Total
31840 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28391 | 1 Busybox | 1 Busybox | 2025-06-09 | 6.8 MEDIUM | 8.8 HIGH |
| BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. | |||||
| CVE-2023-34969 | 3 Debian, Fedoraproject, Freedesktop | 3 Debian Linux, Fedora, Dbus | 2025-06-09 | N/A | 6.5 MEDIUM |
| D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6. | |||||
| CVE-2022-42012 | 2 Fedoraproject, Freedesktop | 2 Fedora, Dbus | 2025-06-09 | N/A | 6.5 MEDIUM |
| An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. | |||||
| CVE-2025-48998 | 1 Dataease | 1 Dataease | 2025-06-09 | N/A | 8.8 HIGH |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. No known workarounds are available. | |||||
| CVE-2020-21514 | 1 Fluentd | 2 Fluentd, Fluentd-ui | 2025-06-09 | N/A | 8.8 HIGH |
| An issue was discovered in Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password. | |||||
| CVE-2024-0753 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2025-06-07 | N/A | 6.5 MEDIUM |
| In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | |||||
| CVE-2023-51073 | 1 Buffalo | 2 Ls210d, Ls210d Firmware | 2025-06-06 | N/A | 8.1 HIGH |
| An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh. | |||||
| CVE-2023-7231 | 1 Evanliewer | 1 Illi Link Party\! | 2025-06-06 | N/A | 7.3 HIGH |
| The illi Link Party! WordPress plugin through 1.0 lacks proper access controls, allowing unauthenticated visitors to delete links. | |||||
| CVE-2023-48909 | 1 Aarboard | 1 Jave2 | 2025-06-06 | N/A | 8.8 HIGH |
| An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function. | |||||
| CVE-2024-6477 | 1 Ayecode | 1 Userswp | 2025-06-06 | N/A | 7.5 HIGH |
| The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address | |||||
| CVE-2025-3891 | 3 Apache, Debian, Redhat | 3 Http Server, Debian Linux, Enterprise Linux | 2025-06-06 | N/A | 7.5 HIGH |
| A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability. | |||||
| CVE-2025-31171 | 1 Huawei | 1 Harmonyos | 2025-06-06 | N/A | 6.8 MEDIUM |
| File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-4664 | 1 Google | 1 Chrome | 2025-06-06 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-1226 | 1 Yimihome | 1 Ywoa | 2025-06-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2024.07.04 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-3587 | 1 Zerowdd | 1 Studentmanager | 2025-06-05 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in ZeroWdd/code-projects studentmanager 1.0. This vulnerability affects unknown code of the file /getTeacherList. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-34699 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-06-05 | N/A | 7.8 HIGH |
| Windows Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2022-34692 | 1 Microsoft | 1 Exchange Server | 2025-06-05 | N/A | 5.3 MEDIUM |
| Microsoft Exchange Server Information Disclosure Vulnerability | |||||
| CVE-2022-34691 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-05 | N/A | 8.8 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2022-33646 | 1 Microsoft | 1 Azure Batch | 2025-06-05 | N/A | 7.0 HIGH |
| Azure Batch Node Agent Elevation of Privilege Vulnerability | |||||
| CVE-2022-33640 | 1 Microsoft | 2 Open Management Infrastructure, System Center Operations Manager | 2025-06-05 | N/A | 7.8 HIGH |
| System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | |||||