Total
11425 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27517 | 2026-06-17 | N/A | N/A | ||
| Volt is an elegantly crafted functional API for Livewire. Malicious, user-crafted request payloads could potentially lead to remote code execution within Volt components. This vulnerability is fixed in 1.7.0. | |||||
| CVE-2025-27494 | 1 Siemens | 4 Sipass Integrated Ac5102 \(acc-g2\), Sipass Integrated Ac5102 \(acc-g2\) Firmware, Sipass Integrated Acc-ap and 1 more | 2026-06-17 | N/A | 9.1 CRITICAL |
| A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. | |||||
| CVE-2025-27493 | 1 Siemens | 4 Sipass Integrated Ac5102 \(acc-g2\), Sipass Integrated Ac5102 \(acc-g2\) Firmware, Sipass Integrated Acc-ap and 1 more | 2026-06-17 | N/A | 8.2 HIGH |
| A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. | |||||
| CVE-2025-27489 | 1 Microsoft | 2 Azure Stack Hci 22h2, Azure Stack Hci 23h2 | 2026-06-17 | N/A | 7.8 HIGH |
| Improper input validation in Azure Local allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-27388 | 2026-06-17 | N/A | N/A | ||
| Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens. | |||||
| CVE-2025-27378 | 1 Altium | 1 On-prem Enterprise Server | 2026-06-17 | N/A | 8.6 HIGH |
| AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries. | |||||
| CVE-2025-27242 | 1 Openatom | 1 Openharmony | 2026-06-17 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. | |||||
| CVE-2025-27224 | 1 Rocketsoftware | 1 Trufusion Enterprise | 2026-06-17 | N/A | 9.8 CRITICAL |
| TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file type at any location on the local server, ultimately allowing execution of arbitrary code. | |||||
| CVE-2025-27212 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Affected Products: UniFi Access Reader Pro (Version 2.14.21 and earlier) UniFi Access G2 Reader Pro (Version 1.10.32 and earlier) UniFi Access G3 Reader Pro (Version 1.10.30 and earlier) UniFi Access Intercom (Version 1.7.28 and earlier) UniFi Access G3 Intercom (Version 1.7.29 and earlier) UniFi Access Intercom Viewer (Version 1.3.20 and earlier) Mitigation: Update UniFi Access Reader Pro Version 2.15.9 or later Update UniFi Access G2 Reader Pro Version 1.11.23 or later Update UniFi Access G3 Reader Pro Version 1.11.22 or later Update UniFi Access Intercom Version 1.8.22 or later Update UniFi Access G3 Intercom Version 1.8.22 or later Update UniFi Access Intercom Viewer Version 1.4.39 or later | |||||
| CVE-2025-27211 | 2026-06-17 | N/A | 7.5 HIGH | ||
| An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. | |||||
| CVE-2025-27151 | 1 Redis | 1 Redis | 2026-06-17 | N/A | 4.7 MEDIUM |
| Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2. | |||||
| CVE-2025-27131 | 1 Openatom | 1 Openharmony | 2026-06-17 | N/A | 6.1 MEDIUM |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOSÂ through improper input. | |||||
| CVE-2025-27040 | 1 Qualcomm | 130 Csr8811, Csr8811 Firmware, Immersive Home 214 Platform and 127 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| Information disclosure may occur while processing the hypervisor log. | |||||
| CVE-2025-27023 | 1 Nokia | 2 G42, G42 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read all OS files via crafted CLI commands. Details: The web interface based management of the Infinera G42 appliance enables the feature of executing a restricted set of commands. This feature also offers the option to execute a script-file already present on the target device. When a non-script or incorrect file is specified, the content of the file is shown along with an error message. Due to an execution of the http service with a privileged user all files on the file system can be viewed this way. | |||||
| CVE-2025-26858 | 1 Socomec | 2 Diris M-70, Diris M-70 Firmware | 2026-06-17 | N/A | 8.6 HIGH |
| A buffer overflow vulnerability exists in the Modbus TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted set of network packets can lead to denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability. | |||||
| CVE-2025-26781 | 1 Samsung | 26 Exynos 1080, Exynos 1080 Firmware, Exynos 1330 and 23 more | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a Denial of Service. | |||||
| CVE-2025-26780 | 1 Samsung | 4 Exynos 2400, Exynos 2400 Firmware, Modem 5400 and 1 more | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in L2 in Samsung Mobile Processor and Modem Exynos 2400 and Modem 5400. The lack of a length check leads to a Denial of Service via a malformed PDCP packet. | |||||
| CVE-2025-26702 | 1 Zte | 1 Goldendb | 2026-06-17 | N/A | 4.9 MEDIUM |
| Improper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. | |||||
| CVE-2025-26647 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2026-06-17 | N/A | 8.8 HIGH |
| Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-26489 | 1 Nokia | 2 Infinera Mtc-9, Infinera Mtc-9 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | |||||