CVE List - 2025 / June
Showing 2501 - 2600 of 3683 CVEs for June 2025 (Page 26 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-24916 | 2025-06-19 | DLL-HiJacking |
| CVE-2025-6267 | 2025-06-19 | zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 barcodeDetail sql injection |
| CVE-2025-48886 | 2025-06-19 | hydra-node dangerously assumes L1 event finality and does not consider failed transactions |
| CVE-2025-6268 | 2025-06-19 | Luna Imaging search cross site scripting |
| CVE-2025-49014 | 2025-06-19 | jq heap use after free vulnerability in f_strflocaltime |
| CVE-2025-52464 | 2025-06-19 | Meshtastic Repeated Public and Private Keypairs |
| CVE-2025-6269 | 2025-06-19 | HDF5 H5Cimage.c H5C__reconstruct_cache_entry heap-based overflow |
| CVE-2025-50200 | 2025-06-19 | RabbitMQ Node can log Basic Auth header from an HTTP request |
| CVE-2025-6270 | 2025-06-19 | HDF5 H5FSsection.c H5FS__sect_find_node heap-based overflow |
| CVE-2025-36050 | 2025-06-19 | IBM QRadar SIEM information disclosure |
| CVE-2025-33121 | 2025-06-19 | IBM QRadar SIEM XML external entity injection |
| CVE-2025-33117 | 2025-06-19 | IBM QRadar SIEM command execution |
| CVE-2025-6271 | 2025-06-19 | swftools wav2swf wav.c wav_convert2mono out-of-bounds |
| CVE-2025-6272 | 2025-06-19 | wasm3 m3_compile.c MarkSlotAllocated out-of-bounds write |
| CVE-2025-6273 | 2025-06-19 | WebAssembly wabt binary-reader-objdump.cc LogOpcode assertion |
| CVE-2025-6274 | 2025-06-19 | WebAssembly wabt binary-reader-interp.cc OnDataCount resource consumption |
| CVE-2025-6275 | 2025-06-19 | WebAssembly wabt binary-reader-interp.cc GetFuncOffset use after free |
| CVE-2025-6276 | 2025-06-19 | Brilliance Golden Link Secondary System rentTakeInfoPage.htm sql injection |
| CVE-2025-6277 | 2025-06-19 | Brilliance Golden Link Secondary System custTakeInfoPage.htm sql injection |
| CVE-2025-6278 | 2025-06-19 | Upsonic server.py os.path.join path traversal |
| CVE-2025-6384 | 2025-06-19 | Improper Control of Dynamically-Managed Code Resources in Crafter Studio |
| CVE-2025-6279 | 2025-06-19 | Upsonic Pickle add_tool cloudpickle.loads deserialization |
| CVE-2025-6280 | 2025-06-19 | TransformerOptimus SuperAGI EmailToolKit read_email.py download_attachment path traversal |
| CVE-2025-6281 | 2025-06-19 | OpenBMB XAgent community path traversal |
| CVE-2025-47293 | 2025-06-19 | PowSyBl Core XML Reader allows XXE and SSRF |
| CVE-2025-6282 | 2025-06-19 | xlang-ai OpenAgents file.py create_upload_file path traversal |
| CVE-2025-6283 | 2025-06-19 | xataio Xata Agent route.ts GET path traversal |
| CVE-2025-6284 | 2025-06-19 | PHPGurukul Car Rental Portal cross-site request forgery |
| CVE-2025-6285 | 2025-06-19 | PHPGurukul COVID19 Testing Management System search-report-result.php cross site scripting |
| CVE-2025-6286 | 2025-06-19 | PHPGurukul COVID19 Testing Management System search-report-result.php redirect |
| CVE-2025-6287 | 2025-06-19 | PHPGurukul COVID19 Testing Management System Take Action test-details.php cross site scripting |
| CVE-2025-47771 | 2025-06-19 | PowSyBl Core allows deserialization of untrusted SparseMatrix data |
| CVE-2025-32875 | 2025-06-20 | An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not... |
| CVE-2025-32876 | 2025-06-20 | An issue was discovered on COROS PACE 3 devices through 3.0808.0. The BLE implementation of the COROS smartwatch does not support LE Secure Connections and instead enforces BLE Legacy Pairing.... |
| CVE-2025-32877 | 2025-06-20 | An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just... |
| CVE-2025-32878 | 2025-06-20 | An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for downloading firmware files.... |
| CVE-2025-32879 | 2025-06-20 | An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connected via Bluetooth. This allows an attacker to connect with the device... |
| CVE-2025-32880 | 2025-06-20 | An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads... |
| CVE-2025-44203 | 2025-06-20 | In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the... |
| CVE-2025-44635 | 2025-06-20 | There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series... |
| CVE-2025-45331 | 2025-06-20 | brplot v420.69.1 contains a Null Pointer Dereference (NPD) vulnerability in the br_dagens_handle_once function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes. |
| CVE-2025-45890 | 2025-06-20 | Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter |
| CVE-2025-46158 | 2025-06-20 | An issue in redoxOS kernel before commit 5d41cd7c allows a local attacker to cause a denial of service via the `setitimer` syscall |
| CVE-2025-46179 | 2025-06-20 | A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL queries. |
| CVE-2025-48705 | 2025-06-20 | An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sending a crafted BLE message forces the device to reboot. |
| CVE-2025-48706 | 2025-06-20 | An issue was discovered in COROS PACE 3 through 3.0808.0. Due to an out-of-bounds read vulnerability, sending a crafted BLE message forces the device to reboot. |
| CVE-2025-6288 | 2025-06-20 | PHPGurukul Bus Pass Management System Profile Page admin-profile.php cross site scripting |
| CVE-2025-6291 | 2025-06-20 | D-Link DIR-825 HTTP POST Request do_file stack-based overflow |
| CVE-2025-6292 | 2025-06-20 | D-Link DIR-825 HTTP POST Request sub_4091AC stack-based overflow |
| CVE-2025-6293 | 2025-06-20 | code-projects Hostel Management System contact_manager.php sql injection |
| CVE-2025-48058 | 2025-06-20 | PowSyBl Core contains Polynomial REDoS’es |
| CVE-2025-6294 | 2025-06-20 | code-projects Hostel Management System contact.php sql injection |
| CVE-2025-49715 | 2025-06-20 | Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability |
| CVE-2025-6295 | 2025-06-20 | code-projects Hostel Management System allocated_rooms.php sql injection |
| CVE-2025-6296 | 2025-06-20 | code-projects Hostel Management System empty_rooms.php sql injection |
| CVE-2025-6299 | 2025-06-20 | TOTOLINK N150RT formWSC os command injection |
| CVE-2025-6300 | 2025-06-20 | PHPGurukul Employee Record Management System editempeducation.php sql injection |
| CVE-2025-6264 | 2025-06-20 | Velociraptor priviledge escalation via UpdateConfig artifact |
| CVE-2025-6301 | 2025-06-20 | PHPGurukul Notice Board System Add Notice manage-notices.php cross site scripting |
| CVE-2025-6302 | 2025-06-20 | TOTOLINK EX1200T cstecgi.cgi setStaticDhcpConfig stack-based overflow |
| CVE-2025-6303 | 2025-06-20 | code-projects Online Shoe Store contactus1.php sql injection |
| CVE-2025-6304 | 2025-06-20 | code-projects Online Shoe Store cart.php sql injection |
| CVE-2025-6305 | 2025-06-20 | code-projects Online Shoe Store admin_feature.php sql injection |
| CVE-2025-6306 | 2025-06-20 | code-projects Online Shoe Store admin_index.php sql injection |
| CVE-2025-6307 | 2025-06-20 | code-projects Online Shoe Store edit_customer.php sql injection |
| CVE-2025-6308 | 2025-06-20 | PHPGurukul Emergency Ambulance Hiring Portal bwdates-request-report-details.php sql injection |
| CVE-2025-6309 | 2025-06-20 | PHPGurukul Emergency Ambulance Hiring Portal add-ambulance.php sql injection |
| CVE-2025-6310 | 2025-06-20 | PHPGurukul Emergency Ambulance Hiring Portal index.php sql injection |
| CVE-2025-6311 | 2025-06-20 | Campcodes Sales and Inventory System account_add.php sql injection |
| CVE-2025-5125 | 2025-06-20 | Custom Post Carousels with Owl < 1.4.12 - Contributor+ Stored XSS |
| CVE-2025-6312 | 2025-06-20 | Campcodes Sales and Inventory System cash_transaction.php sql injection |
| CVE-2025-50054 | 2025-06-20 | Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel... |
| CVE-2025-6313 | 2025-06-20 | Campcodes Sales and Inventory System cat_add.php sql injection |
| CVE-2025-6314 | 2025-06-20 | Campcodes Sales and Inventory System cat_update.php sql injection |
| CVE-2025-6315 | 2025-06-20 | code-projects Online Shoe Store cart2.php sql injection |
| CVE-2025-6316 | 2025-06-20 | code-projects Online Shoe Store admin_running.php sql injection |
| CVE-2025-6317 | 2025-06-20 | code-projects Online Shoe Store confirm.php sql injection |
| CVE-2025-6318 | 2025-06-20 | PHPGurukul Pre-School Enrollment System check_availability.php sql injection |
| CVE-2025-6319 | 2025-06-20 | PHPGurukul Pre-School Enrollment System add-teacher.php sql injection |
| CVE-2025-6257 | 2025-06-20 | Euro FxRef Currency Converter <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via currency Shortcode |
| CVE-2025-6320 | 2025-06-20 | PHPGurukul Pre-School Enrollment System add-class.php sql injection |
| CVE-2025-6321 | 2025-06-20 | PHPGurukul Pre-School Enrollment System add-subadmin.php sql injection |
| CVE-2025-6322 | 2025-06-20 | PHPGurukul Pre-School Enrollment System visit.php sql injection |
| CVE-2025-6323 | 2025-06-20 | PHPGurukul Pre-School Enrollment System enrollment.php sql injection |
| CVE-2025-6328 | 2025-06-20 | D-Link DIR-815 hedwig.cgi sub_403794 stack-based overflow |
| CVE-2025-6329 | 2025-06-20 | ScriptAndTools Real Estate Management System User Delete userdelete.php authorization |
| CVE-2025-6330 | 2025-06-20 | PHPGurukul Directory Management System searchdata.php sql injection |
| CVE-2025-6331 | 2025-06-20 | PHPGurukul Directory Management System search-directory.php sql injection |
| CVE-2025-5255 | 2025-06-20 | TCC Bypass via Dylib Injection in Phoenix Code |
| CVE-2025-5963 | 2025-06-20 | TCC Bypass via Dylib Injection in Postbox |
| CVE-2025-4981 | 2025-06-20 | Path Traversal Leading to RCE by Any Authenticated Mattermost User |
| CVE-2025-6332 | 2025-06-20 | PHPGurukul Directory Management System manage-directory.php sql injection |
| CVE-2025-6333 | 2025-06-20 | PHPGurukul Directory Management System admin-profile.php sql injection |
| CVE-2025-6334 | 2025-06-20 | D-Link DIR-867 Query String strncpy stack-based overflow |
| CVE-2025-6335 | 2025-06-20 | DedeCMS Template dedetag.class.php command injection |
| CVE-2025-4102 | 2025-06-20 | Beaver Builder Plugin (Starter Version) <= 2.9.1 - Authenticated (Administrator+) Arbitrary File Upload |
| CVE-2025-38083 | 2025-06-20 | net_sched: prio: fix a race in prio_tune() |
| CVE-2025-6336 | 2025-06-20 | TOTOLINK EX1200T HTTP POST Request formTmultiAP buffer overflow |
| CVE-2025-6337 | 2025-06-20 | TOTOLINK A3002R/A3002RU HTTP POST Request formTmultiAP buffer overflow |
| CVE-2025-6339 | 2025-06-20 | ponaravindb Hospital Management System func3.php sql injection |