Total
482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21346 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-06-17 | N/A | 7.1 HIGH |
| Microsoft Office Security Feature Bypass Vulnerability | |||||
| CVE-2025-21276 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 7.5 HIGH |
| Windows MapUrlToZone Denial of Service Vulnerability | |||||
| CVE-2025-21217 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| Windows NTLM Spoofing Vulnerability | |||||
| CVE-2025-21211 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2026-06-17 | N/A | 6.8 MEDIUM |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2025-21081 | 2026-06-17 | N/A | 4.5 MEDIUM | ||
| Protection mechanism failure for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-20347 | 1 Cisco | 1 Nexus Dashboard | 2026-06-17 | N/A | 5.4 MEDIUM |
| A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit th vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions, such as accessing sensitive information regarding HTTP Proxy and NTP configurations, uploading images, and damaging image files on an affected device. | |||||
| CVE-2025-15422 | 1 Phome | 1 Empirecms | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-14304 | 2026-06-17 | N/A | 6.8 MEDIUM | ||
| Certain motherboard models developed by ASRock and its subsidiaries, ASRockRack and ASRockInd. has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security features are loaded. | |||||
| CVE-2025-14303 | 2026-06-17 | N/A | 6.8 MEDIUM | ||
| Certain motherboard models developed by MSI has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security features are loaded. | |||||
| CVE-2025-14302 | 2026-06-17 | N/A | 6.8 MEDIUM | ||
| Certain motherboard models developed by GIGABYTE has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security features are loaded. | |||||
| CVE-2025-14095 | 2026-06-17 | N/A | 6.8 MEDIUM | ||
| A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software. Other related CVE's are CVE-2025-14096 & CVE-2025-14097. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required configuration for Exposure: Physical access to the analyzer is needed. Temporary work Around: Only authorized people can physically access the analyzer. Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploit Status: Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication. Note: CVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems. | |||||
| CVE-2025-13326 | 1 Mattermost | 1 Mattermost Desktop | 2026-06-17 | N/A | 3.9 LOW |
| Mattermost Desktop App versions <6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder. | |||||
| CVE-2025-12909 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 5.3 MEDIUM |
| Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. (Chromium security severity: Low) | |||||
| CVE-2025-12906 | 1 Google | 1 Chrome | 2026-06-17 | N/A | 5.4 MEDIUM |
| Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-12554 | 1 Azure-access | 4 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 1 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||||
| CVE-2025-12094 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) plugin for WordPress is vulnerable to IP Header Spoofing in all versions up to, and including, 1.2.53. This is due to the plugin trusting client-controlled forwarded headers (such as CF-Connecting-IP, X-Forwarded-For, and others) without verifying that those headers originate from legitimate, trusted proxies. This makes it possible for unauthenticated attackers to spoof their IP address and bypass IP-based security controls, including blocked IP lists and rate limiting protections, by sending arbitrary HTTP headers with their requests. | |||||
| CVE-2025-11260 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| The WP Headless CMS Framework plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.15. This is due to the plugin only checking for the existence of the Authorization header in a request when determining if the nonce protection should be bypassed. This makes it possible for unauthenticated attackers to access content they should not have access to. | |||||
| CVE-2025-10905 | 2026-06-17 | N/A | 4.4 MEDIUM | ||
| Collision in MiniFilter driver in Avast Software Avast Free Antivirus before 25.9 on Windows allows a local attacker with administrative privileges to disable real-time protection and self-defense mechanisms. | |||||
| CVE-2025-10528 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 7.3 HIGH |
| Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. | |||||
| CVE-2025-10157 | 1 Mmaitre314 | 1 Picklescan | 2026-06-17 | N/A | 7.8 HIGH |
| A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via submodules of dangerous packages (e.g., 'asyncio.unix_events' instead of 'asyncio'). When the incorrectly considered safe file is loaded after scan, it can lead to the execution of malicious code. | |||||