Total
387 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44104 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | N/A | 8.8 HIGH |
| An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2025-49004 | 2025-06-12 | N/A | 7.5 HIGH | ||
| Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A malicious website loaded in the browser can hijack the locally running Caido instance and achieve remote command execution during the initial setup. Even if the Caido instance is already configured, an attacker can initiate the authentication flow by performing DNS rebinding. In this case, the victim needs to authorize the request on dashboard.caido.io. Users should upgrade to version 0.48.0 to receive a patch. | |||||
| CVE-2025-48937 | 2025-06-12 | N/A | 4.9 MEDIUM | ||
| matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. This vulnerability is fixed in 0.11.1 and 0.12.0. | |||||
| CVE-2024-51406 | 1 Projectfloodlight | 1 Open Sdn Controller | 2025-06-11 | N/A | 6.2 MEDIUM |
| Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts inside and outside the cluster. | |||||
| CVE-2024-31784 | 1 Typora | 1 Typora | 2025-06-10 | N/A | 6.1 MEDIUM |
| An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src component. | |||||
| CVE-2021-22890 | 8 Broadcom, Debian, Fedoraproject and 5 more | 11 Fabric Operating System, Debian Linux, Fedora and 8 more | 2025-06-09 | 4.3 MEDIUM | 3.7 LOW |
| curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check. | |||||
| CVE-2025-48906 | 2025-06-06 | N/A | 8.8 HIGH | ||
| Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-22519 | 1 Sorenfriis | 1 Opendroneid Osm | 2025-06-05 | N/A | 8.2 HIGH |
| An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets. | |||||
| CVE-2025-3875 | 1 Mozilla | 1 Thunderbird | 2025-06-05 | N/A | 7.5 HIGH |
| Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats spoofed@example.com as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | |||||
| CVE-2025-3909 | 1 Mozilla | 1 Thunderbird | 2025-06-05 | N/A | 6.5 MEDIUM |
| Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling JavaScript execution as part of the HTML. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. | |||||
| CVE-2022-3180 | 1 Wpgateway | 1 Wpgateway | 2025-06-05 | N/A | 9.8 CRITICAL |
| The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts. | |||||
| CVE-2025-49002 | 1 Dataease | 1 Dataease | 2025-06-05 | N/A | 9.8 CRITICAL |
| DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in v2.10.10. No known workarounds are available. | |||||
| CVE-2023-41591 | 1 Opennetworking | 1 Onos | 2025-06-03 | N/A | 9.8 CRITICAL |
| An issue in Open Network Foundation ONOS v2.7.0 allows attackers to create fake IP/MAC addresses and potentially execute a man-in-the-middle attack on communications between fake and real hosts. | |||||
| CVE-2023-51667 | 1 Blazzdev | 1 Rate My Post | 2025-05-29 | N/A | 5.3 MEDIUM |
| Authentication Bypass by Spoofing vulnerability in FeedbackWP Rate my Post – WP Rating System allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.2. | |||||
| CVE-2022-34716 | 1 Microsoft | 3 .net, .net Core, Powershell | 2025-05-29 | N/A | 5.9 MEDIUM |
| .NET Spoofing Vulnerability | |||||
| CVE-2025-5067 | 1 Google | 1 Chrome | 2025-05-29 | N/A | 5.4 MEDIUM |
| Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-25595 | 1 Wpmudev | 1 Defender | 2025-05-28 | N/A | 5.3 MEDIUM |
| Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1. | |||||
| CVE-2023-43304 | 1 Linecorp | 1 Line | 2025-05-28 | N/A | 8.2 HIGH |
| An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2022-23949 | 1 Keylime | 1 Keylime | 2025-05-27 | N/A | 7.5 HIGH |
| In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar. | |||||
| CVE-2021-43310 | 1 Keylime | 1 Keylime | 2025-05-27 | N/A | 9.8 CRITICAL |
| A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution. | |||||