Lista CVE - 2025 / Giugno
Visualizzazione 801 - 900 di 3683 CVE per Giugno 2025 (Pagina 9 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-5785 | 2025-06-06 | TOTOLINK X15 HTTP POST Request formWirelessTbl buffer overflow |
| CVE-2025-5786 | 2025-06-06 | TOTOLINK X15 HTTP POST Request formDMZ buffer overflow |
| CVE-2025-5787 | 2025-06-06 | TOTOLINK X15 HTTP POST Request formWsc buffer overflow |
| CVE-2025-5788 | 2025-06-06 | TOTOLINK X15 HTTP POST Request formReflashClientTbl buffer overflow |
| CVE-2025-5789 | 2025-06-06 | TOTOLINK X15 HTTP POST Request formPortFw buffer overflow |
| CVE-2025-5790 | 2025-06-06 | TOTOLINK X15 HTTP POST Request formIpQoS buffer overflow |
| CVE-2025-47950 | 2025-06-06 | CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification |
| CVE-2025-49011 | 2025-06-06 | SpiceDB checks involving relations with caveats can result in no permission when permission is expected |
| CVE-2025-5792 | 2025-06-06 | TOTOLINK EX1200T HTTP POST Request formWlanRedirect buffer overflow |
| CVE-2025-5793 | 2025-06-06 | TOTOLINK EX1200T HTTP POST Request formPortFw buffer overflow |
| CVE-2025-5794 | 2025-06-06 | Tenda AC5 setPptpUserList formSetPPTPUserList buffer overflow |
| CVE-2025-5795 | 2025-06-06 | Tenda AC5 AdvSetLanip fromadvsetlanip buffer overflow |
| CVE-2025-5473 | 2025-06-06 | GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability |
| CVE-2025-5474 | 2025-06-06 | 2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability |
| CVE-2025-5480 | 2025-06-06 | Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| CVE-2025-5481 | 2025-06-06 | Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2025-3485 | 2025-06-06 | Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability |
| CVE-2025-2766 | 2025-06-06 | 70mai A510 Use of Default Password Authentication Bypass Vulnerability |
| CVE-2025-5796 | 2025-06-06 | code-projects Laundry System edit_type.php cross site scripting |
| CVE-2025-5797 | 2025-06-06 | code-projects Laundry System insert_type.php cross site scripting |
| CVE-2025-5798 | 2025-06-06 | Tenda AC8 SetSysTimeCfg fromSetSysTime stack-based overflow |
| CVE-2025-5799 | 2025-06-06 | Tenda AC8 WifiExtraSet fromSetWirelessRepeat stack-based overflow |
| CVE-2025-49127 | 2025-06-06 | Kafbat UI vulnerable to Remote Code Execution by JMX in Metrices Configuration |
| CVE-2025-49128 | 2025-06-06 | Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation |
| CVE-2024-55585 | 2025-06-07 | In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword. |
| CVE-2025-49619 | 2025-06-07 | Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows... |
| CVE-2025-5814 | 2025-06-07 | Profiler – What Slowing Down Your WP <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration |
| CVE-2025-47601 | 2025-06-07 | WordPress MaxiBlocks plugin <= 2.1.0 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2025-5399 | 2025-06-07 | WebSocket endless loop |
| CVE-2025-5303 | 2025-06-07 | LTL Freight Quotes – Freightview Edition <= 1.0.11, LTL Freight Quotes – Daylight Edition <=2.2.6 and LTL Freight Quotes – Day & Ross Edition <= 2.1.10 - Unauthenticated Stored Cross-Site Scripting via `expiry_date` Parameter |
| CVE-2024-9994 | 2025-06-07 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Pricing Table Widget |
| CVE-2025-5528 | 2025-06-07 | Social Sharing Plugin – Sassy Social Share <= 3.3.75 - Reflected Cross-Site Scripting via 'heateor_mastodon_share' Parameter |
| CVE-2025-5568 | 2025-06-07 | WpEvently <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9993 | 2025-06-07 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Event Calendar Widget |
| CVE-2025-5836 | 2025-06-07 | Tenda AC9 POST Request SetIPTVCfg formSetIptv command injection |
| CVE-2025-5837 | 2025-06-07 | PHPGurukul Employee Record Management System allemployees.php sql injection |
| CVE-2025-5838 | 2025-06-07 | PHPGurukul Employee Record Management System adminprofile.php sql injection |
| CVE-2025-5839 | 2025-06-07 | Tenda AC9 POST Request AdvSetLanip fromadvsetlanip buffer overflow |
| CVE-2025-5840 | 2025-06-07 | SourceCodester Client Database Management System user_update_customer_order.php unrestricted upload |
| CVE-2025-38003 | 2025-06-08 | can: bcm: add missing rcu read protection for procfs content |
| CVE-2025-38004 | 2025-06-08 | can: bcm: add locking for bcm_op runtime updates |
| CVE-2025-20063 | 2025-06-08 | arkui_ace_engine has a type confusion vulnerability |
| CVE-2025-21082 | 2025-06-08 | arkui_ace_engine has a type confusion vulnerability |
| CVE-2025-23235 | 2025-06-08 | arkcompiler_ets_runtime has an out-of-bounds write vulnerability |
| CVE-2025-25217 | 2025-06-08 | arkui_ace_enginehas a NULL pointer dereference vulnerability |
| CVE-2025-24493 | 2025-06-08 | kernel_liteos_a has a race condition vulnerability |
| CVE-2025-27131 | 2025-06-08 | kernel_liteos_m has an improper input vulnerability |
| CVE-2025-26691 | 2025-06-08 | telephony_call_manager has an improper preservation of permissions vulnerability |
| CVE-2025-26693 | 2025-06-08 | security_access_token has an improper preservation of permissions vulnerability |
| CVE-2025-27563 | 2025-06-08 | security_access_token has an improper preservation of permissions vulnerability |
| CVE-2025-27242 | 2025-06-08 | Ssecurity_component_manager has an improper input vulnerability |
| CVE-2025-27247 | 2025-06-08 | Pasteboard has an improper preservation of permissions vulnerability |
| CVE-2025-5847 | 2025-06-08 | Tenda AC9 HTTP POST Request SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow |
| CVE-2025-3459 | 2025-06-08 | ON Semiconductor Quantenna transmit_file Argument Injection |
| CVE-2025-3460 | 2025-06-08 | ON Semiconductor Quantenna set_tx_pow Argument Injection |
| CVE-2025-3461 | 2025-06-08 | ON Semiconductor Quantenna Telnet Missing Authentication |
| CVE-2025-32455 | 2025-06-08 | ON Semiconductor Quantenna router_command.sh (in the run_cmd argument) Argument Injection |
| CVE-2025-32456 | 2025-06-08 | ON Semiconductor Quantenna router_command.sh (in the put_file_to_qtn argument) Argument Injection |
| CVE-2025-32457 | 2025-06-08 | ON Semiconductor Quantenna router_command.sh (in the get_file_from_qtn argument) Argument Injection |
| CVE-2025-32458 | 2025-06-08 | ON Semiconductor Quantenna router_command.sh (in the get_syslog_from_qtn argument) Argument Injection |
| CVE-2025-32459 | 2025-06-08 | ON Semiconductor Quantenna router_command.sh (in the sync_time argument) Argument Injection |
| CVE-2025-35004 | 2025-06-08 | Microhard Bullet-LTE and IPn4Gii AT+MFIP Argument Injection |
| CVE-2025-35005 | 2025-06-08 | Microhard Bullet-LTE and IPn4Gii AT+MFMAC Argument Injection |
| CVE-2025-35006 | 2025-06-08 | Microhard Bullet-LTE and IPn4Gii AT+MFPORTFWD Argument Injection |
| CVE-2025-35007 | 2025-06-08 | Microhard Bullet-LTE and IPn4Gii AT+MFRULE Argument Injection |
| CVE-2025-35008 | 2025-06-08 | Microhard Bullet-LTE and IPn4Gii AT+MMNAME Argument Injection |
| CVE-2025-35009 | 2025-06-08 | Microhard Bullet-LTE and IPn4Gii AT+MNNETSP Argument Injection |
| CVE-2025-35010 | 2025-06-08 | Microhard Bullet-LTE and IPn4Gii AT+MNPINGTM Argument Injection |
| CVE-2025-5848 | 2025-06-08 | Tenda AC15 HTTP POST Request setPptpUserList formSetPPTPUserList buffer overflow |
| CVE-2025-5849 | 2025-06-08 | Tenda AC15 HTTP POST Request SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow |
| CVE-2025-5850 | 2025-06-08 | Tenda AC15 HTTP POST Request SetLEDCf formsetschedled buffer overflow |
| CVE-2025-5851 | 2025-06-08 | Tenda AC15 HTTP POST Request AdvSetLanip fromadvsetlanip buffer overflow |
| CVE-2024-46452 | 2025-06-09 | A Host Header injection vulnerability in the password reset function of VigyBag Open Source Online Shop commit 3f0e21b allows attackers to redirect victim users to a malicious site via a... |
| CVE-2025-29627 | 2025-06-09 | An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module |
| CVE-2025-45001 | 2025-06-09 | react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using... |
| CVE-2025-45002 | 2025-06-09 | Vigybag v1.0 and before is vulnerable to Cross Site Scripting (XSS) via the upload profile picture function under my profile. |
| CVE-2025-45055 | 2025-06-09 | Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed... |
| CVE-2025-46041 | 2025-06-09 | A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add). |
| CVE-2025-46178 | 2025-06-09 | Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim... |
| CVE-2025-5852 | 2025-06-09 | Tenda AC6 setPptpUserList formSetPPTPUserList buffer overflow |
| CVE-2025-5853 | 2025-06-09 | Tenda AC6 SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow |
| CVE-2025-5854 | 2025-06-09 | Tenda AC6 AdvSetLanip fromadvsetlanip buffer overflow |
| CVE-2025-5855 | 2025-06-09 | Tenda AC6 SetRebootTimer formSetRebootTimer stack-based overflow |
| CVE-2025-5856 | 2025-06-09 | PHPGurukul BP Monitoring Management System registration.php sql injection |
| CVE-2025-5857 | 2025-06-09 | code-projects Patient Record Management System urinalysis_record.php sql injection |
| CVE-2025-5858 | 2025-06-09 | PHPGurukul Nipah Virus Testing Management System patient-report.php sql injection |
| CVE-2025-5859 | 2025-06-09 | PHPGurukul Nipah Virus Testing Management System test-details.php sql injection |
| CVE-2025-5860 | 2025-06-09 | PHPGurukul Maid Hiring Management System search-booking-request.php sql injection |
| CVE-2025-5861 | 2025-06-09 | Tenda AC7 AdvSetLanip fromadvsetlanip buffer overflow |
| CVE-2025-5862 | 2025-06-09 | Tenda AC7 setPptpUserList formSetPPTPUserList buffer overflow |
| CVE-2025-5863 | 2025-06-09 | Tenda AC5 SetRebootTimer formSetRebootTimer stack-based overflow |
| CVE-2025-47712 | 2025-06-09 | Nbd: nbdkit: integer overflow triggers an assertion resulting in denial of service |
| CVE-2025-3581 | 2025-06-09 | Newsletter < 8.8.5 - Admin+ Stored XSS via Widget |
| CVE-2025-3582 | 2025-06-09 | Newsletter < 8.8.5 - Admin+ Stored XSS via Form |
| CVE-2025-4652 | 2025-06-09 | Broadstreet < 1.51.8 - Reflected XSS |
| CVE-2025-5864 | 2025-06-09 | Tenda TDSEE App Password Reset Confirmation Code ConfirmSmsCode excessive authentication |
| CVE-2025-47711 | 2025-06-09 | Nbdkit: nbdkit-server: off-by-one error when processing block status may lead to a denial of service |
| CVE-2025-25207 | 2025-06-09 | Rhcl: authpolicy callbacks result in denial of service in authorino severity |
| CVE-2025-25208 | 2025-06-09 | Rhcl: authorino denial of service through authpolicy with sharedsecretref severity |
| CVE-2025-25209 | 2025-06-09 | Rhcl: sharedsecretref can be used to leak secrets severity |