CVE List - 2025 / June
Showing 3001 - 3100 of 3683 CVEs for June 2025 (Page 31 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-6431 | 2025-06-24 | The prompt in Firefox for Android that asks before opening a link in an external application could be bypassed |
| CVE-2025-6432 | 2025-06-24 | DNS Requests leaked outside of a configured SOCKS proxy |
| CVE-2025-6433 | 2025-06-24 | WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate |
| CVE-2025-6434 | 2025-06-24 | HTTPS-Only exception screen lacked anti-clickjacking delay |
| CVE-2025-6435 | 2025-06-24 | Save as in Devtools could download files without sanitizing the extension |
| CVE-2025-6436 | 2025-06-24 | Memory safety bugs fixed in Firefox 140 and Thunderbird 140 |
| CVE-2025-6565 | 2025-06-24 | Netgear WNCE3001 HTTP POST Request http_d stack-based overflow |
| CVE-2025-6566 | 2025-06-24 | oatpp Oat++ Deserializer.cpp deserializeArray stack-based overflow |
| CVE-2025-6032 | 2025-06-24 | Podman: podman missing tls verification |
| CVE-2025-5318 | 2025-06-24 | Libssh: out-of-bounds read in sftp_handle() |
| CVE-2025-36537 | 2025-06-24 | Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management |
| CVE-2025-6567 | 2025-06-24 | Campcodes Online Recruitment Management System view_application.php sql injection |
| CVE-2025-6568 | 2025-06-24 | TOTOLINK EX1200T HTTP POST Request formIpv6Setup buffer overflow |
| CVE-2025-6569 | 2025-06-24 | code-projects School Fees Payment System student.php cross site scripting |
| CVE-2025-4383 | 2025-06-24 | Authentication Bypass in Art-In Systems' Wi-Fi Cloud Hotspot |
| CVE-2025-23264 | 2025-06-24 | NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of... |
| CVE-2025-23265 | 2025-06-24 | NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of... |
| CVE-2025-6570 | 2025-06-24 | PHPGurukul Hospital Management System search.php sql injection |
| CVE-2025-4378 | 2025-06-24 | Hardcoded Credentials in Ataturk University's ATA-AOF Mobile Application |
| CVE-2025-23260 | 2025-06-24 | NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of... |
| CVE-2025-49147 | 2025-06-24 | Umbraco.Cms Vulnerable to Disclosure of Configured Password Requirements |
| CVE-2025-2566 | 2025-06-24 | Deserialization of Untrusted Data in Kaleris Navis N4 |
| CVE-2025-5087 | 2025-06-24 | Cleartext Transmission of Sensitive Information in Kaleris Navis N4 |
| CVE-2025-49851 | 2025-06-24 | Improper Authentication in ControlID iDSecure On-premises |
| CVE-2025-49852 | 2025-06-24 | Server-Side Request Forgery (SSRF) in ControlID iDSecure On-premises |
| CVE-2025-49853 | 2025-06-24 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in ControlID iDSecure On-premises |
| CVE-2025-52888 | 2025-06-24 | Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction |
| CVE-2025-52471 | 2025-06-24 | ESP-NOW Integer Underflow Vulnerability Advisory |
| CVE-2025-52880 | 2025-06-24 | Komga Vulnerable to Arbitrary Code Execution via Crafted EPUB File |
| CVE-2025-6578 | 2025-06-24 | code-projects Simple Online Hotel Reservation System delete_account.php sql injection |
| CVE-2025-6579 | 2025-06-24 | code-projects Car Rental System message_admin.php sql injection |
| CVE-2025-52882 | 2025-06-24 | Claude Code IDE extensions allow websocket connections from arbitrary origins |
| CVE-2025-6555 | 2025-06-24 | Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2025-6556 | 2025-06-24 | Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2025-6557 | 2025-06-24 | Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary... |
| CVE-2025-52571 | 2025-06-24 | Hikka vulnerable to RCE through edits in a channel |
| CVE-2025-52572 | 2025-06-24 | Hikka vulnerable to RCE through dangling web interface |
| CVE-2025-52883 | 2025-06-24 | Meshtastic-Android vulnerable to forged DMs with no PKC showing up as encrypted |
| CVE-2025-52884 | 2025-06-24 | risc0-ethereum-contracts allows invalid commitment with digest value of zero to be accepted by Steel.validateCommitment |
| CVE-2025-6580 | 2025-06-24 | SourceCodester Best Salon Management System Login sql injection |
| CVE-2025-6581 | 2025-06-24 | SourceCodester Best Salon Management System add-customer.php sql injection |
| CVE-2025-6582 | 2025-06-24 | SourceCodester Best Salon Management System edit-customer-detailed.php sql injection |
| CVE-2023-44915 | 2025-06-25 | A cross-site scripting (XSS) vulnerability in the component /Login.php of c3crm up to v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2024-27685 | 2025-06-25 | SQL Injection vulnerability in Student Record system Using PHP and MySQL v.3.20 allows a remote attacker to obtain sensitive information via a crafted payload to the $cshortname, $cfullname, and $cdate... |
| CVE-2024-57708 | 2025-06-25 | An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Object.setPrototypeOf, __proto__, and Object.assign components. NOTE: this is disputed by the Supplier... |
| CVE-2025-25905 | 2025-06-25 | Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter. |
| CVE-2025-44206 | 2025-06-25 | Hexagon HxGN OnCall Dispatch Advantage (Web) v10.2309.03.00264 and Hexagon HxGN OnCall Dispatch Advantage (Mobile) v10.2402 are vulnerable to Cross Site Scripting (XSS) which allows a remote authenticated attacker with access... |
| CVE-2025-45332 | 2025-06-25 | vkoskiv c-ray 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the parse_mtllib function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes. |
| CVE-2025-45333 | 2025-06-25 | berkeley-abc abc 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the Abc_NtkCecFraigPart function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes. |
| CVE-2025-6583 | 2025-06-25 | SourceCodester Best Salon Management System view-appointment.php sql injection |
| CVE-2025-5585 | 2025-06-25 | SiteOrigin Widgets Bundle <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute |
| CVE-2025-36004 | 2025-06-25 | IBM i privilege escalation |
| CVE-2025-0966 | 2025-06-25 | IBM InfoSphere Information Server SQL injection |
| CVE-2025-43880 | 2025-06-25 | Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service (DoS) condition. |
| CVE-2024-51977 | 2025-06-25 | Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc. |
| CVE-2024-51978 | 2025-06-25 | Authentication bypass via default password generation affecting multiple models from Brother Industries, Ltd, Toshiba Tec, and Konica Minolta, Inc. |
| CVE-2024-51979 | 2025-06-25 | Authenticated stack based buffer overflow affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, and Konica Minolta, Inc. |
| CVE-2024-51980 | 2025-06-25 | Unauthenticated Server Side Request Forgery (SSRF) via WS-Addressing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc. |
| CVE-2024-51981 | 2025-06-25 | Unauthenticated Server Side Request Forgery (SSRF) via WS-Eventing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, and Toshiba Tec, and Konica Minolta, Inc. |
| CVE-2024-51982 | 2025-06-25 | Unauthenticated Denial of Service (DoS) via malformed PJL request affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, and Ricoh. |
| CVE-2024-51983 | 2025-06-25 | Unauthenticated Denial of Service (DoS) via malformed WS-Scan request affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc. |
| CVE-2024-51984 | 2025-06-25 | Authenticated disclosure of external service passwords via pass-back attack affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc. |
| CVE-2025-41256 | 2025-06-25 | Cyberduck and Mountain Duck - Weak Hash Algorithm for Certificate Fingerprint |
| CVE-2025-41255 | 2025-06-25 | Cyberduck and Mountain Duck - Improper Certificate Store Handling |
| CVE-2025-5927 | 2025-06-25 | Everest Forms (Pro) <= 1.9.4 - Unauthenticated Path Traversal to Arbitrary File Deletion |
| CVE-2025-6613 | 2025-06-25 | PHPGurukul Hospital Management System manage-patient.php cross site scripting |
| CVE-2025-49797 | 2025-06-25 | Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If exploited, an arbitrary program may be executed with the administrative privilege. As for the details of affected product... |
| CVE-2025-41647 | 2025-06-25 | Lenze: Plaintext Password Disclosure in PLC Designer V4 Interface |
| CVE-2025-6603 | 2025-06-25 | coldfunction qCUDA qcow.c qcow_make_empty integer overflow |
| CVE-2025-25012 | 2025-06-25 | Kibana Open Redirect |
| CVE-2025-6543 | 2025-06-25 | Memory overflow vulnerability leading to unintended control flow and Denial of Service |
| CVE-2025-6604 | 2025-06-25 | SourceCodester Best Salon Management System add-staff.php sql injection |
| CVE-2025-6605 | 2025-06-25 | SourceCodester Best Salon Management System edit-staff.php sql injection |
| CVE-2025-6606 | 2025-06-25 | SourceCodester Best Salon Management System add-services.php sql injection |
| CVE-2025-6607 | 2025-06-25 | SourceCodester Best Salon Management System stock.php sql injection |
| CVE-2025-48954 | 2025-06-25 | Discourse vulnerable to XSS via user-provided query parameter in oauth failure flow |
| CVE-2025-48991 | 2025-06-25 | Tuleap missing CSRF protection on tracker canned responses administration |
| CVE-2025-6608 | 2025-06-25 | SourceCodester Best Salon Management System edit-services.php sql injection |
| CVE-2025-6609 | 2025-06-25 | SourceCodester Best Salon Management System bwdates-reports-details.php sql injection |
| CVE-2021-4457 | 2025-06-25 | ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload |
| CVE-2025-6610 | 2025-06-25 | itsourcecode Employee Management System editempprofile.php sql injection |
| CVE-2025-49135 | 2025-06-25 | CVAT missing validation for in-progress backup upload names |
| CVE-2025-50178 | 2025-06-25 | GitForge.jl lacks validation for user provided fields |
| CVE-2025-6611 | 2025-06-25 | code-projects Inventory Management System createBrand.php sql injection |
| CVE-2025-6612 | 2025-06-25 | code-projects Inventory Management System removeCategories.php sql injection |
| CVE-2025-49845 | 2025-06-25 | Discourse users are able to see their own whispers even after being removed from a group that has been configured to see whispers |
| CVE-2025-50179 | 2025-06-25 | Tuleap missing CSRF protection on tracker reports manipulation |
| CVE-2025-6614 | 2025-06-25 | D-Link DIR-619L formSetWANType_Wizard5 stack-based overflow |
| CVE-2025-6615 | 2025-06-25 | D-Link DIR-619L formAutoDetecWAN_wizard4 stack-based overflow |
| CVE-2025-52479 | 2025-06-25 | HTTP.jl vulnerable to CR/LF Injection in URIs |
| CVE-2025-20264 | 2025-06-25 | Cisco Identity Services Engine Authorization Bypass Vulnerability |
| CVE-2025-20281 | 2025-06-25 | Cisco ISE API Unauthenticated Remote Code Execution Vulnerability |
| CVE-2025-4656 | 2025-06-25 | Vault Vulnerable to Recovery Key Cancellation Denial of Service |
| CVE-2025-5015 | 2025-06-25 | Parsons AccuWeather Widget Cross-site Scripting |
| CVE-2025-20282 | 2025-06-25 | Cisco ISE API Unauthenticated Remote Code Execution Vulnerability |
| CVE-2025-6616 | 2025-06-25 | D-Link DIR-619L formSetWAN_Wizard51 stack-based overflow |
| CVE-2025-49151 | 2025-06-25 | Use of Hard-coded, Security-relevant Constants in MICROSENS NMP Web+ |
| CVE-2025-49152 | 2025-06-25 | Insufficient Session Expiration in MICROSENS NMP Web+ |
| CVE-2025-49153 | 2025-06-25 | Path Traversal in MICROSENS NMP Web+ |
| CVE-2025-52480 | 2025-06-25 | Registrator.jl Argument Injection Vulnerability |