CVE List - 2025 / June

Showing 1001 - 1100 of 3683 CVEs for June 2025 (Page 11 of 37)

Back to List Previous Next

CVE ID	Date	Title
CVE-2025-31019	2025-06-09	WordPress Password Policy Manager plugin <= 2.0.4 - Account Takeover vulnerability
CVE-2025-28992	2025-06-09	WordPress SNS Anton <= 4.1 - Local File Inclusion Vulnerability
CVE-2025-28945	2025-06-09	WordPress Valen - Sport, Fashion WooCommerce WordPress Theme <= 2.4 - Local File Inclusion Vulnerability
CVE-2025-28944	2025-06-09	WordPress Avaz <= 2.8 - Local File Inclusion Vulnerability
CVE-2025-28888	2025-06-09	WordPress GiftXtore <= 1.7.4 - Local File Inclusion Vulnerability
CVE-2025-27362	2025-06-09	WordPress Petito <= 1.6.2 - Local File Inclusion Vulnerability
CVE-2025-26592	2025-06-09	WordPress Inset <= 1.18.0 - Local File Inclusion Vulnerability
CVE-2025-24770	2025-06-09	WordPress CraftXtore <= 1.7 - Local File Inclusion Vulnerability
CVE-2025-24768	2025-06-09	WordPress Nitan <= 2.9 - Local File Inclusion Vulnerability
CVE-2025-24767	2025-06-09	WordPress TicketBAI Facturas para WooCommerce <= 3.19 - SQL Injection Vulnerability
CVE-2025-23974	2025-06-09	WordPress One-Login <= 1.4 - Privilege Escalation Vulnerability
CVE-2023-26005	2025-06-09	WordPress Fitrush <= 1.3.4 - Local File Inclusion Vulnerability
CVE-2023-25999	2025-06-09	WordPress BodyCenter - Gym, Fitness WooCommerce WordPress Theme <= 2.4 - Local File Inclusion Vulnerability
CVE-2025-5886	2025-06-09	Emlog article.php cross site scripting
CVE-2025-49136	2025-06-09	listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
CVE-2025-5887	2025-06-09	jsnjfz WebStack-Guns File Upload UserMgrController.java cross site scripting
CVE-2025-49651	2025-06-09	Missing Authorization for Interactive Sessions
CVE-2025-49652	2025-06-09	Improper access control allows arbitrary account creation
CVE-2025-49653	2025-06-09	Exposure of sensitive Information allows account takeover
CVE-2025-5888	2025-06-09	jsnjfz WebStack-Guns cross-site request forgery
CVE-2024-47081	2025-06-09	Requests vulnerable to .netrc credentials leak via malicious URLs
CVE-2025-5889	2025-06-09	juliangruber brace-expansion index.js expand redos
CVE-2025-5890	2025-06-09	actions toolkit glob internal-pattern.ts globEscape redos
CVE-2025-5891	2025-06-09	Unitech pm2 Config.js redos
CVE-2025-5892	2025-06-09	RocketChat parseMessage.js parseMessage redos
CVE-2025-5915	2025-06-09	Libarchive: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c
CVE-2025-5916	2025-06-09	Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c
CVE-2025-5917	2025-06-09	Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c
CVE-2025-5918	2025-06-09	Libarchive: reading past eof may be triggered for piped file streams
CVE-2025-5914	2025-06-09	Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c
CVE-2025-5895	2025-06-09	Metabase dom.js parseDataUri redos
CVE-2025-49004	2025-06-09	Hijacking Caido instance during the initial setup via DNS Rebinding to achieve RCE
CVE-2025-5896	2025-06-09	tarojs taro index.js redos
CVE-2025-49137	2025-06-09	Hax CMS Stored Cross-Site Scripting vulnerability
CVE-2025-5897	2025-06-09	vuejs vue-cli Markdown Code HtmlPwaPlugin.js HtmlPwaPlugin redos
CVE-2025-49138	2025-06-09	HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter
CVE-2025-49139	2025-06-09	@haxtheweb/haxcms-nodejs Iframe Phishing vulnerability
CVE-2025-49141	2025-06-09	HaxCMS-PHP Command Injection Vulnerability
CVE-2025-49140	2025-06-09	Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS)
CVE-2025-5898	2025-06-09	GNU PSPP pspp-convert.c parse_variables_option out-of-bounds write
CVE-2025-5899	2025-06-09	GNU PSPP pspp-convert.c parse_variables_option free of memory not on the heap
CVE-2025-5900	2025-06-09	Tenda AC9 cross-site request forgery
CVE-2025-30184	2025-06-09	CyberData 011209 SIP Emergency Intercom Authentication Bypass Using an Alternate Path or Channel
CVE-2025-26468	2025-06-09	CyberData 011209 SIP Emergency Intercom Missing Authentication for Critical Function
CVE-2025-30507	2025-06-09	CyberData 011209 SIP Emergency Intercom SQL Injection
CVE-2025-30183	2025-06-09	CyberData 011209 SIP Emergency Intercom Insufficiently Protected Credentials
CVE-2025-5901	2025-06-09	TOTOLINK T10 POST Request cstecgi.cgi UploadCustomModule buffer overflow
CVE-2025-30515	2025-06-09	CyberData 011209 SIP Emergency Intercom Path Traversal
CVE-2025-5902	2025-06-09	TOTOLINK T10 POST Request cstecgi.cgi setUpgradeFW buffer overflow
CVE-2025-5903	2025-06-09	TOTOLINK T10 POST Request cstecgi.cgi setWiFiAclRules buffer overflow
CVE-2025-0037	2025-06-09	In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting...
CVE-2025-0036	2025-06-09	In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations...
CVE-2024-37394	2025-06-10	A stored cross-site scripting (XSS) vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the...
CVE-2024-37395	2025-06-10	A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into...
CVE-2024-37396	2025-06-10	A stored cross-site scripting (XSS) vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the...
CVE-2024-41502	2025-06-10	Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) via the form field "Observaces" (observances) in the "Pessoas" (persons) section when creating or editing either a legal or...
CVE-2024-41503	2025-06-10	Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the field "Ttulo" (title) inside the filter Save option in the "Busca" (search) function.
CVE-2024-41504	2025-06-10	Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS). In the "Oportunidades" (opportunities) section of the application when creating or editing an "Atividade" (activity), the form field "Descrico"...
CVE-2024-41505	2025-06-10	Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the "Pessoas" (persons) section via the field "Profisso" (professor).
CVE-2024-57186	2025-06-10	In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.
CVE-2024-57189	2025-06-10	In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.
CVE-2024-57190	2025-06-10	Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL...
CVE-2025-44043	2025-06-10	Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request Forgery (SSRF) in /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetResults and /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetLocationAndContentCategories. An attacker can specify their own SMB server as the indexDirectory value when making...
CVE-2025-44044	2025-06-10	Keyoti SearchUnit prior to 9.0.0. is vulnerable to XML External Entity (XXE). An attacker who can force a vulnerable SearchUnit host into parsing maliciously crafted XML and/or DTD files can...
CVE-2025-46612	2025-06-10	The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must...
CVE-2025-5904	2025-06-10	TOTOLINK T10 POST Request cstecgi.cgi setWiFiMeshName buffer overflow
CVE-2025-5905	2025-06-10	TOTOLINK T10 POST Request cstecgi.cgi setWiFiRepeaterCfg buffer overflow
CVE-2025-23192	2025-06-10	Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (BI Workspace)
CVE-2025-31325	2025-06-10	Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver (ABAP Keyword Documentation)
CVE-2025-42977	2025-06-10	Directory Traversal vulnerability in SAP NetWeaver Visual Composer
CVE-2025-42982	2025-06-10	Information Disclosure in SAP GRC (AC Plugin)
CVE-2025-42983	2025-06-10	Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis
CVE-2025-42984	2025-06-10	Missing Authorization check in SAP S/4HANA (Manage Central Purchase Contract application)
CVE-2025-42987	2025-06-10	Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statement)
CVE-2025-42988	2025-06-10	Server-Side Request Forgery in SAP Business Objects Business Intelligence Platform
CVE-2025-42989	2025-06-10	Missing Authorization check in SAP NetWeaver Application Server for ABAP
CVE-2025-42990	2025-06-10	HTML Injection in Unprotected SAPUI5 applications
CVE-2025-42991	2025-06-10	Missing Authorization check in SAP S/4HANA (Bank Account Application)
CVE-2025-42993	2025-06-10	Missing Authorization Check in SAP S/4HANA (Enterprise Event Enablement)
CVE-2025-42994	2025-06-10	Multiple vulnerabilities in SAP MDM Server
CVE-2025-42995	2025-06-10	Multiple vulnerabilities in SAP MDM Server
CVE-2025-42996	2025-06-10	Multiple vulnerabilities in SAP MDM Server
CVE-2025-42998	2025-06-10	Security misconfiguration vulnerability in SAP Business One Integration Framework
CVE-2025-5906	2025-06-10	code-projects Laundry System data missing authentication
CVE-2025-5907	2025-06-10	TOTOLINK EX1200T HTTP POST Request formFilter buffer overflow
CVE-2025-5908	2025-06-10	TOTOLINK EX1200T HTTP POST Request formIpQoS buffer overflow
CVE-2025-5909	2025-06-10	TOTOLINK EX1200T HTTP POST Request formReflashClientTbl buffer overflow
CVE-2025-5910	2025-06-10	TOTOLINK EX1200T HTTP POST Request formWsc buffer overflow
CVE-2025-5911	2025-06-10	TOTOLINK EX1200T HTTP POST Request formDMZ buffer overflow
CVE-2025-5912	2025-06-10	D-Link DIR-632 HTTP POST Request do_file stack-based overflow
CVE-2025-5913	2025-06-10	PHPGurukul Vehicle Record Management System search-vehicle.php sql injection
CVE-2025-5934	2025-06-10	Netgear EX3700 mtd sub_41619C stack-based overflow
CVE-2025-5925	2025-06-10	Bunny’s Print CSS <= 0.95 - Cross-Site Request Forgery to Settings Update
CVE-2025-4387	2025-06-10	Abandoned Cart Pro for WooCommerce <= 9.16.0 - Authenticated (Subscriber+) Arbitrary File Upload
CVE-2025-4601	2025-06-10	RH - Real Estate WordPress Theme <= 4.4.0 - Authenticated (Subscriber+) Privilege Escalation
CVE-2025-3076	2025-06-10	Elementor Pro <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2025-5935	2025-06-10	Open5GS AMF/MME emm-sm.c common_register_state denial of service
CVE-2025-5952	2025-06-10	Zend.To NSSDropoff.php exec os command injection
CVE-2025-4840	2025-06-10	Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection
CVE-2025-4954	2025-06-10	Axle Demo Importer <= 1.0.3 - Author+ Arbitrary File Upload