CVE List - 2025 / June

Showing 2701 - 2800 of 3683 CVEs for June 2025 (Page 28 of 37)

Back to List Previous Next

CVE ID	Date	Title
CVE-2025-49972	2025-06-20	WordPress TM Replace Howdy plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-49971	2025-06-20	WordPress eDS Responsive Menu plugin <= 1.2 - Broken Access Control Vulnerability
CVE-2025-49970	2025-06-20	WordPress Hello FSE Blog theme <= 1.0.6 - Broken Access Control Vulnerability
CVE-2025-49969	2025-06-20	WordPress Zara 4 Image Compression plugin <= 1.2.17.2 - Broken Access Control Vulnerability
CVE-2025-49968	2025-06-20	WordPress XML Travel Portal Widget plugin <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-49967	2025-06-20	WordPress Live Sports Streamthunder plugin <= 2.1 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-49966	2025-06-20	WordPress Oganro Travel Portal Search Widget for HotelBeds APITUDE API plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-49965	2025-06-20	WordPress PixelBeds Channel Manager and Hotel Booking Engine plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-49964	2025-06-20	WordPress ClipLink plugin <= 1.1 - Cross Site Request Forgery (CSRF) Vulnerability
CVE-2025-49873	2025-06-20	WordPress Elessi <= 6.3.9 - Cross Site Scripting (XSS) Vulnerability
CVE-2025-6347	2025-06-20	code-projects Responsive Blog pageViewMembers.php cross site scripting
CVE-2025-6193	2025-06-20	Trustyai-explainability: command injection via lmevaljob cr
CVE-2025-6351	2025-06-20	itsourcecode Employee Record Management System editprofile.php sql injection
CVE-2025-6352	2025-06-20	code-projects Automated Voting System Backend vote.php direct request
CVE-2025-5416	2025-06-20	Keycloak-core: keycloak environment information
CVE-2025-6353	2025-06-20	code-projects Responsive Blog search.php cross site scripting
CVE-2025-6354	2025-06-20	code-projects Online Shoe Store customer_signup.php sql injection
CVE-2025-48059	2025-06-20	PowSyBl Core Contains a Polynomial ReDoS in RegexCriterion
CVE-2025-49132	2025-06-20	Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
CVE-2025-6355	2025-06-20	SourceCodester Online Hotel Reservation System execeditroom.php sql injection
CVE-2025-5121	2025-06-20	Missing Authorization in GitLab
CVE-2025-2443	2025-06-20	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
CVE-2025-52484	2025-06-20	RISC Zero zkVM Underconstrained Vulnerability
CVE-2025-6356	2025-06-20	code-projects Simple Pizza Ordering System addmem.php sql injection
CVE-2025-6357	2025-06-20	code-projects Simple Pizza Ordering System paymentportal.php sql injection
CVE-2025-6358	2025-06-20	code-projects Simple Pizza Ordering System saveorder.php sql injection
CVE-2024-4025	2025-06-20	Inefficient Regular Expression Complexity in GitLab
CVE-2024-4994	2025-06-20	Cross-Site Request Forgery (CSRF) in GitLab
CVE-2025-6359	2025-06-20	code-projects Simple Pizza Ordering System cashconfirm.php sql injection
CVE-2025-25034	2025-06-20	SugarCRM PHP Deserialization RCE
CVE-2025-25037	2025-06-20	Aquatronica Controller System Complete Information Disclosure
CVE-2025-25038	2025-06-20	MiniDVBLinux Root Command Injection
CVE-2025-34021	2025-06-20	Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery
CVE-2025-34022	2025-06-20	Selea Targa IP OCR-ANPR Camera Path Traversal
CVE-2025-34023	2025-06-20	Karel IP Phone IP1211 Path Traversal
CVE-2025-34024	2025-06-20	Edimax EW-7438RPn Mini OS Command Injection
CVE-2025-34029	2025-06-20	Edimax EW-7438RPn Mini OS Command Injection
CVE-2025-34030	2025-06-20	sar2html OS Command Injection
CVE-2025-6360	2025-06-20	code-projects Simple Pizza Ordering System portal.php sql injection
CVE-2025-48945	2025-06-20	pycares has a Use-After-Free Vulnerability
CVE-2025-6361	2025-06-20	code-projects Simple Pizza Ordering System adds.php sql injection
CVE-2025-6362	2025-06-20	code-projects Simple Pizza Ordering System editpro.php sql injection
CVE-2023-5600	2025-06-20	Missing Authorization in GitLab
CVE-2025-6363	2025-06-20	code-projects Simple Pizza Ordering System adding-exec.php sql injection
CVE-2025-6364	2025-06-20	code-projects Simple Pizza Ordering System adduser-exec.php sql injection
CVE-2025-6365	2025-06-20	HobbesOSR Kitten pgtable.h set_pte_at resource consumption
CVE-2025-6367	2025-06-20	D-Link DIR-619L formSetDomainFilter stack-based overflow
CVE-2025-6368	2025-06-20	D-Link DIR-619L formSetEmail stack-based overflow
CVE-2025-6369	2025-06-20	D-Link DIR-619L formdumpeasysetup stack-based overflow
CVE-2025-6370	2025-06-20	D-Link DIR-619L formWlanGuestSetup stack-based overflow
CVE-2025-6371	2025-06-20	D-Link DIR-619L formSetEnableWizard stack-based overflow
CVE-2025-6372	2025-06-20	D-Link DIR-619L formSetWizard1 stack-based overflow
CVE-2025-6373	2025-06-20	D-Link DIR-619L formWlSiteSurvey formSetWizard1 stack-based overflow
CVE-2025-52916	2025-06-21	Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration (last five digits).
CVE-2025-52917	2025-06-21	The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests.
CVE-2025-52918	2025-06-21	Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces.
CVE-2025-52919	2025-06-21	In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded.
CVE-2025-6374	2025-06-21	D-Link DIR-619L formSetACLFilter stack-based overflow
CVE-2025-6216	2025-06-21	Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability
CVE-2025-6217	2025-06-21	PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
CVE-2025-6218	2025-06-21	RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability
CVE-2025-5820	2025-06-21	Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability
CVE-2025-5476	2025-06-21	Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability
CVE-2025-5479	2025-06-21	Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-5478	2025-06-21	Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability
CVE-2025-5477	2025-06-21	Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2025-5475	2025-06-21	Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability
CVE-2025-6375	2025-06-21	poco MultipartReader.cpp MultipartInputStream null pointer dereference
CVE-2025-6393	2025-06-21	TOTOLINK A702R/A3002R/A3002RU/EX1200T HTTP POST Request formIPv6Addr buffer overflow
CVE-2025-6394	2025-06-21	code-projects Simple Online Hotel Reservation System add_reserve.php sql injection
CVE-2025-52556	2025-06-21	rfc3161-client has insufficient verification for timestamp response signatures
CVE-2025-52557	2025-06-21	Mail-0 Zero Session Hijacking Via Email
CVE-2025-52552	2025-06-21	FastGPT LastRoute Parameter on Login Page Vulnerable to Open Redirect and DOM-based XSS
CVE-2025-52485	2025-06-21	DNN.PLATFORM Allows Stored Cross-Site Scripting (XSS) in Activity Feed
CVE-2025-52486	2025-06-21	DNN.PLATFORM Allows Reflected Cross-Site Scripting (XSS) in some TokenReplace situations with SkinObjects
CVE-2025-52487	2025-06-21	DNN.PLATFORM possibly allows bypass of IP Filters
CVE-2025-52488	2025-06-21	DNN.PLATFORM leaks NTLM hash via SMB Share Interaction with malicious user input
CVE-2025-6399	2025-06-21	TOTOLINK X15 HTTP POST Request formIPv6Addr buffer overflow
CVE-2025-6400	2025-06-21	TOTOLINK N300RH HTTP POST Message formPortFw buffer overflow
CVE-2025-5034	2025-06-21	WP File Download < 6.2.6 - Reflected XSS
CVE-2025-6401	2025-06-21	TOTOLINK N300RH HTTP POST Message formFilter denial of service
CVE-2025-5143	2025-06-21	TableOn – WordPress Posts Table Filterable <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tableon_popup_iframe_button Shortcode
CVE-2025-6402	2025-06-21	TOTOLINK X15 HTTP POST Request formIpv6Setup buffer overflow
CVE-2025-6403	2025-06-21	code-projects School Fees Payment System student.php sql injection
CVE-2025-5289	2025-06-21	3D FlipBook - Lite Edition <= 1.16.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via style and mode Parameters
CVE-2025-6404	2025-06-21	Campcodes Online Teacher Record Management System search.php sql injection
CVE-2025-36016	2025-06-21	IBM Process Mining HTTP open redirect
CVE-2025-3221	2025-06-21	IBM InfoSphere Information Server denial of service
CVE-2025-3629	2025-06-21	IBM InfoSphere Information Server file manipulation
CVE-2025-6405	2025-06-21	Campcodes Online Teacher Record Management System edit-teacher-detail.php sql injection
CVE-2025-6406	2025-06-21	Campcodes Online Hospital Management System forgot-password.php sql injection
CVE-2025-6407	2025-06-21	Campcodes Online Hospital Management System user-login.php sql injection
CVE-2025-6408	2025-06-21	Campcodes Online Hospital Management System search.php sql injection
CVE-2025-6409	2025-06-21	PHPGurukul Art Gallery Management System forgot-password.php sql injection
CVE-2025-6410	2025-06-21	PHPGurukul Art Gallery Management System edit-art-medium-detail.php sql injection
CVE-2025-6411	2025-06-21	PHPGurukul Art Gallery Management System changepropic.php sql injection
CVE-2025-6412	2025-06-21	PHPGurukul Art Gallery Management System changeimage.php sql injection
CVE-2025-6413	2025-06-21	PHPGurukul Art Gallery Management System changeimage1.php sql injection
CVE-2025-6414	2025-06-21	PHPGurukul Art Gallery Management System changeimage2.php sql injection
CVE-2025-6415	2025-06-21	PHPGurukul Art Gallery Management System changeimage3.php sql injection