Total
32313 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31483 | 2 Arubanetworks, Hp | 3 Arubaos, Instant, Instantos | 2025-06-24 | 4.9 Medium |
| An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system. | ||||
| CVE-2023-51142 | 1 Zkteco | 1 Biotime | 2025-06-24 | 7.5 High |
| An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information. | ||||
| CVE-2025-48063 | 1 Xwiki | 2 Xwiki, Xwiki-platform | 2025-06-24 | 8.8 High |
| XWiki is a generic wiki platform. In XWiki 16.10.0, required rights were introduced as a way to limit which rights a document can have. Part of the security model of required rights is that a user who doesn't have a right also cannot define that right as required right. That way, users who are editing documents on which required rights are enforced can be sure that they're not giving a right to a script or object that it didn't have before. A bug in the implementation of the enforcement of this rule means that in fact, it was possible for any user with edit right on a document to set programming right as required right. If then a user with programming right edited that document, the content of that document would gain programming right, allowing remote code execution. This thereby defeats most of the security benefits of required rights. As XWiki still performs the required rights analysis when a user edits a page even when required rights are enforced, the user with programming right would still be warned about the dangerous content unless the attacker managed to bypass this check. Note also that none of the affected versions include a UI for enabling the enforcing of required rights so it seems unlikely that anybody relied on them for security in the affected versions. As this vulnerability provides no additional attack surface unless all documents in the wiki enforce required rights, we consider the impact of this attack to be low even though gaining programming right could have a high impact. This vulnerability has been patched in XWiki 16.10.4 and 17.1.0RC1. No known workarounds are available except for upgrading. | ||||
| CVE-2024-11184 | 1 Wp Enable Svg Project | 1 Wp Enable Svg | 2025-06-24 | 4.8 Medium |
| The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts | ||||
| CVE-2024-8789 | 1 Lunary | 1 Lunary | 2025-06-23 | N/A |
| Lunary-ai/lunary version git 105a3f6 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. The application allows users to upload their own regular expressions, which are then executed on the server side. Certain regular expressions can have exponential runtime complexity relative to the input size, leading to potential denial of service. An attacker can exploit this by submitting a specially crafted regular expression, causing the server to become unresponsive for an arbitrary length of time. | ||||
| CVE-2025-26413 | 1 Apache | 1 Kvrocks | 2025-06-23 | 7.5 High |
| Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index isĀ out of range. This issue affects Apache Kvrocks: through 2.11.1. Users are recommended to upgrade to version 2.12.0, which fixes the issue. | ||||
| CVE-2023-52722 | 1 Artifex | 1 Ghostscript | 2025-06-23 | 5.5 Medium |
| An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard. | ||||
| CVE-2025-30721 | 1 Oracle | 1 Mysql Server | 2025-06-23 | 4 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H). | ||||
| CVE-2019-2483 | 1 Oracle | 1 Istore | 2025-06-23 | N/A |
| Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | ||||
| CVE-2025-2558 | 1 The Wound Project | 1 The Wound | 2025-06-23 | 8.6 High |
| The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server | ||||
| CVE-2024-25678 | 1 Litespeedtech | 1 Lsquic | 2025-06-20 | 5.9 Medium |
| In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. | ||||
| CVE-2024-24215 | 1 Cellinx | 1 Nvt Web Server | 2025-06-20 | 5.3 Medium |
| An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request. | ||||
| CVE-2024-24736 | 1 Ypopsemail | 1 Ypops\! | 2025-06-20 | 7.5 High |
| The POP3 service in YahooPOPs (aka YPOPs!) 1.6 allows a remote denial of service (reboot) via a long string to TCP port 110, a related issue to CVE-2004-1558. | ||||
| CVE-2024-23904 | 1 Jenkins | 1 Log Command | 2025-06-20 | 7.5 High |
| Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system. | ||||
| CVE-2024-23224 | 1 Apple | 1 Macos | 2025-06-20 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.3, macOS Ventura 13.6.4. An app may be able to access sensitive user data. | ||||
| CVE-2024-23213 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2025-06-20 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution. | ||||
| CVE-2024-23211 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-20 | 3.3 Low |
| A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings. | ||||
| CVE-2023-48132 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-48129 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-47355 | 1 Eyuepcanyilmaz | 1 Root Quick Reboot | 2025-06-20 | 7.5 High |
| The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery (e.g., com.eypcnnapps.quickreboot.widget.PowerOff) that are susceptible to unauthorized broadcasts because of missing input validation. | ||||