CVE List - 2025 / June
Showing 101 - 200 of 3683 CVEs for June 2025 (Page 2 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-12168 | 2025-06-02 | DLL Hijacking in Yandex Telemost |
| CVE-2025-5446 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_checkCredentialsByBBS os command injection |
| CVE-2025-26396 | 2025-06-02 | SolarWinds Dameware Mini Remote Control Service Incorrect Permissions Local Privilege Escalation Vulnerability |
| CVE-2025-37089 | 2025-06-02 | A command injection remote code execution vulnerability exists in HPE StoreOnce Software. |
| CVE-2025-37090 | 2025-06-02 | A server-side request forgery vulnerability exists in HPE StoreOnce Software. |
| CVE-2025-5447 | 2025-06-02 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 ssid1MACFilter os command injection |
| CVE-2025-37091 | 2025-06-02 | A command injection remote code execution vulnerability exists in HPE StoreOnce Software. |
| CVE-2025-37092 | 2025-06-02 | A command injection remote code execution vulnerability exists in HPE StoreOnce Software. |
| CVE-2025-37093 | 2025-06-02 | An authentication bypass vulnerability exists in HPE StoreOnce Software. |
| CVE-2025-37094 | 2025-06-02 | A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software. |
| CVE-2025-37095 | 2025-06-02 | A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software. |
| CVE-2025-37096 | 2025-06-02 | A command injection remote code execution vulnerability exists in HPE StoreOnce Software. |
| CVE-2025-20001 | 2025-06-02 | An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker needs to... |
| CVE-2024-54028 | 2025-06-02 | An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide... |
| CVE-2024-52035 | 2025-06-02 | An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker... |
| CVE-2024-48877 | 2025-06-02 | A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow.... |
| CVE-2025-48866 | 2025-06-02 | ModSecurity has possible DoS vulnerability in sanitiseArg action |
| CVE-2025-48940 | 2025-06-02 | MyBB's upgrade component vulnerable to local file inclusion |
| CVE-2025-48941 | 2025-06-02 | MyBB may disclosure unviewable threads' titles in searches |
| CVE-2025-48994 | 2025-06-02 | SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack |
| CVE-2025-48995 | 2025-06-02 | SignXML's signature verification with HMAC is vulnerable to a timing attack |
| CVE-2024-7073 | 2025-06-02 | Unauthenticated Server-Side Request Forgery (SSRF) in Multiple WSO2 Products via SOAP Admin Services |
| CVE-2024-7074 | 2025-06-02 | Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Service Leading to Remote Code Execution |
| CVE-2024-3509 | 2025-06-02 | Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor |
| CVE-2024-8008 | 2025-06-02 | Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation |
| CVE-2024-1440 | 2025-06-02 | Open Redirection in Multiple WSO2 Products via Multi-Option Authentication Endpoint |
| CVE-2025-5036 | 2025-06-02 | RFA File Parsing Use-After-Free Vulnerability |
| CVE-2025-20297 | 2025-06-02 | Reflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation component |
| CVE-2025-20298 | 2025-06-02 | Incorrect permission assignment on Universal Forwarder for Windows during new installation or upgrade |
| CVE-2025-5086 | 2025-06-02 | Deserialization of Untrusted Data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 |
| CVE-2025-49069 | 2025-06-02 | WordPress Contact Forms by Cimatti plugin <= 1.9.8 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-1051 | 2025-06-02 | Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2025-48387 | 2025-06-02 | tar-fs has issue where extract can write outside the specified dir with a specific tarball |
| CVE-2025-48996 | 2025-06-02 | Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint |
| CVE-2025-47585 | 2025-06-02 | WordPress Booking and Rental Manager <= 2.3.8 - Broken Access Control Vulnerability |
| CVE-2025-3919 | 2025-06-02 | WordPress Comments Import & Export <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2025-5419 | 2025-06-02 | Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security... |
| CVE-2025-5068 | 2025-06-02 | Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2025-23097 | 2025-06-03 | An issue was discovered in Samsung Mobile Processor Exynos 1380. The lack of a length check leads to out-of-bounds writes. |
| CVE-2025-23098 | 2025-06-03 | An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380. A Use-After-Free in the mobile processor leads to privilege escalation. |
| CVE-2025-23100 | 2025-06-03 | An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. The absence of a NULL check leads to a Denial of Service. |
| CVE-2025-23102 | 2025-06-03 | An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380, 1480 and 2400. A Double Free in the mobile processor leads to privilege escalation. |
| CVE-2025-23103 | 2025-06-03 | An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes. |
| CVE-2025-23107 | 2025-06-03 | An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes. |
| CVE-2025-32105 | 2025-06-03 | A buffer overflow in the the Sangoma IMG2020 HTTP server through 2.3.9.6 allows an unauthenticated user to achieve remote code execution. |
| CVE-2025-32106 | 2025-06-03 | In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code. |
| CVE-2025-43923 | 2025-06-03 | An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a... |
| CVE-2025-43924 | 2025-06-03 | Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends), entered by an admin,... |
| CVE-2025-43925 | 2025-06-03 | An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data. |
| CVE-2025-44148 | 2025-06-03 | Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component |
| CVE-2025-45854 | 2025-06-03 | /server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams. |
| CVE-2025-45855 | 2025-06-03 | An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of erupt v1.12.19 allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2025-46154 | 2025-06-03 | Foxcms v1.25 has a SQL time injection in the $_POST['dbname'] parameter of installdb.php. |
| CVE-2025-4047 | 2025-06-03 | Broken Link Checker <= 2.4.4 - Missing Autorization to Authenticated (Subscriber+) Plugin Status Dashboard View |
| CVE-2025-2939 | 2025-06-03 | Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated PHP Object Injection to Limited Remote Code Execution |
| CVE-2025-4224 | 2025-06-03 | wpForo + wpForo Advanced Attachments <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-4797 | 2025-06-03 | Golo <= 1.7.0 - Authentication Bypass to Account Takeover |
| CVE-2025-31710 | 2025-06-03 | In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. |
| CVE-2025-31711 | 2025-06-03 | In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed. |
| CVE-2025-31712 | 2025-06-03 | In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges... |
| CVE-2024-53010 | 2025-06-03 | Improper Access Control in Core |
| CVE-2024-53013 | 2025-06-03 | Buffer Copy Without Checking Size of Input in Audio |
| CVE-2024-53015 | 2025-06-03 | Use After Free in Computer Vision |
| CVE-2024-53016 | 2025-06-03 | Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver |
| CVE-2024-53017 | 2025-06-03 | Use of Out-of-range Pointer Offset in Camera Driver |
| CVE-2024-53018 | 2025-06-03 | Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver |
| CVE-2024-53019 | 2025-06-03 | Buffer Over-read in Data Network Stack & Connectivity |
| CVE-2024-53020 | 2025-06-03 | Buffer Over-read in Data Network Stack & Connectivity |
| CVE-2024-53021 | 2025-06-03 | Buffer Over-read in Data Network Stack & Connectivity |
| CVE-2024-53026 | 2025-06-03 | Buffer Over-read in Data Network Stack & Connectivity |
| CVE-2025-21463 | 2025-06-03 | Buffer Over-read in WLAN Host Communication |
| CVE-2025-21480 | 2025-06-03 | Incorrect Authorization in Graphics Windows |
| CVE-2025-21485 | 2025-06-03 | Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service |
| CVE-2025-21486 | 2025-06-03 | Untrusted Pointer Dereference in DSP Service |
| CVE-2025-27029 | 2025-06-03 | Buffer Over-read in WLAN HAL |
| CVE-2025-27031 | 2025-06-03 | Use After Free in Bluetooth HOST |
| CVE-2025-27038 | 2025-06-03 | Use After Free in Graphics |
| CVE-2025-3584 | 2025-06-03 | Newsletter < 8.8.2 - Admin+ Stored XSS via Subscription |
| CVE-2025-3662 | 2025-06-03 | FancyBox for WordPress < 3.3.6 - Unauthenticated Stored XSS |
| CVE-2025-4567 | 2025-06-03 | Post Slider and Carousel with Widget < 3.2.10 - Admin+ Stored XSS |
| CVE-2025-21479 | 2025-06-03 | Incorrect Authorization in Graphics |
| CVE-2025-41428 | 2025-06-03 | Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by... |
| CVE-2025-46355 | 2025-06-03 | Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by... |
| CVE-2025-1725 | 2025-06-03 | Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Uploads |
| CVE-2025-4420 | 2025-06-03 | Vayu Blocks <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via containerWidth Parameter |
| CVE-2025-5116 | 2025-06-03 | WP Plugin Info Card <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via containerid Parameter |
| CVE-2025-5103 | 2025-06-03 | Ultimate Gift Cards for WooCommerce <= 3.1.4 - Authenticated (Administrator+) SQL Injection via wps_wgm_save_post Function |
| CVE-2025-4392 | 2025-06-03 | Shared Files <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function |
| CVE-2025-31359 | 2025-06-03 | A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to... |
| CVE-2024-36486 | 2025-06-03 | A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool... |
| CVE-2024-54189 | 2025-06-03 | A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service... |
| CVE-2024-52561 | 2025-06-03 | A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service... |
| CVE-2025-5492 | 2025-06-03 | D-Link DI-500WF-WT /usr/sbin/jhttpd msp_info.htm sub_456DE8 command injection |
| CVE-2025-5493 | 2025-06-03 | Baison Channel Middleware Product ToJsonByControlName sql injection |
| CVE-2025-5340 | 2025-06-03 | Music Player for Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via album_buy_url Parameter |
| CVE-2025-4671 | 2025-06-03 | Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes |
| CVE-2025-4205 | 2025-06-03 | Popup Maker <= 1.20.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via popupID Parameter |
| CVE-2025-5495 | 2025-06-03 | Netgear WNR614 URL improper authentication |
| CVE-2025-4517 | 2025-06-03 | Arbitrary writes via tarfile realpath overflow |
| CVE-2025-4330 | 2025-06-03 | Extraction filter bypass for linking outside extraction directory |