <= 1.3 - Local File Inclusion Vulnerability |
| CVE-2025-52810 | 2025-06-27 | WordPress Katerio - Magazine theme <= 1.5.1 - Local File Inclusion Vulnerability |
| CVE-2025-52809 | 2025-06-27 | WordPress National Weather Service Alerts plugin <= 1.3.5 - Local File Inclusion Vulnerability |
| CVE-2025-52808 | 2025-06-27 | WordPress RealtyElite theme <= 1.0.0 - Local File Inclusion Vulnerability |
| CVE-2025-52799 | 2025-06-27 | WordPress LMS theme <= 9.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-52778 | 2025-06-27 | WordPress xili-dictionary plugin <= 2.12.5.2 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-52774 | 2025-06-27 | WordPress Infility Global plugin <= 2.12.7 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-52729 | 2025-06-27 | WordPress Diza theme <= 1.3.9 - Local File Inclusion Vulnerability |
| CVE-2025-52727 | 2025-06-27 | WordPress CSS3 Vertical Web Pricing Tables plugin <= 1.9 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-52726 | 2025-06-27 | WordPress CouponXxL Custom Post Types plugin <= 3.0 - Privilege Escalation Vulnerability |
| CVE-2025-52725 | 2025-06-27 | WordPress CouponXxL theme <= 3.0.0 - PHP Object Injection Vulnerability |
| CVE-2025-52724 | 2025-06-27 | WordPress Amwerk theme <= 1.2.0 - PHP Object Injection Vulnerability |
| CVE-2025-52723 | 2025-06-27 | WordPress Networker theme <= 1.2.0 - Local File Inclusion Vulnerability |
| CVE-2025-52722 | 2025-06-27 | WordPress Classiera theme <= 4.0.34 - SQL Injection Vulnerability |
| CVE-2025-52717 | 2025-06-27 | WordPress LifterLMS plugin <= 8.0.6 - SQL Injection Vulnerability |
| CVE-2025-50052 | 2025-06-27 | WordPress Flexo Counter plugin <= 1.0001 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49886 | 2025-06-27 | WordPress Zikzag Core plugin <= 1.4.5 - Local File Inclusion Vulnerability |
| CVE-2025-49885 | 2025-06-27 | WordPress Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin <= 5.0.6 - Arbitrary File Upload Vulnerability |
| CVE-2025-49883 | 2025-06-27 | WordPress Greenmart theme <= 4.2.3 - Local File Inclusion Vulnerability |
| CVE-2025-49321 | 2025-06-27 | WordPress Eventin plugin <= 4.0.28 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49290 | 2025-06-27 | WordPress Off-Canvas Sidebars & Menus (Slidebars) plugin <= 0.5.8.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47654 | 2025-06-27 | WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.20 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-47574 | 2025-06-27 | WordPress School Management System Plugin <= 92.0.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39488 | 2025-06-27 | WordPress MagOne theme <= 8.5 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39478 | 2025-06-27 | WordPress Smart Notification Plugin <= 10.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-39474 | 2025-06-27 | WordPress Amely theme <= 3.1.4 - SQL Injection vulnerability |
| CVE-2025-32298 | 2025-06-27 | WordPress CTUsers plugin <= 1.0.0 - Local File Inclusion Vulnerability |
| CVE-2025-32281 | 2025-06-27 | WordPress WPKit For Elementor plugin <= 1.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2025-31428 | 2025-06-27 | WordPress HYDRO theme <= 2.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-31067 | 2025-06-27 | WordPress Seven Stars theme <= 1.4.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-30992 | 2025-06-27 | WordPress Puca theme <= 2.6.33 - Local File Inclusion Vulnerability |
| CVE-2025-30972 | 2025-06-27 | WordPress Woocommerce Line Notify plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-28998 | 2025-06-27 | WordPress SERPed.net plugin <= 4.6 - Local File Inclusion Vulnerability |
| CVE-2025-28993 | 2025-06-27 | WordPress Content No Cache plugin <= 0.1.3 - Arbitrary Function Call vulnerability |
| CVE-2025-28990 | 2025-06-27 | WordPress SNS Vicky theme <= 3.7 - Local File Inclusion Vulnerability |
| CVE-2025-28988 | 2025-06-27 | WordPress WP Front User Submit / Front Editor plugin <= 4.9.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28970 | 2025-06-27 | WordPress WP Optimize By xTraffic plugin <= 5.1.6 - PHP Object Injection Vulnerability |
| CVE-2025-28960 | 2025-06-27 | WordPress Evangelische Termine plugin <= 3.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-28956 | 2025-06-27 | WordPress Backwp plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-28947 | 2025-06-27 | WordPress MBStore - Digital WooCommerce WordPress Theme <= 2.3 - Local File Inclusion Vulnerability |
| CVE-2025-28946 | 2025-06-27 | WordPress PrintXtore theme <= 1.7.5 - Local File Inclusion Vulnerability |
| CVE-2025-27361 | 2025-06-27 | WordPress Photo Express for Google plugin <= 0.3.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-25173 | 2025-06-27 | WordPress FastBook plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-25171 | 2025-06-27 | WordPress WP SmartPay plugin <= 2.7.13 - Account Takeover vulnerability |
| CVE-2025-24774 | 2025-06-27 | WordPress WPCRM - CRM for Contact form CF7 & WooCommerce plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-24769 | 2025-06-27 | WordPress Zenny theme <= 1.7.5 - Local File Inclusion Vulnerability |
| CVE-2025-24765 | 2025-06-27 | WordPress Image Shadow plugin <= 1.1.0 - Arbitrary File Deletion Vulnerability |
| CVE-2025-6765 | 2025-06-27 | Intelbras InControl HTTP PUT Request operador permission |
| CVE-2025-40910 | 2025-06-27 | Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses |
| CVE-2025-6766 | 2025-06-27 | sfturing hosp_order OfficeServiceImpl.java getOfficeName sql injection |
| CVE-2025-53018 | 2025-06-27 | Lychee has Server-Side Request Forgery (SSRF) in Photo::fromUrl API via unvalidated remote image URLs |
| CVE-2025-6767 | 2025-06-27 | sfturing hosp_order DoctorServiceImpl.java findDoctorByCondition sql injection |
| CVE-2025-53193 | 2025-06-27 | WordPress Burst Statistics plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-53197 | 2025-06-27 | WordPress Cookiebot plugin <= 4.5.8 - Cross Site Request Forgery (CSRF) Vulnerability |