Total
8333 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14669 | 1 Clickhouse | 1 Clickhouse | 2025-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server. | |||||
| CVE-2022-30197 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-06-24 | N/A | 5.5 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2024-45791 | 1 Apache | 1 Hertzbeat | 2025-06-24 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue. | |||||
| CVE-2025-3628 | 1 Moodle | 1 Moodle | 2025-06-24 | N/A | 4.3 MEDIUM |
| A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities. | |||||
| CVE-2025-32044 | 1 Moodle | 1 Moodle | 2025-06-24 | N/A | 7.5 HIGH |
| A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exception_ignore_args = 1 in the php.ini file are not affected by this vulnerability. | |||||
| CVE-2020-3525 | 1 Cisco | 1 Identity Services Engine | 2025-06-24 | N/A | 4.3 MEDIUM |
| A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to recover service account passwords that are saved on an affected system. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin portal. An attacker with read or write access to the Admin portal could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2025-27399 | 1 Joinmastodon | 1 Mastodon | 2025-06-24 | N/A | 5.3 MEDIUM |
| Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" (localized English string: "To logged-in users"), users that are not yet approved can view the block reasons. Instance admins that do not want their domain blocks to be public are impacted. Versions 4.1.23, 4.2.16, and 4.3.4 fix the issue. | |||||
| CVE-2025-52467 | 2025-06-23 | N/A | 9.1 CRITICAL | ||
| pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUB_TOKEN with write permissions for the repository, allowing an attacker to tamper with all aspects of the repository, including pushing arbitrary code and releases. This issue has been patched in commit 8eb3567. | |||||
| CVE-2025-23173 | 2025-06-23 | N/A | 7.5 HIGH | ||
| The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces significant risk, as websockify has known weaknesses that can be exploited, potentially leading to remote code execution. Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. Workarounds or Mitigation: Restrict access to TCP port 6080 if uCPE console access is not necessary. Versa recommends that Director be upgraded to one of the remediated software versions. | |||||
| CVE-2025-25037 | 2025-06-23 | N/A | N/A | ||
| An information disclosure vulnerability exists in Aquatronica Controller System firmware versions <= 5.1.6 and web interface versions <= 2.0. The tcp.php endpoint fails to restrict unauthenticated access, allowing remote attackers to issue crafted POST requests and retrieve sensitive configuration data, including plaintext administrative credentials. Exploitation of this flaw can lead to full compromise of the system, enabling unauthorized manipulation of connected devices and aquarium parameters. | |||||
| CVE-2025-27387 | 2025-06-23 | N/A | 7.4 HIGH | ||
| OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure. | |||||
| CVE-2024-24215 | 1 Cellinx | 1 Nvt Web Server | 2025-06-20 | N/A | 5.3 MEDIUM |
| An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request. | |||||
| CVE-2023-48132 | 1 Linecorp | 1 Line | 2025-06-20 | N/A | 5.4 MEDIUM |
| An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-48129 | 1 Linecorp | 1 Line | 2025-06-20 | N/A | 5.4 MEDIUM |
| An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43997 | 1 Linecorp | 1 Line | 2025-06-20 | N/A | 5.4 MEDIUM |
| An issue in Yoruichi hobby base mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43996 | 1 Linecorp | 1 Line | 2025-06-20 | N/A | 5.4 MEDIUM |
| An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43995 | 1 Linecorp | 1 Line | 2025-06-20 | N/A | 5.4 MEDIUM |
| An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43992 | 1 Linecorp | 1 Line | 2025-06-20 | N/A | 5.4 MEDIUM |
| An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2020-36771 | 1 Cloudlinux | 1 Cagefs | 2025-06-20 | N/A | 7.8 HIGH |
| CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user. | |||||
| CVE-2024-38467 | 1 Guoxinled | 1 Synthesis Image System | 2025-06-20 | N/A | 7.5 HIGH |
| Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API. | |||||