CVE List - 2025 / June
Showing 1 - 100 of 3683 CVEs for June 2025 (Page 1 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-1499 | 2025-06-01 | IBM InfoSphere Information Server information disclosure |
| CVE-2025-25044 | 2025-06-01 | IBM Planning Analytics Local cross-site scripting |
| CVE-2025-2896 | 2025-06-01 | IBM Planning Analytics Local cross-site scripting |
| CVE-2025-33004 | 2025-06-01 | IBM Planning Analytics Local path traversal |
| CVE-2025-33005 | 2025-06-01 | IBM Planning Analytics Local session fixation |
| CVE-2025-5401 | 2025-06-01 | chaitak-gorai Blogbook GET Parameter post.php sql injection |
| CVE-2025-40908 | 2025-06-01 | YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified |
| CVE-2025-5402 | 2025-06-01 | chaitak-gorai Blogbook GET Parameter edit_post.php sql injection |
| CVE-2025-5403 | 2025-06-01 | chaitak-gorai Blogbook GET Parameter view_all_posts.php sql injection |
| CVE-2025-5404 | 2025-06-01 | chaitak-gorai Blogbook GET Parameter search.php denial of service |
| CVE-2025-5405 | 2025-06-01 | chaitak-gorai Blogbook post.php cross site scripting |
| CVE-2025-5406 | 2025-06-01 | chaitak-gorai Blogbook posts.php unrestricted upload |
| CVE-2025-5407 | 2025-06-01 | chaitak-gorai Blogbook register_script.php cross site scripting |
| CVE-2025-5408 | 2025-06-01 | WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow |
| CVE-2025-5409 | 2025-06-01 | Mist Community Edition API Token views.py create_token access control |
| CVE-2025-5410 | 2025-06-01 | Mist Community Edition middleware.py session_start_response cross-site request forgery |
| CVE-2025-5411 | 2025-06-01 | Mist Community Edition views.py tag_resources cross site scripting |
| CVE-2025-5412 | 2025-06-01 | Mist Community Edition Authentication Endpoint views.py login cross site scripting |
| CVE-2024-40112 | 2025-06-02 | A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary... |
| CVE-2024-40113 | 2025-06-02 | Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials. |
| CVE-2024-40114 | 2025-06-02 | A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code. |
| CVE-2024-57459 | 2025-06-02 | A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL... |
| CVE-2024-57783 | 2025-06-02 | The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because... |
| CVE-2025-23099 | 2025-06-02 | An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes. |
| CVE-2025-23104 | 2025-06-02 | An issue was discovered in Samsung Mobile Processor Exynos 2200. A Use-After-Free in the mobile processor leads to privilege escalation. |
| CVE-2025-23105 | 2025-06-02 | An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation. |
| CVE-2025-27953 | 2025-06-02 | An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component. |
| CVE-2025-27954 | 2025-06-02 | An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx. |
| CVE-2025-27955 | 2025-06-02 | Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code. |
| CVE-2025-27956 | 2025-06-02 | Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter. |
| CVE-2025-44115 | 2025-06-02 | A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting. |
| CVE-2025-44172 | 2025-06-02 | Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. |
| CVE-2025-45387 | 2025-06-02 | osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php. |
| CVE-2025-45542 | 2025-06-02 | SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries. |
| CVE-2025-49112 | 2025-06-02 | setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used. |
| CVE-2025-49113 | 2025-06-02 | Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP... |
| CVE-2025-49162 | 2025-06-02 | Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename. |
| CVE-2025-49163 | 2025-06-02 | Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file. |
| CVE-2025-49164 | 2025-06-02 | Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a. |
| CVE-2025-5420 | 2025-06-02 | juzaweb CMS Profile Page upload cross site scripting |
| CVE-2025-5421 | 2025-06-02 | juzaweb CMS Plugin Editor Page editor access control |
| CVE-2025-5422 | 2025-06-02 | juzaweb CMS Email Logs Page email access control |
| CVE-2025-5423 | 2025-06-02 | juzaweb CMS General Setting Page general access control |
| CVE-2025-5424 | 2025-06-02 | juzaweb CMS Media Page media access control |
| CVE-2025-20672 | 2025-06-02 | In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed.... |
| CVE-2025-20673 | 2025-06-02 | In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction... |
| CVE-2025-20674 | 2025-06-02 | In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional... |
| CVE-2025-20675 | 2025-06-02 | In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction... |
| CVE-2025-20676 | 2025-06-02 | In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction... |
| CVE-2025-20677 | 2025-06-02 | In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is... |
| CVE-2025-20678 | 2025-06-02 | In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue... |
| CVE-2025-5425 | 2025-06-02 | juzaweb CMS Theme Editor Page default access control |
| CVE-2025-5426 | 2025-06-02 | juzaweb CMS Menu Page menus access control |
| CVE-2024-11857 | 2025-06-02 | Realtek Bluetooth HCI Adaptor - Privilege Escalation |
| CVE-2025-5427 | 2025-06-02 | juzaweb CMS Permalinks Page permalinks access control |
| CVE-2025-5428 | 2025-06-02 | juzaweb CMS Error Logs Page log-viewer access control |
| CVE-2025-25179 | 2025-06-02 | GPU DDK - Freelist GPU VA can be remapped to another reservation/PMR to trigger GPU arbitrary write to physical memory |
| CVE-2025-5429 | 2025-06-02 | juzaweb CMS Plugins Page install access control |
| CVE-2025-5430 | 2025-06-02 | AssamLook CMS product.php sql injection |
| CVE-2025-5431 | 2025-06-02 | AssamLook CMS department-profile.php sql injection |
| CVE-2025-1485 | 2025-06-02 | Real Cookie Banner < 5.1.6 - Admin+ Stored XSS |
| CVE-2025-3951 | 2025-06-02 | WP-Optimize < 4.2.0 - Admin+ SQLi |
| CVE-2025-5432 | 2025-06-02 | AssamLook CMS view_tender.php sql injection |
| CVE-2025-1235 | 2025-06-02 | WAGO: Switches affected by year 2k38 problem |
| CVE-2025-5433 | 2025-06-02 | Fengoffice Feng Office index.php sql injection |
| CVE-2025-5434 | 2025-06-02 | Aem Solutions CMS page.php sql injection |
| CVE-2025-4010 | 2025-06-02 | Arbitrary Command Injection in Netcom NTC-6200 & NWL-222 |
| CVE-2025-5113 | 2025-06-02 | Authenticated Remote Command Injection in Diviotec NBR IP Cameras |
| CVE-2025-5435 | 2025-06-02 | Marwal Infotech CMS page.php sql injection |
| CVE-2025-0324 | 2025-06-02 | The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges. |
| CVE-2025-0325 | 2025-06-02 | A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in... |
| CVE-2025-0358 | 2025-06-02 | During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user... |
| CVE-2025-5436 | 2025-06-02 | Multilaser Sirius RE016 cstecgi.cgi information disclosure |
| CVE-2025-5437 | 2025-06-02 | Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication |
| CVE-2025-5455 | 2025-06-02 | Possible denial of service when passing malformed data in a URL to qDecodeDataUrl |
| CVE-2025-5438 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 WPS command injection |
| CVE-2025-5439 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 verifyFacebookLike os command injection |
| CVE-2025-5440 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 NTP os command injection |
| CVE-2025-1750 | 2025-06-02 | SQL Injection in run-llama/llama_index |
| CVE-2025-3260 | 2025-06-02 | A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: - Viewers can view... |
| CVE-2025-5441 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 setDeviceURL os command injection |
| CVE-2025-3454 | 2025-06-02 | This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized... |
| CVE-2025-29785 | 2025-06-02 | quic-go Has Panic in Path Probe Loss Recovery Handling |
| CVE-2025-47272 | 2025-06-02 | PhoenixCart Vulnerable to Account Deletion Without Password Confirmation |
| CVE-2025-5442 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_pingGatewayByBBS os command injection |
| CVE-2025-47289 | 2025-06-02 | Stored XSS in CE Phoenix Cart Testimonials Allows Account Takeover if Missing HttpOnly Flag |
| CVE-2025-48494 | 2025-06-02 | Gokapi vulnerable to stored XSS via uploading file with malicious file name |
| CVE-2025-0073 | 2025-06-02 | Mali GPU Kernel Driver allows improper GPU memory processing operations |
| CVE-2025-0819 | 2025-06-02 | Mali GPU Kernel Driver allows access to already freed memory |
| CVE-2025-1246 | 2025-06-02 | Mali GPU Userspace Driver allows an Out-of-Bounds access |
| CVE-2025-48495 | 2025-06-02 | Gokapi has stored XSS vulnerability in friendly name for API keys |
| CVE-2025-48955 | 2025-06-02 | Para Server Logs Sensitive Information |
| CVE-2025-48957 | 2025-06-02 | AstrBot Has Path Traversal Vulnerability in /api/chat/get_file |
| CVE-2025-48958 | 2025-06-02 | Froxlor has an HTML Injection Vulnerability |
| CVE-2025-48990 | 2025-06-02 | NeKernel has Heap Overflow in `rt_copy_memory` |
| CVE-2025-46807 | 2025-06-02 | File Descriptor Exhaustion in sslh-select and sslh-ev triggers SEGFAULT |
| CVE-2025-5443 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 wirelessAdvancedHidden os command injection |
| CVE-2025-5444 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_UpgradeFWByBBS os command injection |
| CVE-2025-46806 | 2025-06-02 | Misaligned Memory Accesses in `is_openvpn_protocol()` |
| CVE-2025-5445 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_checkFWByBBS os command injection |