Lista CVE - 2025 / Giugno
Visualizzazione 3601 - 3683 di 3683 CVE per Giugno 2025 (Pagina 37 di 37)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-45931 | 2025-06-30 | An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file |
| CVE-2025-46014 | 2025-06-30 | Several services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 was discovered to connect services to the named pipe iMateBookAssistant with default or overly permissive security attributes, leading to... |
| CVE-2025-49493 | 2025-06-30 | Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection. |
| CVE-2025-52491 | 2025-06-30 | Akamai CloudTest before 60 2025.06.09 (12989) allows SSRF. |
| CVE-2025-6878 | 2025-06-30 | SourceCodester Best Salon Management System search-appointment.php sql injection |
| CVE-2025-6879 | 2025-06-30 | SourceCodester Best Salon Management System add-tax.php sql injection |
| CVE-2025-6880 | 2025-06-30 | SourceCodester Best Salon Management System edit-tax.php sql injection |
| CVE-2025-6881 | 2025-06-30 | D-Link DI-8100 jhttpd pppoe_base.asp buffer overflow |
| CVE-2025-0634 | 2025-06-30 | Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2. |
| CVE-2025-53075 | 2025-06-30 | Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2. |
| CVE-2025-53076 | 2025-06-30 | Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2. |
| CVE-2025-53074 | 2025-06-30 | Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2. |
| CVE-2025-6882 | 2025-06-30 | D-Link DIR-513 formSetWanPPTP buffer overflow |
| CVE-2025-6883 | 2025-06-30 | code-projects Staff Audit System update_index.php sql injection |
| CVE-2025-6884 | 2025-06-30 | code-projects Staff Audit System search_index.php sql injection |
| CVE-2025-6885 | 2025-06-30 | PHPGurukul Teachers Record Management System edit-teacher-detail.php sql injection |
| CVE-2025-6886 | 2025-06-30 | Tenda AC5 openSchedWifi stack-based overflow |
| CVE-2025-6887 | 2025-06-30 | Tenda AC5 SetSysTimeCfg stack-based overflow |
| CVE-2025-6888 | 2025-06-30 | PHPGurukul Teachers Record Management System changeimage.php sql injection |
| CVE-2025-6889 | 2025-06-30 | code-projects Movie Ticketing System logIn.php sql injection |
| CVE-2025-3745 | 2025-06-30 | WP Lightbox 2 < 3.0.6.8 - Unauthenticated Stored XSS |
| CVE-2025-5730 | 2025-06-30 | Easy Contact Form Lite < 1.1.29 - Contributor+ Stored XSS |
| CVE-2025-6890 | 2025-06-30 | code-projects Movie Ticketing System ticketConfirmation.php sql injection |
| CVE-2025-6891 | 2025-06-30 | code-projects Inventory Management System createUser.php sql injection |
| CVE-2025-6896 | 2025-06-30 | D-Link DI-7300G+ wget_test.asp os command injection |
| CVE-2025-38087 | 2025-06-30 | net/sched: fix use-after-free in taprio_dev_notifier |
| CVE-2025-38088 | 2025-06-30 | powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap |
| CVE-2025-38089 | 2025-06-30 | sunrpc: handle SVC_GARBAGE during svc auth processing as auth error |
| CVE-2025-38090 | 2025-06-30 | drivers/rapidio/rio_cm.c: prevent possible heap overwrite |
| CVE-2025-6897 | 2025-06-30 | D-Link DI-7300G+ httpd_debug.asp os command injection |
| CVE-2025-6898 | 2025-06-30 | D-Link DI-7300G+ in proxy_client.asp os command injection |
| CVE-2025-40731 | 2025-06-30 | SQL injection vulnerability in Daily Expense Manager |
| CVE-2025-40732 | 2025-06-30 | User enumeration vulnerability in Daily Expense Manager |
| CVE-2025-40733 | 2025-06-30 | Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager |
| CVE-2025-40734 | 2025-06-30 | Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager |
| CVE-2025-6899 | 2025-06-30 | D-Link DI-7300G+/DI-8200G msp_info.htm os command injection |
| CVE-2025-6900 | 2025-06-30 | code-projects Library System add-book.php unrestricted upload |
| CVE-2025-53415 | 2025-06-30 | File Parsing Deserialization of Untrusted Data in DTM Soft |
| CVE-2025-53416 | 2025-06-30 | File Parsing Deserialization of Untrusted Data in DTN Soft |
| CVE-2025-41439 | 2025-06-30 | A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in... |
| CVE-2025-6901 | 2025-06-30 | code-projects Inventory Management System removeUser.php sql injection |
| CVE-2024-8419 | 2025-06-30 | ifm: Improper Access Control vulnerability in AC4xxS devices |
| CVE-2025-6902 | 2025-06-30 | code-projects Inventory Management System editUser.php sql injection |
| CVE-2025-6903 | 2025-06-30 | code-projects Car Rental System approve.php sql injection |
| CVE-2025-40710 | 2025-06-30 | Host Header Injection (HHI) in the Hotspot Shield VPN client |
| CVE-2025-6904 | 2025-06-30 | code-projects Car Rental System add_cars.php sql injection |
| CVE-2025-4407 | 2025-06-30 | Application does not invalidate session after password reset |
| CVE-2025-6905 | 2025-06-30 | code-projects Car Rental System signup.php sql injection |
| CVE-2025-6906 | 2025-06-30 | code-projects Car Rental System login.php sql injection |
| CVE-2025-6907 | 2025-06-30 | code-projects Car Rental System book_car.php sql injection |
| CVE-2025-6908 | 2025-06-30 | PHPGurukul Old Age Home Management System edit-services.php sql injection |
| CVE-2025-6909 | 2025-06-30 | PHPGurukul Old Age Home Management System add-scdetails.php sql injection |
| CVE-2025-6910 | 2025-06-30 | PHPGurukul Student Record System session.php sql injection |
| CVE-2025-6911 | 2025-06-30 | PHPGurukul Student Record System manage-subjects.php sql injection |
| CVE-2025-2895 | 2025-06-30 | IBM Cloud Pak System HTML injection |
| CVE-2025-6912 | 2025-06-30 | PHPGurukul Student Record System manage-students.php sql injection |
| CVE-2025-6913 | 2025-06-30 | PHPGurukul Student Record System admin-profile.php sql injection |
| CVE-2024-12915 | 2025-06-30 | Reflected XSS in Devinim Software's Modified Koha Library Software |
| CVE-2025-6914 | 2025-06-30 | PHPGurukul Student Record System edit-student.php sql injection |
| CVE-2025-6915 | 2025-06-30 | PHPGurukul Student Record System register.php sql injection |
| CVE-2025-46702 | 2025-06-30 | Mattermost Playbooks allows privilege escalation through improper access control in playbook run participant management |
| CVE-2025-47871 | 2025-06-30 | Mattermost Playbooks exposes private channel metadata to unauthorized users via run metadata API |
| CVE-2025-6916 | 2025-06-30 | TOTOLINK T6 formLoginAuth.htm Form_Login missing authentication |
| CVE-2025-52895 | 2025-06-30 | Frappe possibility of SQL injection due to improper validations |
| CVE-2025-52896 | 2025-06-30 | Frappe authenticated XSS via data import |
| CVE-2025-52898 | 2025-06-30 | Frappe account takeover via password reset token leakage |
| CVE-2025-6917 | 2025-06-30 | code-projects Online Hotel Booking registration.php sql injection |
| CVE-2025-6925 | 2025-06-30 | Dromara RuoYi-Vue-Plus Mail MailController.java path traversal |
| CVE-2025-36593 | 2025-06-30 | Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access could potentially exploit this vulnerability... |
| CVE-2025-52901 | 2025-06-30 | File Browser allows sensitive data to be transferred in URL |
| CVE-2025-52995 | 2025-06-30 | File Browser vulnerable to command execution allowlist bypass |
| CVE-2025-52996 | 2025-06-30 | File Browser's Password Protection of Links Vulnerable to Bypass |
| CVE-2025-52997 | 2025-06-30 | File Browser Insecurely Handles Passwords |
| CVE-2025-53004 | 2025-06-30 | Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability |
| CVE-2025-49521 | 2025-06-30 | Event-driven-ansible: template injection via git branch and refspec in eda projects |
| CVE-2025-49520 | 2025-06-30 | Event-driven-ansible: authenticated argument injection in git url in eda project creation |
| CVE-2025-6929 | 2025-06-30 | PHPGurukul Zoo Management System view-normal-ticket.php sql injection |
| CVE-2025-6554 | 2025-06-30 | Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-6930 | 2025-06-30 | PHPGurukul Zoo Management System manage-foreigners-ticket.php sql injection |
| CVE-2025-6931 | 2025-06-30 | D-Link DCS-6517/DCS-7517 Root Password Generation httpd generate_pass_from_mac entropy |
| CVE-2025-6932 | 2025-06-30 | D-Link DCS-7517 Qlync Password Generation httpd g_F_n_GenPassForQlync hard-coded password |
| CVE-2025-6935 | 2025-06-30 | Campcodes Sales and Inventory System payment_add.php sql injection |
| CVE-2025-45006 | 2025-07-01 | Improper mstatus.SUM bit retention (non-zero) in Open-Source RISC-V Processor commit f517abb violates privileged spec constraints, enabling potential physical memory access attacks. |
| CVE-2025-45081 | 2025-07-01 | Misconfigured settings in IITB SSO v1.1.0 allow attackers to access sensitive application data. |
| CVE-2025-45083 | 2025-07-01 | Incorrect access control in Ullu (Android version v2.9.929 and IOS version v2.8.0) allows attackers to bypass parental pin feature via unspecified vectors. |
| CVE-2025-45872 | 2025-07-01 | zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter. |
| CVE-2025-50404 | 2025-07-01 | Intelbras RX1500 Router v2.2.17 and before is vulnerable to Integer Overflow. The websReadEvent function incorrectly uses the int type when processing the "command" field of the http header, causing the... |
| CVE-2025-50405 | 2025-07-01 | Intelbras RX1500 Router v2.2.17 and before is vulnerable to Incorrect Access Control in the FirmwareUpload function and GetFirmwareValidation function. |
| CVE-2025-50641 | 2025-07-01 | Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId. |
| CVE-2025-52101 | 2025-07-01 | linjiashop <=0.9 is vulnerable to Incorrect Access Control. When using the default-generated JWT authentication, attackers can bypass the authentication and retrieve the encrypted "password" and "salt". The password can then... |
| CVE-2025-52294 | 2025-07-01 | Insufficient validation of the screen lock mechanism in Trust Wallet v8.45 allows physically proximate attackers to bypass the lock screen and view the wallet balance. |
| CVE-2025-6936 | 2025-07-01 | code-projects Simple Pizza Ordering System addpro.php sql injection |
| CVE-2025-6937 | 2025-07-01 | code-projects Simple Pizza Ordering System large.php sql injection |
| CVE-2025-53005 | 2025-07-01 | Dataease PostgreSQL Data Source JDBC Connection Parameters Bypass Vulnerability |
| CVE-2025-36056 | 2025-07-01 | IBM System Storage Virtualization Engine TS7700 cross-site scripting |
| CVE-2025-2141 | 2025-07-01 | IBM System Storage Virtualization Engine TS7700 cross-site scripting |
| CVE-2025-53003 | 2025-07-01 | Janssen Config API returns results without scope verification |
| CVE-2025-6938 | 2025-07-01 | code-projects Simple Pizza Ordering System editcus.php sql injection |
| CVE-2025-53096 | 2025-07-01 | Sunshine clickjacking in the UI leads to unauthorized actions being performed |
| CVE-2025-53095 | 2025-07-01 | Sunshine application-wide CSRF in the UI leads to command injection as Administrator |