Total
31840 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33631 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-06-05 | N/A | 7.3 HIGH |
| Microsoft Excel Security Feature Bypass Vulnerability | |||||
| CVE-2022-20389 | 1 Google | 1 Android | 2025-06-05 | N/A | 9.8 CRITICAL |
| Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004 | |||||
| CVE-2022-20388 | 1 Google | 1 Android | 2025-06-05 | N/A | 9.8 CRITICAL |
| Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323 | |||||
| CVE-2024-22365 | 1 Linux-pam | 1 Linux-pam | 2025-06-05 | N/A | 5.5 MEDIUM |
| linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. | |||||
| CVE-2024-22021 | 1 Veeam | 3 Availability Orchestrator, Disaster Recovery Orchestrator, Recovery Orchestrator | 2025-06-05 | N/A | 4.3 MEDIUM |
| Vulnerability?CVE-2024-22021 allows?a?Veeam Recovery Orchestrator user with a low?privileged?role (Plan?Author)?to retrieve?plans?from?a?Scope other than the one they are assigned to. | |||||
| CVE-2024-11083 | 1 Properfraction | 1 Profilepress | 2025-06-05 | N/A | 5.3 MEDIUM |
| The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | |||||
| CVE-2024-12329 | 1 G5plus | 1 Essential Real Estate | 2025-06-05 | N/A | 4.3 MEDIUM |
| The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs | |||||
| CVE-2024-11282 | 1 Wpchill | 1 Passster | 2025-06-05 | N/A | 5.3 MEDIUM |
| The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | |||||
| CVE-2024-12601 | 1 Codepeople | 1 Calculated Fields Form | 2025-06-05 | N/A | 5.3 MEDIUM |
| The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large values, resulting in slowing server resources if the server does not mitigate Denial of Service attacks. | |||||
| CVE-2024-11721 | 1 Dynamiapps | 1 Frontend Admin | 2025-06-05 | N/A | 8.1 HIGH |
| The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form. | |||||
| CVE-2024-31483 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-06-05 | N/A | 4.9 MEDIUM |
| An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system. | |||||
| CVE-2023-30581 | 1 Nodejs | 1 Node.js | 2025-06-05 | N/A | 7.5 HIGH |
| The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js | |||||
| CVE-2025-1331 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2025-06-05 | N/A | 7.8 HIGH |
| IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function. | |||||
| CVE-2025-3597 | 1 Firelightwp | 1 Firelight Lightbox | 2025-06-05 | N/A | 5.9 MEDIUM |
| The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free version too, making it theoretically exploitable there as well. | |||||
| CVE-2024-7762 | 1 Presstigers | 1 Simple Job Board | 2025-06-05 | N/A | 7.5 HIGH |
| The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes | |||||
| CVE-2023-48951 | 1 Openlinksw | 1 Virtuoso | 2025-06-05 | N/A | 7.5 HIGH |
| An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | |||||
| CVE-2022-42541 | 1 Google | 1 Android | 2025-06-05 | N/A | 9.8 CRITICAL |
| Remote code execution | |||||
| CVE-2025-48999 | 1 Dataease | 1 Dataease | 2025-06-05 | N/A | 8.8 HIGH |
| DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, `getUrlType()` retrieves `hostName`. Since the judgment statement returns false, it will not enter the if statement and will not be filtered. The payload can be directly concatenated at the replace location to construct a malicious JDBC statement. Version 2.10.10 contains a patch for the issue. | |||||
| CVE-2025-49001 | 1 Dataease | 1 Dataease | 2025-06-05 | N/A | 9.8 CRITICAL |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available. | |||||
| CVE-2023-6837 | 1 Wso2 | 5 Api Manager, Carbon Identity Application Authentication Endpoint, Carbon Identity Application Authentication Framework and 2 more | 2025-06-05 | N/A | 8.5 HIGH |
| Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provisioning enabled with the "Prompt for username, password and consent" option. * A service provider that uses the above IDP for federated authentication and has the "Assert identity using mapped local subject identifier" flag enabled. Attacker should have: * A fresh valid user account in the federated IDP that has not been used earlier. * Knowledge of the username of a valid user in the local IDP. When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation. | |||||