CVE List - 2025 / June
Showing 3501 - 3600 of 3683 CVEs for June 2025 (Page 36 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-36347 | 2025-06-27 | Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86... |
| CVE-2025-53391 | 2025-06-28 | The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactive/allow_active settings that allow a local user to escalate their privileges to root. |
| CVE-2025-53392 | 2025-06-28 | In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior... |
| CVE-2025-53393 | 2025-06-28 | In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics. |
| CVE-2024-39730 | 2025-06-28 | IBM Datacap clickjacking |
| CVE-2025-36026 | 2025-06-28 | IBM Datacap information disclosure |
| CVE-2025-36027 | 2025-06-28 | IBM Datacap clickjacking |
| CVE-2024-52900 | 2025-06-28 | IBM Cognos Analytics cross-site scripting |
| CVE-2025-6379 | 2025-06-28 | BeeTeam368 Extensions Pro <= 2.3.4 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Deletion |
| CVE-2025-6381 | 2025-06-28 | BeeTeam368 Extensions <= 2.3.4 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Deletion |
| CVE-2025-6350 | 2025-06-28 | WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress <= 8.5.32 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-6252 | 2025-06-28 | Qi Addons For Elementor <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-5304 | 2025-06-28 | PT Project Notebooks 1.0.0 - 1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via wpnb_pto_new_users_add Function |
| CVE-2025-6755 | 2025-06-28 | Game Users Share Buttons <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Deletion via themeNameId Parameter |
| CVE-2025-5937 | 2025-06-28 | MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet <= 3.2.0 - Cross-Site Request Forgery to Settings Reset |
| CVE-2025-38084 | 2025-06-28 | mm/hugetlb: unshare page tables during VMA split, not before |
| CVE-2025-38085 | 2025-06-28 | mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race |
| CVE-2025-38086 | 2025-06-28 | net: ch9200: fix uninitialised access during mii_nway_restart |
| CVE-2025-6816 | 2025-06-28 | HDF5 H5Ofsinfo.c H5O__fsinfo_encode heap-based overflow |
| CVE-2025-6817 | 2025-06-28 | HDF5 H5Centry.c H5C__load_entry resource consumption |
| CVE-2025-1991 | 2025-06-28 | IBM Informix Dynamic Server denial of service |
| CVE-2025-6818 | 2025-06-28 | HDF5 H5Ochunk.c H5O__chunk_protect heap-based overflow |
| CVE-2023-29113 | 2025-06-28 | A lack of access control in custom IPC mechanism |
| CVE-2023-28912 | 2025-06-28 | Cleartext Phonebook Information |
| CVE-2023-28911 | 2025-06-28 | Arbitrary Channel Disconnection Resulting in Denial of Service |
| CVE-2023-28910 | 2025-06-28 | Disabled Abortion Flag |
| CVE-2023-28909 | 2025-06-28 | Integer Overflow Leading to MTU Bypass |
| CVE-2023-28908 | 2025-06-28 | Integer Overflow in Non-Fragmented Data Reception |
| CVE-2023-28907 | 2025-06-28 | A lack of access restrictions on internal memory regions |
| CVE-2023-28906 | 2025-06-28 | Command injection in networking service |
| CVE-2023-28905 | 2025-06-28 | Heap buffer overflow in picserver |
| CVE-2023-28904 | 2025-06-28 | Bypass of secure boot process |
| CVE-2023-28903 | 2025-06-28 | An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system. |
| CVE-2023-28902 | 2025-06-28 | Denial of Service via integer underflow in picserver |
| CVE-2025-6819 | 2025-06-28 | code-projects Inventory Management System removeBrand.php sql injection |
| CVE-2025-6820 | 2025-06-28 | code-projects Inventory Management System createProduct.php sql injection |
| CVE-2025-6821 | 2025-06-28 | code-projects Inventory Management System createOrder.php sql injection |
| CVE-2025-32897 | 2025-06-28 | Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server |
| CVE-2025-6822 | 2025-06-28 | code-projects Inventory Management System removeProduct.php sql injection |
| CVE-2025-6823 | 2025-06-28 | code-projects Inventory Management System editProduct.php sql injection |
| CVE-2025-6824 | 2025-06-28 | TOTOLINK X15 HTTP POST Request formParentControl buffer overflow |
| CVE-2025-6825 | 2025-06-28 | TOTOLINK A702R HTTP POST Request formWlSiteSurvey buffer overflow |
| CVE-2025-6826 | 2025-06-28 | code-projects Payroll Management System ajax.php sql injection |
| CVE-2025-6827 | 2025-06-28 | code-projects Inventory Management System editOrder.php sql injection |
| CVE-2025-6828 | 2025-06-28 | code-projects Inventory Management System orders.php sql injection |
| CVE-2025-6829 | 2025-06-28 | aaluoxiang oa_system External Address Book outAddress sql injection |
| CVE-2025-6834 | 2025-06-28 | code-projects Inventory Management System editPayment.php sql injection |
| CVE-2015-20112 | 2025-06-29 | RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network. |
| CVE-2025-6835 | 2025-06-29 | code-projects Library System student-issue-book.php sql injection |
| CVE-2025-6836 | 2025-06-29 | code-projects Library System profile.php sql injection |
| CVE-2025-6837 | 2025-06-29 | code-projects Library System profile.php unrestricted upload |
| CVE-2025-6839 | 2025-06-29 | Conjure Position Department Service Quality Evaluation System head.php eval backdoor |
| CVE-2025-6840 | 2025-06-29 | code-projects Product Inventory System Login index.php sql injection |
| CVE-2025-6841 | 2025-06-29 | code-projects Product Inventory System edit_product.php sql injection |
| CVE-2025-6842 | 2025-06-29 | code-projects Product Inventory System edit_user.php sql injection |
| CVE-2025-6843 | 2025-06-29 | code-projects Simple Photo Gallery upload-photo.php unrestricted upload |
| CVE-2025-6844 | 2025-06-29 | code-projects Simple Forum signin.php sql injection |
| CVE-2025-6462 | 2025-06-29 | EZ SQL Reports Shortcode Widget and DB Backup <= 5.25.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via SQLREPORT Shortcode |
| CVE-2025-6845 | 2025-06-29 | code-projects Simple Forum register1.php sql injection |
| CVE-2025-6846 | 2025-06-29 | code-projects Simple Forum forum_viewfile.php sql injection |
| CVE-2025-6847 | 2025-06-29 | code-projects Simple Forum forum_edit.php sql injection |
| CVE-2025-6848 | 2025-06-29 | code-projects Simple Forum forum1.php unrestricted upload |
| CVE-2025-6849 | 2025-06-29 | code-projects Simple Forum forum_edit1.php cross site scripting |
| CVE-2025-6850 | 2025-06-29 | code-projects Simple Forum forum1.php sql injection |
| CVE-2025-6853 | 2025-06-29 | chatchat-space Langchain-Chatchat Backend upload_temp_docs path traversal |
| CVE-2025-6854 | 2025-06-29 | chatchat-space Langchain-Chatchat files path traversal |
| CVE-2025-6855 | 2025-06-29 | chatchat-space Langchain-Chatchat file path traversal |
| CVE-2025-6856 | 2025-06-29 | HDF5 H5FL.c H5FL__reg_gc_list use after free |
| CVE-2025-6857 | 2025-06-29 | HDF5 H5Gnode.c H5G__node_cmp3 stack-based overflow |
| CVE-2025-6858 | 2025-06-29 | HDF5 H5Centry.c H5C__flush_single_entry null pointer dereference |
| CVE-2025-5878 | 2025-06-29 | ESAPI esapi-java-legacy SQL Injection Defense Encoder.encodeForSQL special element |
| CVE-2024-24915 | 2025-06-29 | SmartConsole Sensitive Credential Exposure via Memory Dump |
| CVE-2025-6859 | 2025-06-29 | SourceCodester Best Salon Management System pro_sale.php sql injection |
| CVE-2025-6860 | 2025-06-29 | SourceCodester Best Salon Management System staff_commision.php sql injection |
| CVE-2025-6861 | 2025-06-29 | SourceCodester Best Salon Management System add_plan.php sql injection |
| CVE-2025-6862 | 2025-06-29 | SourceCodester Best Salon Management System edit_plan.php sql injection |
| CVE-2025-6863 | 2025-06-29 | PHPGurukul Local Services Search Engine Management System edit-category-detail.php sql injection |
| CVE-2025-6864 | 2025-06-29 | SeaCMS admin_type.php cross-site request forgery |
| CVE-2025-6865 | 2025-06-29 | DaiCuo index cross-site request forgery |
| CVE-2025-6866 | 2025-06-29 | code-projects Simple Forum forum_downloadfile.php path traversal |
| CVE-2025-6867 | 2025-06-29 | SourceCodester Simple Company Website manage.php sql injection |
| CVE-2025-6868 | 2025-06-29 | SourceCodester Simple Company Website manage.php sql injection |
| CVE-2025-24289 | 2025-06-29 | A Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in the UCRM Client Signup Plugin (v1.3.4 and earlier) could allow privilege escalation if an Administrator is tricked into... |
| CVE-2025-24290 | 2025-06-29 | Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges. |
| CVE-2025-24292 | 2025-06-29 | A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device’s MAC address from 802.1X... |
| CVE-2025-6869 | 2025-06-29 | SourceCodester Simple Company Website manage.php sql injection |
| CVE-2025-6870 | 2025-06-29 | SourceCodester Simple Company Website Content.php unrestricted upload |
| CVE-2025-6871 | 2025-06-29 | SourceCodester Simple Company Website Login.php sql injection |
| CVE-2025-6872 | 2025-06-29 | SourceCodester Simple Company Website SystemSettings.php unrestricted upload |
| CVE-2025-6873 | 2025-06-29 | SourceCodester Simple Company Website Users.php unrestricted upload |
| CVE-2025-6874 | 2025-06-29 | SourceCodester Best Salon Management System add_subscribe.php sql injection |
| CVE-2025-6875 | 2025-06-29 | SourceCodester Best Salon Management System edit-subscription.php sql injection |
| CVE-2025-6876 | 2025-06-29 | SourceCodester Best Salon Management System add-category.php sql injection |
| CVE-2025-6877 | 2025-06-29 | SourceCodester Best Salon Management System edit-category.php sql injection |
| CVE-2023-47310 | 2025-06-30 | A misconfiguration in the default settings of MikroTik RouterOS 7 and fixed in v7.14 allows incoming IPv6 UDP traceroute packets. |
| CVE-2024-53621 | 2025-06-30 | A buffer overflow in the formSetCfm() function of Tenda AC1206 1200M 11ac US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. |
| CVE-2025-26074 | 2025-06-30 | Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes. |
| CVE-2025-32462 | 2025-06-30 | Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines. |
| CVE-2025-32463 | 2025-06-30 | Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. |
| CVE-2025-45143 | 2025-06-30 | string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input. |