CVE List - 2025 / June
Showing 2901 - 3000 of 3683 CVEs for June 2025 (Page 30 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-6510 | 2025-06-23 | Netgear EX6100 sub_415EF8 stack-based overflow |
| CVE-2025-6511 | 2025-06-23 | Netgear EX6150 sub_410090 stack-based overflow |
| CVE-2025-6516 | 2025-06-23 | HDF5 H5Fint.c H5F_addr_decode_len heap-based overflow |
| CVE-2025-49126 | 2025-06-23 | Visionatrix Vulnerable to Reflected XSS Leading to Exfiltration of Secrets |
| CVE-2025-6517 | 2025-06-23 | Dromara MaxKey Meta URL SAML20DetailsController.java add server-side request forgery |
| CVE-2025-6545 | 2025-06-23 | pbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos supported by Node.js |
| CVE-2025-6518 | 2025-06-23 | PySpur-Dev pyspur Jinja2 Template single_llm_call.py SingleLLMCallNode special elements used in a template engine |
| CVE-2025-6547 | 2025-06-23 | On Node.js < 3, pbkdf2 silently disregards Uint8Array input, returning static keys |
| CVE-2025-49144 | 2025-06-23 | Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path |
| CVE-2025-49574 | 2025-06-23 | Quarkus potential data leak when duplicating a duplicated context |
| CVE-2025-2828 | 2025-06-23 | SSRF Vulnerability in RequestsToolkit in langchain-ai/langchain |
| CVE-2025-52562 | 2025-06-23 | Convey Panel Directory Traversal in LocaleController leading to Remote Code Execution |
| CVE-2025-52558 | 2025-06-23 | ChangeDetection.io XSS in watch overview |
| CVE-2025-6524 | 2025-06-23 | 70mai 1S Video Services improper authentication |
| CVE-2025-52561 | 2025-06-23 | HTMLSanitizer.jl Possible XSS |
| CVE-2025-6525 | 2025-06-23 | 70mai 1S Configuration Config.cgi improper authorization |
| CVE-2025-6526 | 2025-06-23 | 70mai M300 HTTP Server insufficiently protected credentials |
| CVE-2025-6527 | 2025-06-23 | 70mai M300 Web Server access control |
| CVE-2025-6528 | 2025-06-23 | 70mai M300 RTSP Live Video Stream Endpoint 12 improper authentication |
| CVE-2025-6529 | 2025-06-23 | 70mai M300 Telnet Service default credentials |
| CVE-2025-6530 | 2025-06-23 | 70mai M300 Telnet Service demo.sh denial of service |
| CVE-2025-6531 | 2025-06-23 | SIFUSM/MZZYG BD S1 RTSP Live Video Stream Endpoint access control |
| CVE-2021-41691 | 2025-06-24 | A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to /TransferredOutModal.php. |
| CVE-2024-37743 | 2025-06-24 | An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component. |
| CVE-2024-56916 | 2025-06-24 | In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage... |
| CVE-2024-56917 | 2025-06-24 | Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode. |
| CVE-2024-56918 | 2025-06-24 | In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form. |
| CVE-2025-27827 | 2025-06-24 | A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper handling of... |
| CVE-2025-27828 | 2025-06-24 | A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4, 10.1.0.0 through 10.1.0.5, and 10.2.0.0 through 10.2.0.4 could allow an unauthenticated attacker to conduct a reflected... |
| CVE-2025-32975 | 2025-06-24 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass... |
| CVE-2025-32976 | 2025-06-24 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains a logic flaw... |
| CVE-2025-32977 | 2025-06-24 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to... |
| CVE-2025-32978 | 2025-06-24 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to... |
| CVE-2025-44531 | 2025-06-24 | An issue in Realtek RTL8762EKF-EVB RTL8762E SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted before a pairing public key is received during a... |
| CVE-2025-50693 | 2025-06-24 | PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Insecure Direct Object Reference (IDOR) in odms/request-details.php. |
| CVE-2025-50695 | 2025-06-24 | PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in /admin/view-booking-detail.php and /admin/invoice-generating.php. |
| CVE-2025-50699 | 2025-06-24 | PHPGurukul Online DJ Booking Management System 2.0 is vulnerable to Cross Site Scripting (XSS) in odms/admin/view-user-queries.php. |
| CVE-2025-53021 | 2025-06-24 | A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within... |
| CVE-2025-53073 | 2025-06-24 | In Sentry 25.1.0 through 25.5.1, an authenticated attacker can access a project's issue endpoint and perform unauthorized actions (such as adding a comment) without being a member of the project's... |
| CVE-2025-6532 | 2025-06-24 | NOYAFA/Xiami LF9 Pro RTSP Live Video Stream Endpoint access control |
| CVE-2025-6533 | 2025-06-24 | xxyopen/201206030 novel-plus CATCHA LoginController.java ajaxLogin authentication replay |
| CVE-2025-6534 | 2025-06-24 | xxyopen/201206030 novel-plus File FileController.java remove resource injection |
| CVE-2025-34031 | 2025-06-24 | Moodle LMS Jmol Plugin Path Traversal |
| CVE-2025-34032 | 2025-06-24 | Moodle LMS Jmol Plugin Cross-site Scripting (XSS) |
| CVE-2025-34033 | 2025-06-24 | 5VTechnologies Blue Angel Software Suite OS Command Injection |
| CVE-2025-34034 | 2025-06-24 | 5VTechnologies Blue Angel Software Suite Hardcoded Credentials |
| CVE-2025-6535 | 2025-06-24 | xxyopen/201206030 novel-plus User Management Module UserMapper.xml list sql injection |
| CVE-2025-34035 | 2025-06-24 | EnGenius EnShare IoT Gigabit Cloud Service Command Injection |
| CVE-2025-34036 | 2025-06-24 | Shenzhen TVT CCTV-DVR Command Injection |
| CVE-2025-34037 | 2025-06-24 | Linksys Routers E/WAG/WAP/WES/WET/WRT-Series |
| CVE-2025-34038 | 2025-06-24 | Fanwei e-cology SQL Injection |
| CVE-2025-34039 | 2025-06-24 | Yonyou NC BeanShell Command Injection |
| CVE-2025-34040 | 2025-06-24 | Seeyon Zhiyuan OA System Path Traversal File Upload |
| CVE-2025-6536 | 2025-06-24 | Tarantool datetime.c tm_to_datetime assertion |
| CVE-2025-6551 | 2025-06-24 | java-aodeng Hope-Boot WebController.java login cross site scripting |
| CVE-2025-34041 | 2025-06-24 | Sangfor Endpoint Detection and Response OS Command Injection |
| CVE-2025-6559 | 2025-06-24 | Sapido Wireless Router - OS Command Injection |
| CVE-2025-6552 | 2025-06-24 | java-aodeng Hope-Boot Login WebController.java doLogin redirect |
| CVE-2025-6560 | 2025-06-24 | Sapido Wireless Router - Exposure of Sensitive Information |
| CVE-2025-48461 | 2025-06-24 | Weak Session Cookie Entropy |
| CVE-2025-48462 | 2025-06-24 | Login Session Exhaustion |
| CVE-2025-48463 | 2025-06-24 | Unencrypted HTTP Communication |
| CVE-2025-48466 | 2025-06-24 | Modbus Command Injection without Authentication |
| CVE-2025-48467 | 2025-06-24 | Denial of Service via Malformed Modbus Packets |
| CVE-2025-48468 | 2025-06-24 | Open JTAG Debug Port |
| CVE-2025-48469 | 2025-06-24 | Unauthenticated Firmware Upload |
| CVE-2025-48470 | 2025-06-24 | Stored Cross site Scripting (XSS) |
| CVE-2025-52574 | 2025-06-24 | SysmonElixir path traversal in /read endpoint allows arbitrary file read |
| CVE-2025-52560 | 2025-06-24 | Kanboard Password Reset Poisoning via Host Header Injection |
| CVE-2025-52568 | 2025-06-24 | NeKernal Multiple Memory Corruption Vulnerabilities in mkfs.hefs |
| CVE-2025-52570 | 2025-06-24 | Letmein connection limiter allows an arbitrary amount of simultaneous connections |
| CVE-2025-52566 | 2025-06-24 | llama.cpp tokenizer signed vs. unsigned heap overflow |
| CVE-2024-56731 | 2025-06-24 | Gogs deletion of internal files allows remote command execution |
| CVE-2025-47943 | 2025-06-24 | Gogs stored XSS in PDF renderer |
| CVE-2025-36519 | 2025-06-24 | Unrestricted upload of file with dangerous type issue exists in WRC-2533GST2 and WRC-1167GST2. If a specially crafted file is uploaded by a remote authenticated attacker, arbitrary code may be executed... |
| CVE-2025-41427 | 2025-06-24 | WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Connection Diagnostics page. If a remote authenticated attacker sends... |
| CVE-2025-43877 | 2025-06-24 | WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product. |
| CVE-2025-43879 | 2025-06-24 | WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in the telnet function. If a remote unauthenticated attacker sends a... |
| CVE-2025-48890 | 2025-06-24 | WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in miniigd SOAP service. If a remote unauthenticated attacker sends a... |
| CVE-2025-2962 | 2025-06-24 | Infinite loop in dns_copy_qname |
| CVE-2025-50213 | 2025-06-24 | Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOperator |
| CVE-2025-5258 | 2025-06-24 | Conference Scheduler <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter |
| CVE-2025-3090 | 2025-06-24 | MB connect line: Missing Authentication in mbCONNECT24/mymbCONNECT24 |
| CVE-2025-3091 | 2025-06-24 | MB connect line: Authorization bypass in mbCONNECT24/mymbCONNECT24 |
| CVE-2025-3092 | 2025-06-24 | MB connect line: Observable response discrepancy in mbCONNECT24/mymbCONNECT24 |
| CVE-2025-6206 | 2025-06-24 | Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-1718 | 2025-06-24 | An authenticated user with file access privilege via FTP access can cause the Relion 670/650 and SAM600-IO series device to reboot due to improper disk space management. |
| CVE-2025-2403 | 2025-06-24 | A denial-of-service vulnerability due to improper prioritization of network traffic over protection mechanism exists in Relion 670/650 and SAM600-IO series device that if exploited could potentially cause critical functions like... |
| CVE-2025-39201 | 2025-06-24 | A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service. |
| CVE-2025-39202 | 2025-06-24 | A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and... |
| CVE-2025-39203 | 2025-06-24 | A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service... |
| CVE-2025-39204 | 2025-06-24 | A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information... |
| CVE-2025-39205 | 2025-06-24 | A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation. |
| CVE-2025-6424 | 2025-06-24 | Use-after-free in FontFaceSet |
| CVE-2025-6425 | 2025-06-24 | The WebCompat WebExtension shipped with Firefox exposed a persistent UUID |
| CVE-2025-6426 | 2025-06-24 | No warning when opening executable terminal files on macOS |
| CVE-2025-6429 | 2025-06-24 | Incorrect parsing of URLs could have allowed embedding of youtube.com |
| CVE-2025-6430 | 2025-06-24 | Content-Disposition header ignored when a file is included in an embed or object tag |
| CVE-2025-6427 | 2025-06-24 | connect-src Content Security Policy restriction could be bypassed |
| CVE-2025-6428 | 2025-06-24 | Firefox for Android opened URLs specified in a link querystring parameter |