CVE List - 2025 / June
Showing 201 - 300 of 840 CVEs for June 2025 (Page 3 of 9)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-4330 | 2025-06-03 | Extraction filter bypass for linking outside extraction directory |
| CVE-2025-4138 | 2025-06-03 | Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory |
| CVE-2025-4435 | 2025-06-03 | Tarfile extracts filtered members when errorlevel=0 |
| CVE-2024-12718 | 2025-06-03 | Bypass extraction filter to modify file metadata outside extraction directory |
| CVE-2025-5497 | 2025-06-03 | slackero phpwcms Feedimport Module processing.inc.php deserialization |
| CVE-2025-5498 | 2025-06-03 | slackero phpwcms Custom Source Tab cnt21.readform.inc.php is_file deserialization |
| CVE-2025-5499 | 2025-06-03 | slackero phpwcms image_resized.php getimagesize deserialization |
| CVE-2025-5501 | 2025-06-03 | Open5GS NGAP PathSwitchRequest Message ngap-handler.c ngap_handle_path_switch_request_transfer assertion |
| CVE-2025-5502 | 2025-06-03 | TOTOLINK X15 formMapReboot command injection |
| CVE-2025-5503 | 2025-06-03 | TOTOLINK X15 formMapReboot stack-based overflow |
| CVE-2025-5504 | 2025-06-03 | TOTOLINK X2000R formWsc command injection |
| CVE-2025-36564 | 2025-06-03 | Dell Encryption Admin Utilities versions prior to 11.10.2 contain an... |
| CVE-2025-46548 | 2025-06-03 | Apache Pekko Management, Apache Pekko Management, Apache Pekko Management: management API basic authentication is not effective |
| CVE-2024-45655 | 2025-06-03 | IBM Application Gateway incorrect permission assignment |
| CVE-2025-5505 | 2025-06-03 | TOTOLINK A3002RU Virtual Server Page formPortFw cross site scripting |
| CVE-2025-5506 | 2025-06-03 | TOTOLINK A3002RU NAT Mapping Page cross site scripting |
| CVE-2025-25019 | 2025-06-03 | IBM QRadar Suite Software and IBM Cloud Pak for Security session fixation |
| CVE-2025-25022 | 2025-06-03 | IBM QRadar Suite Software and IBM Cloud Pak for Security information disclosure |
| CVE-2025-25021 | 2025-06-03 | IBM QRadar Suite Software and IBM Cloud Pak for Security code injection |
| CVE-2025-1334 | 2025-06-03 | IBM QRadar Suite Software and IBM Cloud Pak for Security information disclosure |
| CVE-2025-25020 | 2025-06-03 | IBM QRadar Suite Software and IBM Cloud Pak for Security improper input validation |
| CVE-2025-5507 | 2025-06-03 | TOTOLINK A3002RU MAC Filtering Page cross site scripting |
| CVE-2025-5508 | 2025-06-03 | TOTOLINK A3002RU IP Port Filtering Page cross site scripting |
| CVE-2025-5509 | 2025-06-03 | quequnlong shiyi-blog upload path traversal |
| CVE-2025-5510 | 2025-06-03 | quequnlong shiyi-blog optimize server-side request forgery |
| CVE-2025-30167 | 2025-06-03 | Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| CVE-2025-5511 | 2025-06-03 | quequnlong shiyi-blog photos improper authorization |
| CVE-2025-5512 | 2025-06-03 | quequnlong shiyi-blog Administrator Backend verifyPassword improper authentication |
| CVE-2025-5513 | 2025-06-03 | quequnlong shiyi-blog add cross site scripting |
| CVE-2025-5515 | 2025-06-03 | TOTOLINK X2000R formMapDel command injection |
| CVE-2025-30359 | 2025-06-03 | webpack-dev-server users' source code may be stolen when they access a malicious web site |
| CVE-2025-30360 | 2025-06-03 | webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser |
| CVE-2025-5516 | 2025-06-03 | TOTOLINK X2000R URL Filtering Page formFilter cross site scripting |
| CVE-2025-5520 | 2025-06-03 | Open5GS AMF/MME emm_state_authentication assertion |
| CVE-2025-48950 | 2025-06-03 | MaxKB Python Sandbox Bypass in Function Library |
| CVE-2025-48953 | 2025-06-03 | Umbraco Vulnerable to By-Pass of Configured Allowed Extensions for File Uploads |
| CVE-2025-48997 | 2025-06-03 | Multer vulnerable to Denial of Service via unhandled exception |
| CVE-2025-48998 | 2025-06-03 | Dataease MYSQL JDBC File Reading Vulnerability |
| CVE-2025-5521 | 2025-06-03 | WuKongOpenSource WukongCRM updataPassword cross-site request forgery |
| CVE-2025-5522 | 2025-06-03 | jack0240 魏 bskms 蓝天幼儿园管理系统 User Creation addUser improper authorization |
| CVE-2025-35036 | 2025-06-03 | hibernate-validator insecure default Expression Language interpolation |
| CVE-2025-5523 | 2025-06-03 | enilu web-flash File Upload upload fileService.upload cross site scripting |
| CVE-2025-5525 | 2025-06-03 | Jrohy trojan linux.go LogChan os command injection |
| CVE-2025-5527 | 2025-06-03 | Tenda RX3 SetStaticRouteCfg save_staticroute_data stack-based overflow |
| CVE-2025-48999 | 2025-06-03 | Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability |
| CVE-2025-49001 | 2025-06-03 | Dataease Authentication Bypass Vulnerability |
| CVE-2025-49002 | 2025-06-03 | Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability |
| CVE-2025-48951 | 2025-06-03 | Auth0-PHP SDK Deserialization of Untrusted Data vulnerability |
| CVE-2025-49000 | 2025-06-03 | InvenTree has uncontrolled memory allocation via built-in label-sheet plugin |
| CVE-2025-5542 | 2025-06-03 | TOTOLINK X2000R Virtual Server Page formPortFw cross site scripting |
| CVE-2025-5543 | 2025-06-03 | TOTOLINK X2000R Parent Controls Page cross site scripting |
| CVE-2025-24015 | 2025-06-03 | Deno's AES GCM authentication tags are not verified |
| CVE-2025-5544 | 2025-06-03 | aaluoxiang oa_system UserpanelController.java image path traversal |
| CVE-2025-5545 | 2025-06-03 | aaluoxiang oa_system ProcedureController.java image path traversal |
| CVE-2025-5546 | 2025-06-03 | PHPGurukul Daily Expense Tracker System expense-reports-detailed.php sql injection |
| CVE-2025-23095 | 2025-06-04 | An issue was discovered in Samsung Mobile Processor Exynos 1280,... |
| CVE-2025-23096 | 2025-06-04 | An issue was discovered in Samsung Mobile Processor Exynos 1280,... |
| CVE-2025-23101 | 2025-06-04 | An issue was discovered in Samsung Mobile Processor Exynos 1380.... |
| CVE-2025-23106 | 2025-06-04 | An issue was discovered in Samsung Mobile Processor Exynos 2200,... |
| CVE-2025-27811 | 2025-06-04 | A local privilege escalation in the razer_elevation_service.exe in Razer Synapse... |
| CVE-2025-29093 | 2025-06-04 | File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows... |
| CVE-2025-29094 | 2025-06-04 | Cross Site Scripting vulnerability in Motivian Content Mangment System v.41.0.0... |
| CVE-2025-46011 | 2025-06-04 | Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection in... |
| CVE-2025-46203 | 2025-06-04 | An issue in Unifiedtransform v2.0 allows a remote attacker to... |
| CVE-2025-46204 | 2025-06-04 | An issue in Unifiedtransform v2.0 allows a remote attacker to... |
| CVE-2025-5547 | 2025-06-04 | FreeFloat FTP Server CDUP Command buffer overflow |
| CVE-2025-5548 | 2025-06-04 | FreeFloat FTP Server NOOP Command buffer overflow |
| CVE-2025-5549 | 2025-06-04 | FreeFloat FTP Server PASV Command buffer overflow |
| CVE-2025-5550 | 2025-06-04 | FreeFloat FTP Server PBSZ Command buffer overflow |
| CVE-2025-5551 | 2025-06-04 | FreeFloat FTP Server SYSTEM Command buffer overflow |
| CVE-2025-49223 | 2025-06-04 | billboard.js before 3.15.1 was discovered to contain a prototype pollution... |
| CVE-2025-5552 | 2025-06-04 | ChestnutCMS API Endpoint exec deserialization |
| CVE-2025-5553 | 2025-06-04 | PHPGurukul Rail Pass Management System download-pass.php sql injection |
| CVE-2025-5554 | 2025-06-04 | PHPGurukul Rail Pass Management System pass-bwdates-reports-details.php sql injection |
| CVE-2025-5556 | 2025-06-04 | PHPGurukul Teacher Subject Allocation Management System edit-teacher-info.php sql injection |
| CVE-2025-5557 | 2025-06-04 | PHPGurukul Teacher Subject Allocation Management System edit-course.php sql injection |
| CVE-2025-5531 | 2025-06-04 | Staff Directory – Employee Directory for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-5532 | 2025-06-04 | Faculty Staff and Student Directory Plugin – Campus Directory <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-5558 | 2025-06-04 | PHPGurukul Teacher Subject Allocation Management System changeimage.php sql injection |
| CVE-2025-5560 | 2025-06-04 | PHPGurukul Curfew e-Pass Management System index.php sql injection |
| CVE-2025-5539 | 2025-06-04 | Simplify Contact Management: WP Easy Contact <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-5561 | 2025-06-04 | PHPGurukul Curfew e-Pass Management System view-pass-detail.php sql injection |
| CVE-2024-31127 | 2025-06-04 | MacOS Zscaler Client Connector Local Privilege Escalation |
| CVE-2025-20981 | 2025-06-04 | Improper access control in AudioService prior to SMR Jun-2025 Release... |
| CVE-2025-20984 | 2025-06-04 | Incorrect default permission in Samsung Cloud for Galaxy Watch prior... |
| CVE-2025-20985 | 2025-06-04 | Improper privilege management in ThemeManager prior to SMR Jun-2025 Release... |
| CVE-2025-20986 | 2025-06-04 | Improper access control in ScreenCapture for Galaxy Watch prior to... |
| CVE-2025-20987 | 2025-06-04 | Improper access control in fingerprint trustlet prior to SMR May-2025... |
| CVE-2025-20988 | 2025-06-04 | Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release... |
| CVE-2025-20989 | 2025-06-04 | Improper logging in fingerprint trustlet prior to SMR May-2025 Release... |
| CVE-2025-20991 | 2025-06-04 | Improper export of Android application components in Bluetooth prior to... |
| CVE-2025-20992 | 2025-06-04 | Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1... |
| CVE-2025-20993 | 2025-06-04 | Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1... |
| CVE-2025-20994 | 2025-06-04 | Improper handling of insufficient permission in SyncClientProvider in Samsung Internet... |
| CVE-2025-20995 | 2025-06-04 | Improper handling of insufficient permission in ClientProvider in Samsung Internet... |
| CVE-2025-20996 | 2025-06-04 | Improper authorization in Smart Switch installed on non-Samsung Device prior... |
| CVE-2025-5562 | 2025-06-04 | PHPGurukul Curfew e-Pass Management System edit-category-detail.php sql injection |
| CVE-2025-5566 | 2025-06-04 | PHPGurukul Notice Board System search-notice.php sql injection |
| CVE-2025-5569 | 2025-06-04 | IdeaCMS getList.html Goods sql injection |
| CVE-2025-5571 | 2025-06-04 | D-Link DCS-932L setSystemAdmin os command injection |