CVE List - 2025 / June
Showing 2801 - 2900 of 3683 CVEs for June 2025 (Page 29 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-6416 | 2025-06-21 | PHPGurukul Art Gallery Management System changeimage4.php sql injection |
| CVE-2025-6417 | 2025-06-21 | PHPGurukul Art Gallery Management System add-artist.php sql injection |
| CVE-2025-6418 | 2025-06-21 | code-projects Simple Online Hotel Reservation System edit_query_account.php sql injection |
| CVE-2025-6419 | 2025-06-21 | code-projects Simple Online Hotel Reservation System edit_room.php sql injection |
| CVE-2025-6420 | 2025-06-21 | code-projects Simple Online Hotel Reservation System add_room.php sql injection |
| CVE-2025-1987 | 2025-06-21 | Stored XSS in Psono-Client via Malicious Vault Entry URLs |
| CVE-2025-6421 | 2025-06-21 | code-projects Simple Online Hotel Reservation System add_account.php sql injection |
| CVE-2025-6422 | 2025-06-21 | Campcodes Online Recruitment Management System About Content Page ajax.php unrestricted upload |
| CVE-2025-6446 | 2025-06-21 | code-projects Client Details System index.php sql injection |
| CVE-2025-6447 | 2025-06-21 | code-projects Simple Online Hotel Reservation System index.php sql injection |
| CVE-2025-52923 | 2025-06-22 | Sangfor aTrust through 2.4.10 allows users to modify the ExecStartPre command. |
| CVE-2025-6448 | 2025-06-22 | code-projects Simple Online Hotel Reservation System delete_room.php sql injection |
| CVE-2025-6449 | 2025-06-22 | code-projects Simple Online Hotel Reservation System checkout_query.php sql injection |
| CVE-2025-6450 | 2025-06-22 | code-projects Simple Online Hotel Reservation System confirm_reserve.php sql injection |
| CVE-2025-6451 | 2025-06-22 | code-projects Simple Online Hotel Reservation System delete_pending.php sql injection |
| CVE-2025-6452 | 2025-06-22 | CodeAstro Patient Record Management System Generate New Report Page cross site scripting |
| CVE-2025-6453 | 2025-06-22 | diyhi bbs API ForumManageAction.java add path traversal |
| CVE-2025-6455 | 2025-06-22 | code-projects Online Hotel Reservation System messageexec.php sql injection |
| CVE-2025-6456 | 2025-06-22 | code-projects Online Hotel Reservation System order.php sql injection |
| CVE-2025-6457 | 2025-06-22 | code-projects Online Hotel Reservation System demo.php sql injection |
| CVE-2025-6458 | 2025-06-22 | code-projects Online Hotel Reservation System execedituser.php sql injection |
| CVE-2025-6466 | 2025-06-22 | ageerle ruoyi-ai SseServiceImpl.java upload unrestricted upload |
| CVE-2025-6467 | 2025-06-22 | code-projects Online Bidding System login.php sql injection |
| CVE-2025-6468 | 2025-06-22 | code-projects Online Bidding System bidnow.php sql injection |
| CVE-2025-6469 | 2025-06-22 | code-projects Online Bidding System details.php sql injection |
| CVE-2025-6470 | 2025-06-22 | code-projects Online Bidding System bidlog.php sql injection |
| CVE-2025-6471 | 2025-06-22 | code-projects Online Bidding System administrator sql injection |
| CVE-2025-6472 | 2025-06-22 | code-projects Online Bidding System showprod.php sql injection |
| CVE-2025-6473 | 2025-06-22 | code-projects School Fees Payment System fees.php cross site scripting |
| CVE-2025-6474 | 2025-06-22 | code-projects Inventory Management System changeUsername.php sql injection |
| CVE-2025-6475 | 2025-06-22 | SourceCodester Student Result Management System Manage Students Module manage_students cross site scripting |
| CVE-2025-6476 | 2025-06-22 | SourceCodester Gym Management System cross-site request forgery |
| CVE-2025-6477 | 2025-06-22 | SourceCodester Student Result Management System System Settings Page system cross site scripting |
| CVE-2025-6478 | 2025-06-22 | CodeAstro Expense Management System cross-site request forgery |
| CVE-2025-6479 | 2025-06-22 | code-projects Simple Pizza Ordering System salesreport.php sql injection |
| CVE-2025-6480 | 2025-06-22 | code-projects Simple Pizza Ordering System addcatexec.php sql injection |
| CVE-2025-6481 | 2025-06-22 | code-projects Simple Pizza Ordering System update.php sql injection |
| CVE-2025-6482 | 2025-06-22 | code-projects Simple Pizza Ordering System edituser-exec.php sql injection |
| CVE-2025-6483 | 2025-06-22 | code-projects Simple Pizza Ordering System edituser.php sql injection |
| CVE-2025-6484 | 2025-06-22 | code-projects Online Shopping Store action.php sql injection |
| CVE-2025-6485 | 2025-06-22 | TOTOLINK A3002R formWlSiteSurvey os command injection |
| CVE-2025-6486 | 2025-06-22 | TOTOLINK A3002R formWlanMultipleAP stack-based overflow |
| CVE-2025-6487 | 2025-06-22 | TOTOLINK A3002R formRoute stack-based overflow |
| CVE-2025-6489 | 2025-06-22 | itsourcecode Agri-Trading Online Shopping System transactionsave.php sql injection |
| CVE-2025-6490 | 2025-06-22 | sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow |
| CVE-2025-6492 | 2025-06-22 | MarkText index.js getRecommendTitleFromMarkdownString redos |
| CVE-2025-6493 | 2025-06-22 | CodeMirror Markdown Mode markdown.js redos |
| CVE-2025-6494 | 2025-06-22 | sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow |
| CVE-2021-47688 | 2025-06-23 | In WhiteBeam 0.2.0 through 0.2.1 before 0.2.2, a user with local access to a server can bypass the allow-list functionality because a file can be truncated in the OpenFileDescriptor action... |
| CVE-2023-47029 | 2025-06-23 | An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component |
| CVE-2023-47030 | 2025-06-23 | An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to... |
| CVE-2023-47031 | 2025-06-23 | An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component. |
| CVE-2023-47032 | 2025-06-23 | Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function. |
| CVE-2023-47294 | 2025-06-23 | An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie. |
| CVE-2023-47295 | 2025-06-23 | A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings. |
| CVE-2023-47297 | 2025-06-23 | A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations. |
| CVE-2023-47298 | 2025-06-23 | An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application... |
| CVE-2023-48978 | 2025-06-23 | An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component. |
| CVE-2023-50450 | 2025-06-23 | An issue was discovered in Sensopart VISOR Vision Sensors before 2.10.0.2 allows local users to perform unspecified actions with elevated privileges. |
| CVE-2025-23049 | 2025-06-23 | Meridian Technique Materialise OrthoView through 7.5.1 allows OS Command Injection when servlet sharing is enabled. |
| CVE-2025-23092 | 2025-06-23 | Mitel OpenScape Accounting Management through V5 R1.1.0 could allow an authenticated attacker with administrative privileges to conduct a path traversal attack due to insufficient sanitization of user input. A successful... |
| CVE-2025-44528 | 2025-06-23 | An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 7.41.00.17 allows attackers to cause a Denial of Service (DoS) via sending a crafted LL_Pause_Enc_Req packet during the authentication and... |
| CVE-2025-46101 | 2025-06-23 | SQL Injection vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version before 5.4.3 allows a remote attacker to obtain sensitive information via the ks... |
| CVE-2025-48026 | 2025-06-23 | A vulnerability in the WebApl component of Mitel OpenScape Xpressions through V7R1 FR5 HF43 P913 could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input... |
| CVE-2025-48700 | 2025-06-23 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary... |
| CVE-2025-50348 | 2025-06-23 | PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-class-pic.php. |
| CVE-2025-50349 | 2025-06-23 | PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-teacher-pic.php. |
| CVE-2025-52920 | 2025-06-23 | Innoshop through 0.4.1 allows Insecure Direct Object Reference (IDOR) at multiple places within the frontend shop. Anyone can create a customer account and easily exploit these. Successful exploitation results in... |
| CVE-2025-52921 | 2025-06-23 | In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by uploading a crafted file and... |
| CVE-2025-52922 | 2025-06-23 | Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel could abuse this to: (1) fully map the filesystem structure via... |
| CVE-2025-52926 | 2025-06-23 | In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface. |
| CVE-2025-52967 | 2025-06-23 | gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. |
| CVE-2025-52968 | 2025-06-23 | xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of... |
| CVE-2025-6496 | 2025-06-23 | HTACG tidy-html5 parser.c InsertNodeAsParent null pointer dereference |
| CVE-2025-6497 | 2025-06-23 | HTACG tidy-html5 parser.c prvTidyParseNamespace assertion |
| CVE-2025-6498 | 2025-06-23 | HTACG tidy-html5 alloc.c defaultAlloc memory leak |
| CVE-2025-6499 | 2025-06-23 | vstakhov libucl ucl_parser.c ucl_parse_multiline_string heap-based overflow |
| CVE-2025-6500 | 2025-06-23 | code-projects Inventory Management System editCategories.php sql injection |
| CVE-2025-6501 | 2025-06-23 | code-projects Inventory Management System createCategories.php sql injection |
| CVE-2025-6502 | 2025-06-23 | code-projects Inventory Management System changePassword.php sql injection |
| CVE-2025-6503 | 2025-06-23 | code-projects Inventory Management System fetchSelectedCategories.php sql injection |
| CVE-2024-3511 | 2025-06-23 | Incorrect Authorization in Multiple WSO2 Products Allows Unauthorized Access to Registry Versioned Files |
| CVE-2025-52936 | 2025-06-23 | Improper Link Resolution Before File Access vulnerability in yrutschle/sslh |
| CVE-2025-52937 | 2025-06-23 | Vulnerability in PointCloudLibrary PCL |
| CVE-2025-52938 | 2025-06-23 | Potential heap-based buffer over-read vulnerability in NotepadNext |
| CVE-2025-52939 | 2025-06-23 | Potential heap-buffer overflow vulnerability in NotepadNext |
| CVE-2025-52935 | 2025-06-23 | Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly |
| CVE-2025-27387 | 2025-06-23 | OPPPO Clone Phone uses weak WPA passphrase as only means of security |
| CVE-2024-45347 | 2025-06-23 | Mi Connect Service APP protocol flaws lead to unauthorized access |
| CVE-2025-6513 | 2025-06-23 | BRAIN2 Configuration file for database access not sufficiently secured |
| CVE-2025-6512 | 2025-06-23 | Scripts within reports executable on BRAIN2 Server |
| CVE-2025-2171 | 2025-06-23 | Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN |
| CVE-2025-2172 | 2025-06-23 | Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in... |
| CVE-2025-52875 | 2025-06-23 | In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible |
| CVE-2025-52876 | 2025-06-23 | In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible |
| CVE-2025-52877 | 2025-06-23 | In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible |
| CVE-2025-52878 | 2025-06-23 | In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions |
| CVE-2025-52879 | 2025-06-23 | In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible |
| CVE-2025-6509 | 2025-06-23 | seaswalker spring-analysis SimpleController.java echo cross site scripting |
| CVE-2025-4563 | 2025-06-23 | Nodes can bypass dynamic resource allocation authorization checks |