Lista CVE - 2025 / Giugno
Visualizzazione 1901 - 2000 di 3683 CVE per Giugno 2025 (Pagina 20 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-6150 | 2025-06-17 | TOTOLINK X15 HTTP POST Request formMultiAP buffer overflow |
| CVE-2025-48993 | 2025-06-17 | Group-Office vulnerable to reflected XSS via Look and Feel Formatting input |
| CVE-2025-6151 | 2025-06-17 | TP-Link TL-WR940N, TL-WR841N WanSlaacCfgRpm.htm buffer overflow |
| CVE-2025-6152 | 2025-06-17 | Steel Browser files.routes.ts handleFileUpload path traversal |
| CVE-2025-3774 | 2025-06-17 | Wise Chat <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header |
| CVE-2025-4775 | 2025-06-17 | WordPress Infinite Scroll – Ajax Load More <= 7.4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting |
| CVE-2025-5673 | 2025-06-17 | Blog2Social <= 8.4.4 - Authenticated (Subscriber+) SQL Injection via `prgSortPostType` Parameter |
| CVE-2025-6153 | 2025-06-17 | PHPGurukul Hostel Management System students.php sql injection |
| CVE-2025-49823 | 2025-06-17 | Conda Constructor Command Injection via Unsanitized User Input (Low) |
| CVE-2025-6154 | 2025-06-17 | PHPGurukul Hostel Management System login.inc.php sql injection |
| CVE-2025-6155 | 2025-06-17 | PHPGurukul Hostel Management System login-hm.inc.php sql injection |
| CVE-2025-6156 | 2025-06-17 | PHPGurukul Nipah Virus Testing Management System bwdates-report-ds.php sql injection |
| CVE-2025-6157 | 2025-06-17 | PHPGurukul Nipah Virus Testing Management System registered-user-testing.php sql injection |
| CVE-2025-6158 | 2025-06-17 | D-Link DIR-665 HTTP POST Request sub_AC78 stack-based overflow |
| CVE-2025-6159 | 2025-06-17 | code-projects Hostel Management System allocate_room.php sql injection |
| CVE-2025-6160 | 2025-06-17 | SourceCodester Client Database Management System user_customer_create_order.php sql injection |
| CVE-2025-6161 | 2025-06-17 | SourceCodester Simple Food Ordering System editproduct.php unrestricted upload |
| CVE-2025-6162 | 2025-06-17 | TOTOLINK EX1200T HTTP POST Request formMultiAP buffer overflow |
| CVE-2025-6163 | 2025-06-17 | TOTOLINK A3002RU HTTP POST Request formMultiAP buffer overflow |
| CVE-2025-6164 | 2025-06-17 | TOTOLINK A3002R HTTP POST Request formMultiAP buffer overflow |
| CVE-2025-5209 | 2025-06-17 | Ivory Search < 5.5.10 - Admin+ Stored XSS |
| CVE-2025-6165 | 2025-06-17 | TOTOLINK X15 HTTP POST Request formTmultiAP buffer overflow |
| CVE-2025-6166 | 2025-06-17 | frdel Agent-Zero image_get.py image_get path traversal |
| CVE-2025-6167 | 2025-06-17 | themanojdesai python-a2a api.py create_workflow path traversal |
| CVE-2025-6173 | 2025-06-17 | Webkul QloApps ajax_products_list.php sql injection |
| CVE-2025-40674 | 2025-06-17 | Reflected Cross-Site Scripting (XSS) in osCommerce |
| CVE-2025-3515 | 2025-06-17 | Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.9 - Unauthenticated Arbitrary File Upload via Insufficient Blacklist Checks |
| CVE-2025-6050 | 2025-06-17 | Stored Cross-Site Scripting (XSS) in Mezzanine CMS Admin Interface |
| CVE-2025-5700 | 2025-06-17 | Simple Logo Carousel <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2025-3880 | 2025-06-17 | Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.9.0 - Incorrect Authorization to Authenticated (Contributor+) Plugin Settings Update |
| CVE-2025-5291 | 2025-06-17 | Master Slider <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via masterslider_pb and ms_slide Shortcodes |
| CVE-2025-5777 | 2025-06-17 | NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread |
| CVE-2025-5349 | 2025-06-17 | NetScaler ADC and NetScaler Gateway - Improper access control on the NetScaler Management Interface |
| CVE-2025-4365 | 2025-06-17 | NetScaler Console and NetScaler SDX (SVM) - Arbitrary file read |
| CVE-2025-6020 | 2025-06-17 | Linux-pam: linux-pam directory traversal |
| CVE-2025-4879 | 2025-06-17 | Citrix Workspace App for Windows - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges |
| CVE-2025-0320 | 2025-06-17 | Citrix Secure Access - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges |
| CVE-2025-4404 | 2025-06-17 | Freeipa: idm: privilege escalation from host to domain admin in freeipa |
| CVE-2025-6069 | 2025-06-17 | HTMLParser quadratic complexity when processing malformed inputs |
| CVE-2025-49842 | 2025-06-17 | conda-forge-webservices Privilege Escalation Risk via Default Docker Root User |
| CVE-2025-34508 | 2025-06-17 | ZendTo < 6.15-8 Path Traversal |
| CVE-2025-6196 | 2025-06-17 | Libgepub: integer overflow in libgepub's epub archive handling |
| CVE-2025-6199 | 2025-06-17 | Gdk-pixbuf: uninitialized memory disclosure in gdkpixbuf gif lzw decoder |
| CVE-2025-4754 | 2025-06-17 | Missing Session Revocation on Logout in ash_authentication_phoenix |
| CVE-2025-49175 | 2025-06-17 | Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors |
| CVE-2025-49176 | 2025-06-17 | Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension |
| CVE-2025-49177 | 2025-06-17 | Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: data leak in xfixes extension's xfixessetclientdisconnectmode |
| CVE-2025-49178 | 2025-06-17 | Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore |
| CVE-2025-49179 | 2025-06-17 | Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x record extension |
| CVE-2025-49180 | 2025-06-17 | Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension |
| CVE-2025-49447 | 2025-06-17 | WordPress FW Food Menu <= 6.0.0 - Arbitrary File Upload Vulnerability |
| CVE-2025-49444 | 2025-06-17 | WordPress Reformer for Elementor <= 1.0.5 - Arbitrary File Upload Vulnerability |
| CVE-2025-49415 | 2025-06-17 | WordPress FW Gallery <= 8.0.0 - Arbitrary File Deletion Vulnerability |
| CVE-2025-49882 | 2025-06-17 | WordPress CubeWP Framework plugin <= 1.1.23 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49881 | 2025-06-17 | WordPress Responsive Blocks plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49880 | 2025-06-17 | WordPress CubeWP Forms plugin <= 1.1.5 - Broken Access Control Vulnerability |
| CVE-2025-49879 | 2025-06-17 | WordPress Litho <= 3.0 - Arbitrary File Deletion Vulnerability |
| CVE-2025-49878 | 2025-06-17 | WordPress WPAdverts plugin <= 2.2.4 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49877 | 2025-06-17 | WordPress ProfileGrid plugin <= 5.9.5.2 - Server Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-49875 | 2025-06-17 | WordPress If-So Dynamic Content Personalization plugin <= 1.9.3.1 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49874 | 2025-06-17 | WordPress Arconix FAQ plugin <= 1.9.6 - Broken Access Control Vulnerability |
| CVE-2025-49872 | 2025-06-17 | WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability |
| CVE-2025-49871 | 2025-06-17 | WordPress Noptin plugin <= 3.8.7 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49868 | 2025-06-17 | WordPress Automation By Autonami plugin <= 3.6.0 - Open Redirection Vulnerability |
| CVE-2025-49865 | 2025-06-17 | WordPress Advanced Settings plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) Vulnerability |
| CVE-2025-49864 | 2025-06-17 | WordPress AFS Analytics plugin <= 4.21 - Broken Access Control Vulnerability |
| CVE-2025-49863 | 2025-06-17 | WordPress Advanced Sermons plugin <= 3.6 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49862 | 2025-06-17 | WordPress Ebook Store plugin <= 5.8008 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49861 | 2025-06-17 | WordPress Kama Click Counter plugin <= 4.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49859 | 2025-06-17 | WordPress WP Views Counter plugin <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49858 | 2025-06-17 | WordPress Arconix Shortcodes plugin <= 2.1.17 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49857 | 2025-06-17 | WordPress myCred plugin <= 2.9.4.2 - Broken Access Control Vulnerability |
| CVE-2025-49856 | 2025-06-17 | WordPress Responsive Plus plugin <= 3.2.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability |
| CVE-2025-49855 | 2025-06-17 | WordPress Meks Flexible Shortcodes plugin <= 1.3.7 - Cross Site Scripting (XSS) Vulnerability |
| CVE-2025-49854 | 2025-06-17 | WordPress Slim SEO plugin <= 4.5.4 - SQL Injection Vulnerability |
| CVE-2025-49331 | 2025-06-17 | WordPress eCommerce Product Catalog <= 3.4.3 - PHP Object Injection Vulnerability |
| CVE-2025-49330 | 2025-06-17 | WordPress Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.3.0 - PHP Object Injection Vulnerability |
| CVE-2025-49316 | 2025-06-17 | WordPress WP2LEADS plugin <= 3.5.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49312 | 2025-06-17 | WordPress Echo RSS Feed Post Generator Plugin for WordPress plugin <= 5.4.8.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49266 | 2025-06-17 | WordPress Ultimate Reviews plugin <= 3.2.14 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-49261 | 2025-06-17 | WordPress Diza <= 1.3.8 - Local File Inclusion Vulnerability |
| CVE-2025-49260 | 2025-06-17 | WordPress Aora <= 1.3.9 - Local File Inclusion Vulnerability |
| CVE-2025-49259 | 2025-06-17 | WordPress Hara <= 1.2.10 - Local File Inclusion Vulnerability |
| CVE-2025-49258 | 2025-06-17 | WordPress Maia <= 1.1.15 - Local File Inclusion Vulnerability |
| CVE-2025-49257 | 2025-06-17 | WordPress Zota <= 1.3.8 - Local File Inclusion Vulnerability |
| CVE-2025-49256 | 2025-06-17 | WordPress Sapa <= 1.1.14 - Local File Inclusion Vulnerability |
| CVE-2025-49255 | 2025-06-17 | WordPress Ruza <= 1.0.7 - Local File Inclusion Vulnerability |
| CVE-2025-49254 | 2025-06-17 | WordPress Nika <= 1.2.8 - Local File Inclusion Vulnerability |
| CVE-2025-49253 | 2025-06-17 | WordPress Lasa <= 1.1 - Local File Inclusion Vulnerability |
| CVE-2025-49252 | 2025-06-17 | WordPress Besa <= 2.3.8 - Local File Inclusion Vulnerability |
| CVE-2025-49251 | 2025-06-17 | WordPress Fana <= 1.1.28 - Local File Inclusion Vulnerability |
| CVE-2025-49234 | 2025-06-17 | WordPress WP Dummy Content Generator plugin <= 3.4.6 - Arbitrary User Deletion vulnerability |
| CVE-2025-48274 | 2025-06-17 | WordPress WP Job Portal <= 2.3.2 - SQL Injection Vulnerability |
| CVE-2025-48145 | 2025-06-17 | WordPress Track, Analyze & Optimize by WP Tao plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2025-48118 | 2025-06-17 | WordPress Woocommerce Partial Shipment <= 3.2 - SQL Injection Vulnerability |
| CVE-2025-47573 | 2025-06-17 | WordPress School Management System Plugin <= 92.0.0 - SQL Injection vulnerability |
| CVE-2025-47572 | 2025-06-17 | WordPress School Management <= 93.0.0 - Local File Inclusion Vulnerability |
| CVE-2025-47559 | 2025-06-17 | WordPress MapSVG plugin <= 8.5.32 - Arbitrary File Upload vulnerability |
| CVE-2025-47452 | 2025-06-17 | WordPress WP VR <= 8.5.26 - Arbitrary File Upload Vulnerability |
| CVE-2025-39508 | 2025-06-17 | WordPress Nasa Core Plugin <= 6.3.2 - Cross Site Scripting (XSS) vulnerability |