CVE List - 2025 / June
Showing 301 - 400 of 3683 CVEs for June 2025 (Page 4 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-4578 | 2025-06-04 | File Provider <= 1.2.3 - Unauthenticated SQLi |
| CVE-2025-4580 | 2025-06-04 | File Provider <= 1.2.3 - Item Deletion via CSRF |
| CVE-2025-5572 | 2025-06-04 | D-Link DCS-932L setSystemEmail stack-based overflow |
| CVE-2025-5573 | 2025-06-04 | D-Link DCS-932L setSystemWizard setSystemControl os command injection |
| CVE-2025-5574 | 2025-06-04 | PHPGurukul Dairy Farm Shop Management System add-company.php sql injection |
| CVE-2025-5575 | 2025-06-04 | PHPGurukul Dairy Farm Shop Management System add-product.php sql injection |
| CVE-2025-5482 | 2025-06-04 | Sunshine Photo Cart <= 3.4.11 - Authenticated (Subscriber) Privilege Escalation |
| CVE-2025-47724 | 2025-06-04 | Out-of-bounds Write in CNCSoft |
| CVE-2025-47725 | 2025-06-04 | Out-of-bounds Write in CNCSoft |
| CVE-2025-47726 | 2025-06-04 | Out-of-bounds Write in CNCSoft |
| CVE-2025-27444 | 2025-06-04 | Extension - rsjoomla.com - A reflected XSS vulnerability RSform!Pro component 3.0.0 - 3.3.13 for Joomla |
| CVE-2025-47727 | 2025-06-04 | Out-of-bounds Write in CNCSoft |
| CVE-2025-5576 | 2025-06-04 | PHPGurukul Dairy Farm Shop Management System bwdate-report-details.php sql injection |
| CVE-2025-5577 | 2025-06-04 | PHPGurukul Dairy Farm Shop Management System profile.php sql injection |
| CVE-2025-5578 | 2025-06-04 | PHPGurukul Dairy Farm Shop Management System sales-report-details.php sql injection |
| CVE-2025-5579 | 2025-06-04 | PHPGurukul Dairy Farm Shop Management System search-product.php sql injection |
| CVE-2024-13967 | 2025-06-04 | ession-Management Failure |
| CVE-2025-47728 | 2025-06-04 | File Parsing Memory Corruption in CNCSoft-G2 |
| CVE-2025-5580 | 2025-06-04 | CodeAstro Real Estate Management System login.php sql injection |
| CVE-2025-5581 | 2025-06-04 | CodeAstro Real Estate Management System index.php sql injection |
| CVE-2025-5582 | 2025-06-04 | CodeAstro Real Estate Management System profile.php sql injection |
| CVE-2025-5583 | 2025-06-04 | CodeAstro Real Estate Management System register.php sql injection |
| CVE-2018-25112 | 2025-06-04 | PHOENIX CONTACT: ILC 1x1 ETH Denial of Service |
| CVE-2025-5584 | 2025-06-04 | PHPGurukul Hospital Management System POST Parameter edit-patient.php cross site scripting |
| CVE-2025-5601 | 2025-06-04 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark |
| CVE-2025-5598 | 2025-06-04 | WF Steuerungstechnik GmbH - airleader MASTER - Path Traversal |
| CVE-2025-5597 | 2025-06-04 | WF Steuerungstechnik GmbH - airleader MASTER - Authentication Bypass |
| CVE-2025-30415 | 2025-06-04 | Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077. |
| CVE-2025-48959 | 2025-06-04 | Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077. |
| CVE-2025-1701 | 2025-06-04 | Local Privilege Escalation in MIM Admin Service |
| CVE-2025-48960 | 2025-06-04 | Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938. |
| CVE-2025-48961 | 2025-06-04 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39938. |
| CVE-2025-48962 | 2025-06-04 | Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938. |
| CVE-2025-5592 | 2025-06-04 | FreeFloat FTP Server PASSIVE Command buffer overflow |
| CVE-2025-5593 | 2025-06-04 | FreeFloat FTP Server HOST Command buffer overflow |
| CVE-2025-5594 | 2025-06-04 | FreeFloat FTP Server SET Command buffer overflow |
| CVE-2025-20130 | 2025-06-04 | Cisco Identity Services Engine Access Control Bypass Vulnerability |
| CVE-2025-20129 | 2025-06-04 | Cisco Customer Collaboration Platform Information Disclosure Vulnerability |
| CVE-2025-20163 | 2025-06-04 | Cisco Nexus Dashboard Fabric Controller SSH Host Key Vulnerability |
| CVE-2025-20261 | 2025-06-04 | Cisco Integrated Management Controller Privilege Escalation Vulnerability |
| CVE-2025-20273 | 2025-06-04 | Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting vulnerability |
| CVE-2025-20275 | 2025-06-04 | Cisco Unified Contact Center Express Editor Remote Code Execution Vulnerability |
| CVE-2025-20276 | 2025-06-04 | Cisco Unified Contact Center Express Remote Code Execution Vulnerability |
| CVE-2025-20277 | 2025-06-04 | Cisco Unified Contact Center Express Path Traversal Vulnerability |
| CVE-2025-20279 | 2025-06-04 | Cisco Unifed Contact Center Express Stored Cross-Site Scripting Vulnerability |
| CVE-2025-20278 | 2025-06-04 | Cisco Unified Communications Products Command Injection Vulnerability |
| CVE-2025-20286 | 2025-06-04 | ISE on AWS Static Credential |
| CVE-2025-20259 | 2025-06-04 | Cisco ThousandEyes Endpoint Agent for Windows Arbitrary File Write Vulnerability |
| CVE-2025-5595 | 2025-06-04 | FreeFloat FTP Server PROGRESS Command buffer overflow |
| CVE-2025-2336 | 2025-06-04 | AngularJS improper sanitization in SVG '<image>' element with 'ngSanitize' |
| CVE-2025-5596 | 2025-06-04 | FreeFloat FTP Server REGET Command buffer overflow |
| CVE-2025-5688 | 2025-06-04 | Out of Bounds Write in FreeRTOS-Plus-TCP |
| CVE-2025-5599 | 2025-06-04 | PHPGurukul Student Result Management System editmyexp.php sql injection |
| CVE-2025-5600 | 2025-06-04 | TOTOLINK EX1200T cstecgi.cgi setLanguageCfg stack-based overflow |
| CVE-2025-5602 | 2025-06-04 | Campcodes Hospital Management System registration.php sql injection |
| CVE-2025-5603 | 2025-06-04 | Campcodes Hospital Management System registration.php sql injection |
| CVE-2025-5604 | 2025-06-04 | Campcodes Hospital Management System user-login.php sql injection |
| CVE-2025-5606 | 2025-06-04 | Tenda AC18 SetIPTVCfg formSetIptv command injection |
| CVE-2025-48888 | 2025-06-04 | Deno run with --allow-read and --deny-read flags results in allowed |
| CVE-2025-48934 | 2025-06-04 | Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables |
| CVE-2025-5607 | 2025-06-04 | Tenda AC18 setPptpUserList formSetPPTPUserList buffer overflow |
| CVE-2025-48935 | 2025-06-04 | Deno has --allow-read / --allow-write permission bypass in `node:sqlite` |
| CVE-2025-22243 | 2025-06-04 | VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation. |
| CVE-2025-22244 | 2025-06-04 | VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation. |
| CVE-2025-22245 | 2025-06-04 | VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation. |
| CVE-2025-31134 | 2025-06-04 | FreshRSS vulnerable to directory enumeration via ext.php |
| CVE-2025-31136 | 2025-06-04 | FreshRSS vulnerable to Cross-site Scripting by <iframe>'ing a vulnerable same-origin page in a feed entry |
| CVE-2025-31482 | 2025-06-04 | FreshRSS vulnerable to DoS by malicious feed entry loading logout URL |
| CVE-2025-32015 | 2025-06-04 | FreshRSS vulnerable to Cross-site Scripting by embedding <script> tag inside <iframe srcdoc> |
| CVE-2025-5608 | 2025-06-04 | Tenda AC18 SetSysAutoRebbotCfg formsetreboottimer buffer overflow |
| CVE-2025-5609 | 2025-06-04 | Tenda AC18 AdvSetLanip fromadvsetlanip buffer overflow |
| CVE-2025-46339 | 2025-06-04 | FreshRSS vulnerable to favicon cache poisoning via proxy |
| CVE-2025-46341 | 2025-06-04 | Privilege escalation via SSRF when using HTTP auth |
| CVE-2025-48947 | 2025-06-04 | NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies |
| CVE-2025-5610 | 2025-06-04 | CodeAstro Real Estate Management System submitpropertydelete.php sql injection |
| CVE-2025-5611 | 2025-06-04 | CodeAstro Real Estate Management System submitpropertyupdate.php sql injection |
| CVE-2025-5612 | 2025-06-04 | PHPGurukul Online Fire Reporting System reporting.php sql injection |
| CVE-2025-5613 | 2025-06-04 | PHPGurukul Online Fire Reporting System request-details.php sql injection |
| CVE-2025-5690 | 2025-06-04 | Cursor allows PostgreSQL Anonymizer masked user to gain unauthorized access to authentic data |
| CVE-2025-5614 | 2025-06-04 | PHPGurukul Online Fire Reporting System search-report-result.php sql injection |
| CVE-2025-5615 | 2025-06-04 | PHPGurukul Online Fire Reporting System details.php sql injection |
| CVE-2025-5616 | 2025-06-04 | PHPGurukul Online Fire Reporting System profile.php sql injection |
| CVE-2025-5617 | 2025-06-04 | PHPGurukul Online Fire Reporting System manage-teams.php sql injection |
| CVE-2025-49007 | 2025-06-04 | ReDoS Vulnerability in Rack::Multipart handle_mime_head |
| CVE-2025-5618 | 2025-06-04 | PHPGurukul Online Fire Reporting System edit-team.php sql injection |
| CVE-2025-5619 | 2025-06-04 | Tenda CH22 addUserName formaddUserName stack-based overflow |
| CVE-2025-5620 | 2025-06-04 | D-Link DIR-816 setipsec_config os command injection |
| CVE-2025-5621 | 2025-06-04 | D-Link DIR-816 qosClassifier os command injection |
| CVE-2025-47827 | 2025-06-05 | In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified... |
| CVE-2025-48432 | 2025-06-05 | An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially... |
| CVE-2025-49466 | 2025-06-05 | aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part, |
| CVE-2025-5622 | 2025-06-05 | D-Link DIR-816 wirelessApcli_5g stack-based overflow |
| CVE-2025-5623 | 2025-06-05 | D-Link DIR-816 qosClassifier stack-based overflow |
| CVE-2025-49008 | 2025-06-05 | Atheos Improper Input Validation Vulnerability Enables RCE in Common.php |
| CVE-2025-5624 | 2025-06-05 | D-Link DIR-816 QoSPortSetup stack-based overflow |
| CVE-2025-5625 | 2025-06-05 | Campcodes Online Teacher Record Management System search-teacher.php sql injection |
| CVE-2025-5626 | 2025-06-05 | Campcodes Online Teacher Record Management System edit-subjects-detail.php sql injection |
| CVE-2025-5627 | 2025-06-05 | code-projects Patient Record Management System sputum_form.php sql injection |
| CVE-2025-5628 | 2025-06-05 | SourceCodester Food Menu Manager Add Menu index.php cross site scripting |
| CVE-2025-5629 | 2025-06-05 | Tenda AC10 HTTP SetPptpServerCfg formSetPPTPServer buffer overflow |