CVE List - 2025 / June
Showing 1 - 100 of 840 CVEs for June 2025 (Page 1 of 9)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-5400 | 2025-06-01 | chaitak-gorai Blogbook GET Parameter user.php sql injection |
| CVE-2025-1499 | 2025-06-01 | IBM InfoSphere Information Server information disclosure |
| CVE-2025-25044 | 2025-06-01 | IBM Planning Analytics Local cross-site scripting |
| CVE-2025-2896 | 2025-06-01 | IBM Planning Analytics Local cross-site scripting |
| CVE-2025-33004 | 2025-06-01 | IBM Planning Analytics Local path traversal |
| CVE-2025-33005 | 2025-06-01 | IBM Planning Analytics Local session fixation |
| CVE-2025-5401 | 2025-06-01 | chaitak-gorai Blogbook GET Parameter post.php sql injection |
| CVE-2025-40908 | 2025-06-01 | YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified |
| CVE-2025-5402 | 2025-06-01 | chaitak-gorai Blogbook GET Parameter edit_post.php sql injection |
| CVE-2025-5403 | 2025-06-01 | chaitak-gorai Blogbook GET Parameter view_all_posts.php sql injection |
| CVE-2025-5404 | 2025-06-01 | chaitak-gorai Blogbook GET Parameter search.php denial of service |
| CVE-2025-5405 | 2025-06-01 | chaitak-gorai Blogbook post.php cross site scripting |
| CVE-2025-5406 | 2025-06-01 | chaitak-gorai Blogbook posts.php unrestricted upload |
| CVE-2025-5407 | 2025-06-01 | chaitak-gorai Blogbook register_script.php cross site scripting |
| CVE-2025-5408 | 2025-06-01 | WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow |
| CVE-2025-5409 | 2025-06-01 | Mist Community Edition API Token views.py create_token access control |
| CVE-2025-5410 | 2025-06-01 | Mist Community Edition middleware.py session_start_response cross-site request forgery |
| CVE-2025-5411 | 2025-06-01 | Mist Community Edition views.py tag_resources cross site scripting |
| CVE-2025-5412 | 2025-06-01 | Mist Community Edition Authentication Endpoint views.py login cross site scripting |
| CVE-2024-40112 | 2025-06-02 | A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006... |
| CVE-2024-40113 | 2025-06-02 | Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before... |
| CVE-2024-40114 | 2025-06-02 | A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall... |
| CVE-2024-57459 | 2025-06-02 | A time-based SQL injection vulnerability exists in mydetailsstudent.php in the... |
| CVE-2024-57783 | 2025-06-02 | The desktop application in Dot through 0.9.3 allows XSS and... |
| CVE-2025-23099 | 2025-06-02 | An issue was discovered in Samsung Mobile Processor Exynos 1480... |
| CVE-2025-23104 | 2025-06-02 | An issue was discovered in Samsung Mobile Processor Exynos 2200,... |
| CVE-2025-23105 | 2025-06-02 | An issue was discovered in Samsung Mobile Processor Exynos 2200,... |
| CVE-2025-27953 | 2025-06-02 | An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote... |
| CVE-2025-27954 | 2025-06-02 | An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote... |
| CVE-2025-27955 | 2025-06-02 | Clinical Collaboration Platform 12.2.1.5 has a weak logout system where... |
| CVE-2025-27956 | 2025-06-02 | Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote... |
| CVE-2025-44115 | 2025-06-02 | A vulnerability has been found in Cotonti Siena v0.9.25. Affected... |
| CVE-2025-44172 | 2025-06-02 | Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow... |
| CVE-2025-45387 | 2025-06-02 | osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken... |
| CVE-2025-45542 | 2025-06-02 | SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0.... |
| CVE-2025-49112 | 2025-06-02 | setDeferredReply in networking.c in Valkey through 8.1.1 has an integer... |
| CVE-2025-49113 | 2025-06-02 | Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote... |
| CVE-2025-49162 | 2025-06-02 | Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file... |
| CVE-2025-49163 | 2025-06-02 | Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting... |
| CVE-2025-49164 | 2025-06-02 | Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a... |
| CVE-2025-5420 | 2025-06-02 | juzaweb CMS Profile Page upload cross site scripting |
| CVE-2025-5421 | 2025-06-02 | juzaweb CMS Plugin Editor Page editor access control |
| CVE-2025-5422 | 2025-06-02 | juzaweb CMS Email Logs Page email access control |
| CVE-2025-5423 | 2025-06-02 | juzaweb CMS General Setting Page general access control |
| CVE-2025-5424 | 2025-06-02 | juzaweb CMS Media Page media access control |
| CVE-2025-20672 | 2025-06-02 | In Bluetooth driver, there is a possible out of bounds... |
| CVE-2025-20673 | 2025-06-02 | In wlan STA driver, there is a possible system crash... |
| CVE-2025-20674 | 2025-06-02 | In wlan AP driver, there is a possible way to... |
| CVE-2025-20675 | 2025-06-02 | In wlan STA driver, there is a possible system crash... |
| CVE-2025-20676 | 2025-06-02 | In wlan STA driver, there is a possible system crash... |
| CVE-2025-20677 | 2025-06-02 | In Bluetooth driver, there is a possible system crash due... |
| CVE-2025-20678 | 2025-06-02 | In ims service, there is a possible system crash due... |
| CVE-2025-5425 | 2025-06-02 | juzaweb CMS Theme Editor Page default access control |
| CVE-2025-5426 | 2025-06-02 | juzaweb CMS Menu Page menus access control |
| CVE-2024-11857 | 2025-06-02 | Realtek Bluetooth HCI Adaptor - Privilege Escalation |
| CVE-2025-5427 | 2025-06-02 | juzaweb CMS Permalinks Page permalinks access control |
| CVE-2025-5428 | 2025-06-02 | juzaweb CMS Error Logs Page log-viewer access control |
| CVE-2025-25179 | 2025-06-02 | GPU DDK - Freelist GPU VA can be remapped to another reservation/PMR to trigger GPU arbitrary write to physical memory |
| CVE-2025-5429 | 2025-06-02 | juzaweb CMS Plugins Page install access control |
| CVE-2025-5430 | 2025-06-02 | AssamLook CMS product.php sql injection |
| CVE-2025-5431 | 2025-06-02 | AssamLook CMS department-profile.php sql injection |
| CVE-2025-1485 | 2025-06-02 | Real Cookie Banner < 5.1.6 - Admin+ Stored XSS |
| CVE-2025-3951 | 2025-06-02 | WP-Optimize < 4.2.0 - Admin+ SQLi |
| CVE-2025-5432 | 2025-06-02 | AssamLook CMS view_tender.php sql injection |
| CVE-2025-1235 | 2025-06-02 | WAGO: Switches affected by year 2k38 problem |
| CVE-2025-5433 | 2025-06-02 | Fengoffice Feng Office index.php sql injection |
| CVE-2025-5434 | 2025-06-02 | Aem Solutions CMS page.php sql injection |
| CVE-2025-4010 | 2025-06-02 | Arbitrary Command Injection in Netcom NTC-6200 & NWL-222 |
| CVE-2025-5113 | 2025-06-02 | Authenticated Remote Command Injection in Diviotec NBR IP Cameras |
| CVE-2025-5435 | 2025-06-02 | Marwal Infotech CMS page.php sql injection |
| CVE-2025-0324 | 2025-06-02 | The VAPIX Device Configuration framework allowed a privilege escalation, enabling... |
| CVE-2025-0325 | 2025-06-02 | A Guard Tour VAPIX API parameter allowed the use of... |
| CVE-2025-0358 | 2025-06-02 | During an annual penetration test conducted on behalf of Axis... |
| CVE-2025-5436 | 2025-06-02 | Multilaser Sirius RE016 cstecgi.cgi information disclosure |
| CVE-2025-5437 | 2025-06-02 | Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication |
| CVE-2025-5455 | 2025-06-02 | Possible denial of service when passing malformed data in a URL to qDecodeDataUrl |
| CVE-2025-5438 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 WPS command injection |
| CVE-2025-5439 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 verifyFacebookLike os command injection |
| CVE-2025-5440 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 NTP os command injection |
| CVE-2025-1750 | 2025-06-02 | SQL Injection in run-llama/llama_index |
| CVE-2025-3260 | 2025-06-02 | A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users... |
| CVE-2025-5441 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 setDeviceURL os command injection |
| CVE-2025-3454 | 2025-06-02 | This vulnerability in Grafana's datasource proxy API allows authorization checks... |
| CVE-2025-29785 | 2025-06-02 | quic-go Has Panic in Path Probe Loss Recovery Handling |
| CVE-2025-47272 | 2025-06-02 | PhoenixCart Vulnerable to Account Deletion Without Password Confirmation |
| CVE-2025-5442 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_pingGatewayByBBS os command injection |
| CVE-2025-47289 | 2025-06-02 | Stored XSS in CE Phoenix Cart Testimonials Allows Account Takeover if Missing HttpOnly Flag |
| CVE-2025-48494 | 2025-06-02 | Gokapi vulnerable to stored XSS via uploading file with malicious file name |
| CVE-2025-0073 | 2025-06-02 | Mali GPU Kernel Driver allows improper GPU memory processing operations |
| CVE-2025-0819 | 2025-06-02 | Mali GPU Kernel Driver allows access to already freed memory |
| CVE-2025-1246 | 2025-06-02 | Mali GPU Userspace Driver allows an Out-of-Bounds access |
| CVE-2025-48495 | 2025-06-02 | Gokapi has stored XSS vulnerability in friendly name for API keys |
| CVE-2025-48955 | 2025-06-02 | Para Server Logs Sensitive Information |
| CVE-2025-48957 | 2025-06-02 | AstrBot Has Path Traversal Vulnerability in /api/chat/get_file |
| CVE-2025-48958 | 2025-06-02 | Froxlor has an HTML Injection Vulnerability |
| CVE-2025-48990 | 2025-06-02 | NeKernel has Heap Overflow in `rt_copy_memory` |
| CVE-2025-46807 | 2025-06-02 | File Descriptor Exhaustion in sslh-select and sslh-ev triggers SEGFAULT |
| CVE-2025-5443 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 wirelessAdvancedHidden os command injection |
| CVE-2025-5444 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_UpgradeFWByBBS os command injection |
| CVE-2025-46806 | 2025-06-02 | Misaligned Memory Accesses in `is_openvpn_protocol()` |