Total
11398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-50178 | 2026-06-17 | N/A | N/A | ||
| GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 0.4.3 lack input validation for user provided values in certain functions. In the `GitForge.get_repo` function for GitHub, the user can provide any string for the owner and repo fields. These inputs are not validated or safely encoded and are sent directly to the server. This means a user can add path traversal patterns like `../` in the input to access any other endpoints on api.github.com that were not intended. Version 0.4.3 contains a patch for the issue. No known workarounds are available. | |||||
| CVE-2025-50151 | 1 Apache | 1 Jena | 2026-06-17 | N/A | 8.8 HIGH |
| File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload. | |||||
| CVE-2025-4905 | 1 Washington | 1 Basestation | 2026-06-17 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The code maintainer tagged the issue as closed. But there is no new commit nor release in the GitHub repository available so far. | |||||
| CVE-2025-4762 | 2026-06-17 | N/A | N/A | ||
| Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers. | |||||
| CVE-2025-4742 | 2026-06-17 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as problematic has been found in XU-YIJIE grpo-flat up to 9024b43f091e2eb9bac65802b120c0b35f9ba856. Affected is the function main of the file grpo_vanilla.py. The manipulation leads to deserialization. Local access is required to approach this attack. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | |||||
| CVE-2025-4740 | 2026-06-17 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in BeamCtrl Airiana up to 11.0. It has been declared as problematic. This vulnerability affects unknown code of the file coef. The manipulation leads to deserialization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4701 | 2026-06-17 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in VITA-MLLM Freeze-Omni up to 20250421. This issue affects the function torch.load of the file models/utils.py. The manipulation of the argument path leads to deserialization. It is possible to launch the attack on the local host. | |||||
| CVE-2025-4680 | 2026-06-17 | N/A | N/A | ||
| Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects upKeeper Instant Privilege Access: before 1.4.0. | |||||
| CVE-2025-4635 | 2026-06-17 | N/A | 6.6 MEDIUM | ||
| A malicious user with administrative privileges in the web portal would be able to manipulate the Diagnostics module to obtain remote code execution on the local device as a low privileged user. | |||||
| CVE-2025-4613 | 2 Google, Microsoft | 2 Web Designer, Windows | 2026-06-17 | N/A | 8.8 HIGH |
| Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template | |||||
| CVE-2025-4563 | 2026-06-17 | N/A | 2.7 LOW | ||
| A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation. | |||||
| CVE-2025-4424 | 2026-06-17 | N/A | 6.0 MEDIUM | ||
| The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/product_security/home | |||||
| CVE-2025-4410 | 2026-06-17 | N/A | 7.5 HIGH | ||
| A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code. | |||||
| CVE-2025-4377 | 2026-06-17 | N/A | N/A | ||
| Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem. Logview is accessible on Pro Cloud Server Configuration interface. This issue affects Pro Cloud Server: earlier than 6.0.165. | |||||
| CVE-2025-4376 | 2026-06-17 | N/A | N/A | ||
| Improper Input Validation vulnerability in Sparx Systems Pro Cloud Server's WebEA model search field allows Cross-Site Scripting (XSS). This issue affects Pro Cloud Server: earlier than 6.0.165. | |||||
| CVE-2025-4277 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. | |||||
| CVE-2025-4276 | 2026-06-17 | N/A | 7.5 HIGH | ||
| UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. | |||||
| CVE-2025-4260 | 1 Zhangyanbo2007 | 1 Youkefu | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-49719 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2026-06-17 | N/A | 7.5 HIGH |
| Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-49554 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-06-17 | N/A | 7.5 HIGH |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction. | |||||