Total
31840 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48127 | 1 Linecorp | 1 Line | 2025-06-11 | N/A | 5.4 MEDIUM |
| An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-47145 | 2 Ibm, Microsoft | 2 Db2, Windows | 2025-06-11 | N/A | 8.4 HIGH |
| IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402. | |||||
| CVE-2023-43999 | 1 Linecorp | 1 Line | 2025-06-11 | N/A | 5.4 MEDIUM |
| An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43988 | 1 Linecorp | 1 Line | 2025-06-11 | N/A | 5.4 MEDIUM |
| An issue in nature fitness saijo mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-42833 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-06-11 | N/A | 8.8 HIGH |
| A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-40439 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-11 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information. | |||||
| CVE-2023-35836 | 1 Solax | 2 Pocket Wifi 3, Pocket Wifi 3 Firmware | 2025-06-11 | N/A | 6.5 MEDIUM |
| An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks. | |||||
| CVE-2023-33472 | 1 Scada-lts | 1 Scada-lts | 2025-06-11 | N/A | 8.8 HIGH |
| An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function. | |||||
| CVE-2023-21901 | 1 Oracle | 1 Financial Services Analytical Applications Infrastructure | 2025-06-11 | N/A | 7.4 HIGH |
| Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L). | |||||
| CVE-2024-0748 | 1 Mozilla | 1 Firefox | 2025-06-11 | N/A | 4.3 MEDIUM |
| A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122. | |||||
| CVE-2024-8009 | 1 Automattic | 1 Sensei Lms | 2025-06-11 | N/A | 7.5 HIGH |
| The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page | |||||
| CVE-2024-34509 | 2 Debian, Offis | 2 Debian Linux, Dcmtk | 2025-06-11 | N/A | 5.3 MEDIUM |
| dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. | |||||
| CVE-2021-43905 | 1 Microsoft | 1 365 Copilot | 2025-06-11 | 6.8 MEDIUM | 9.6 CRITICAL |
| Microsoft Office app Remote Code Execution Vulnerability | |||||
| CVE-2023-43591 | 1 Zoom | 1 Rooms | 2025-06-11 | N/A | 7.8 HIGH |
| Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | |||||
| CVE-2024-9529 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2025-06-11 | N/A | 6.6 MEDIUM |
| The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege users such as admin to run arbitrary PHP functions. | |||||
| CVE-2024-27447 | 1 Pretix | 1 Pretix | 2025-06-11 | N/A | 9.8 CRITICAL |
| pretix before 2024.1.1 mishandles file validation. | |||||
| CVE-2022-43855 | 1 Ibm | 1 Spss Statistics | 2025-06-10 | N/A | 6.2 MEDIUM |
| IBM SPSS Statistics 26.0, 27.0.1, and 28.0 IO Module could allow a local user to create multiple files that could exhaust the file handles capacity and cause a denial of service. | |||||
| CVE-2023-30305 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-10 | N/A | 7.5 HIGH |
| An issue discovered in Linksys E5600 routers allows attackers to hijack TCP sessions which could lead to a denial of service. | |||||
| CVE-2024-26529 | 1 Mz-automation | 1 Libiec61850 | 2025-06-10 | N/A | 7.5 HIGH |
| An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c. | |||||
| CVE-2025-5649 | 1 Razormist | 1 Student Result Management System | 2025-06-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as critical has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /admin/core/new_user of the component Register Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||