CVE List - 2025 / June
Showing 1801 - 1900 of 3683 CVEs for June 2025 (Page 19 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-6100 | 2025-06-16 | realguoshuai open-video-cms list sql injection |
| CVE-2025-6101 | 2025-06-16 | letta-ai letta interface.py function_message eval injection |
| CVE-2025-6102 | 2025-06-16 | Wifi-soft UniBox Controller logout.php os command injection |
| CVE-2025-6103 | 2025-06-16 | Wifi-soft UniBox Controller test_accesscodelogin.php os command injection |
| CVE-2025-6104 | 2025-06-16 | Wifi-soft UniBox Controller pms_check.php os command injection |
| CVE-2025-6105 | 2025-06-16 | jflyfox jfinal_cms HOME.java cross-site request forgery |
| CVE-2025-6106 | 2025-06-16 | WuKongOpenSource WukongCRM AdminRoleController.java cross-site request forgery |
| CVE-2025-6107 | 2025-06-16 | comfyanonymous comfyui utils.py set_attr dynamically-determined object attributes |
| CVE-2025-6108 | 2025-06-16 | hansonwang99 Spring-Boot-In-Action File Upload ImageUploadService.java watermarkTest path traversal |
| CVE-2025-6109 | 2025-06-16 | javahongxi whatsmars InitializrController.java initialize path traversal |
| CVE-2025-6169 | 2025-06-16 | HAMASTAR Technology WIMP website co-construction management platform - SQL Injection |
| CVE-2025-6110 | 2025-06-16 | Tenda FH1201 SafeMacFilter stack-based overflow |
| CVE-2025-6111 | 2025-06-16 | Tenda FH1205 VirtualSer fromVirtualSer stack-based overflow |
| CVE-2025-4987 | 2025-06-16 | Stored Cross-site Scripting (XSS) vulnerability affecting Opportunity Management in Project Portfolio Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x |
| CVE-2025-6112 | 2025-06-16 | Tenda FH1205 AdvSetLanip fromadvsetlanip buffer overflow |
| CVE-2025-6113 | 2025-06-16 | Tenda FH1203 AdvSetLanip fromadvsetlanip buffer overflow |
| CVE-2025-40727 | 2025-06-16 | Reflected Cross-Site Scripting (XSS) in Phoenix CMS |
| CVE-2025-40726 | 2025-06-16 | Cross-Site Scripting (XSS) reflected in Nosto |
| CVE-2025-2091 | 2025-06-16 | Open redirection in M-Files Mobile |
| CVE-2025-40728 | 2025-06-16 | SQL injection vulnerability in Customer Support System |
| CVE-2025-40729 | 2025-06-16 | Reflected Cross-Site Scripting (XSS) vulnerability in Customer Support System |
| CVE-2025-6114 | 2025-06-16 | D-Link DIR-619L form_portforwarding stack-based overflow |
| CVE-2025-6172 | 2025-06-16 | Permission vulnerability in the mobile application (com.afmobi.boomplayer) may lead to the risk of unauthorized operation. |
| CVE-2025-6115 | 2025-06-16 | D-Link DIR-619L form_macfilter stack-based overflow |
| CVE-2025-3464 | 2025-06-16 | A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App'... |
| CVE-2025-6116 | 2025-06-16 | Das Parking Management System 停车场管理系统 API Search sql injection |
| CVE-2025-25264 | 2025-06-16 | Overly Permissive CORS Policy in WAGO Device Manager |
| CVE-2025-25265 | 2025-06-16 | Unauthenticated File Read via Web Interface |
| CVE-2025-6117 | 2025-06-16 | Das Parking Management System 停车场管理系统 API Search sql injection |
| CVE-2025-6118 | 2025-06-16 | Das Parking Management System 停车场管理系统 API search sql injection |
| CVE-2025-47868 | 2025-06-16 | Apache NuttX RTOS: tools/bdf-converter.: tools/bdf-converter: Fix loop termination condition. |
| CVE-2025-6119 | 2025-06-16 | Open Asset Import Library Assimp BVHLoader.cpp ReadNodeChannels use after free |
| CVE-2025-47869 | 2025-06-16 | Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size. |
| CVE-2025-4748 | 2025-06-16 | Absolute path traversal in zip:unzip/1,2 |
| CVE-2025-40916 | 2025-06-16 | Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha text |
| CVE-2025-46710 | 2025-06-16 | Possible kernel exceptions caused by reading and writing kernel heap data after free. |
| CVE-2025-24388 | 2025-06-16 | Unsafe handling of AJAX calls |
| CVE-2025-6120 | 2025-06-16 | Open Asset Import Library Assimp HL1MDLLoader.cpp read_meshes heap-based overflow |
| CVE-2025-5689 | 2025-06-16 | Improper Permission Management in SSH Session Handling |
| CVE-2025-6121 | 2025-06-16 | D-Link DIR-632 HTTP POST Request get_pure_content stack-based overflow |
| CVE-2025-6122 | 2025-06-16 | code-projects Restaurant Order System table.php sql injection |
| CVE-2025-6123 | 2025-06-16 | code-projects Restaurant Order System payment.php sql injection |
| CVE-2025-6124 | 2025-06-16 | code-projects Restaurant Order System tablelow.php sql injection |
| CVE-2025-3602 | 2025-06-16 | Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20... |
| CVE-2025-36632 | 2025-06-16 | Local Privilege Escalation |
| CVE-2025-6125 | 2025-06-16 | PHPGurukul Rail Pass Management System aboutus.php cross site scripting |
| CVE-2025-48988 | 2025-06-16 | Apache Tomcat: FileUpload large number of parts with headers DoS |
| CVE-2025-3594 | 2025-06-16 | Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions... |
| CVE-2025-49125 | 2025-06-16 | Apache Tomcat: Security constraint bypass for pre/post-resources |
| CVE-2025-3526 | 2025-06-16 | SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of... |
| CVE-2025-49124 | 2025-06-16 | Apache Tomcat: exe side-loading via icalcs.exe in Tomcat installer for Windows |
| CVE-2025-6126 | 2025-06-16 | PHPGurukul Rail Pass Management System contact.php cross site scripting |
| CVE-2025-4565 | 2025-06-16 | Unbounded recursion in Python Protobuf |
| CVE-2025-6127 | 2025-06-16 | PHPGurukul Nipah Virus Testing Management System search-report.php cross site scripting |
| CVE-2025-48976 | 2025-06-16 | Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers |
| CVE-2025-49796 | 2025-06-16 | Libxml: type confusion leads to denial of service (dos) |
| CVE-2025-49795 | 2025-06-16 | Libxml: null pointer dereference leads to denial of service (dos) |
| CVE-2025-6170 | 2025-06-16 | Libxml2: stack buffer overflow in xmllint interactive shell command handling |
| CVE-2025-49794 | 2025-06-16 | Libxml: heap use after free (uaf) leads to denial of service (dos) |
| CVE-2025-6128 | 2025-06-16 | TOTOLINK EX1200T HTTP POST Request formWirelessTbl buffer overflow |
| CVE-2025-6129 | 2025-06-16 | TOTOLINK EX1200T HTTP POST Request formSaveConfig buffer overflow |
| CVE-2025-5309 | 2025-06-16 | Remote Support & Privileged Remote Access server side template injection |
| CVE-2025-2327 | 2025-06-16 | FlashArray KEK Logging Vulnerability |
| CVE-2025-6130 | 2025-06-16 | TOTOLINK EX1200T HTTP POST Request formStats buffer overflow |
| CVE-2025-6177 | 2025-06-16 | ChromeOS MiniOS Root Code Execution Bypass While Dev Mode Blocked |
| CVE-2025-6179 | 2025-06-16 | ChromeOS Extension Disablement and Developer Mode Bypass via ExtHang3r and ExtPrint3r Exploits |
| CVE-2025-6131 | 2025-06-16 | CodeAstro Food Ordering System POST Request Parameter edit cross site scripting |
| CVE-2025-6132 | 2025-06-16 | Chanjet CRM departmentsetting.php sql injection |
| CVE-2025-6133 | 2025-06-16 | Projectworlds Life Insurance Management System insertagent.php sql injection |
| CVE-2025-6087 | 2025-06-16 | SSRF vulnerability in opennextjs-cloudflare via /_next/image endpoint |
| CVE-2025-6134 | 2025-06-16 | Projectworlds Life Insurance Management System insertClient.php sql injection |
| CVE-2025-32797 | 2025-06-16 | Conda-build Insecure Build Script Permissions Enabling Arbitrary Code Execution |
| CVE-2025-6135 | 2025-06-16 | Projectworlds Life Insurance Management System insertNominee.php sql injection |
| CVE-2025-6136 | 2025-06-16 | Projectworlds Life Insurance Management System insertPayment.php sql injection |
| CVE-2025-6137 | 2025-06-16 | TOTOLINK T10 HTTP POST Request cstecgi.cgi setWiFiScheduleCfg buffer overflow |
| CVE-2025-32798 | 2025-06-16 | Conda-build Allows Arbitrary Code Execution via Malicious Recipe Selectors |
| CVE-2025-32799 | 2025-06-16 | Conda-build Vulnerable to Path Traversal via Malicious Tar File |
| CVE-2025-6138 | 2025-06-16 | TOTOLINK T10 HTTP POST Request cstecgi.cgi setWizardCfg buffer overflow |
| CVE-2025-32800 | 2025-06-16 | Conda-build vulnerable to supply chain attack vector due to pyproject.toml referring to dependencies not present in PyPI |
| CVE-2025-47951 | 2025-06-16 | Weblate lacks rate limiting when verifying second factor |
| CVE-2025-6139 | 2025-06-16 | TOTOLINK T10 shadow.sample hard-coded password |
| CVE-2025-49134 | 2025-06-16 | Weblate exposes personal IP address via e-mail |
| CVE-2025-6140 | 2025-06-16 | spdlog pattern_formatter-inl.h scoped_padder resource consumption |
| CVE-2025-43200 | 2025-06-16 | This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS... |
| CVE-2025-6141 | 2025-06-16 | GNU ncurses parse_entry.c postprocess_termcap stack-based overflow |
| CVE-2025-6142 | 2025-06-16 | Intera InHire server-side request forgery |
| CVE-2025-48992 | 2025-06-16 | Group-Office vulnerable to blind XSS |
| CVE-2025-6143 | 2025-06-16 | TOTOLINK EX1200T HTTP POST Request formNtp buffer overflow |
| CVE-2025-6144 | 2025-06-16 | TOTOLINK EX1200T HTTP POST Request formSysCmd buffer overflow |
| CVE-2025-6145 | 2025-06-16 | TOTOLINK EX1200T HTTP POST Request formSysLog buffer overflow |
| CVE-2025-6146 | 2025-06-16 | TOTOLINK X15 HTTP POST Request formSysLog buffer overflow |
| CVE-2024-40570 | 2025-06-17 | SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker to obtain sensitive information via the admin_datarelate.php component. |
| CVE-2025-45525 | 2025-06-17 | A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library... |
| CVE-2025-45526 | 2025-06-17 | A denial of service (DoS) vulnerability has been identified in the JavaScript library microlight version 0.0.7. This library, used for syntax highlighting, does not limit the size of textual content... |
| CVE-2025-45878 | 2025-06-17 | A cross-site scripting (XSS) vulnerability in the report manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted... |
| CVE-2025-45879 | 2025-06-17 | A cross-site scripting (XSS) vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted... |
| CVE-2025-45880 | 2025-06-17 | A cross-site scripting (XSS) vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a... |
| CVE-2025-6147 | 2025-06-17 | TOTOLINK A702R HTTP POST Request formSysLog buffer overflow |
| CVE-2025-6148 | 2025-06-17 | TOTOLINK A3002RU HTTP POST Request formSysLog buffer overflow |
| CVE-2025-6149 | 2025-06-17 | TOTOLINK A3002R HTTP POST Request formSysLog buffer overflow |