Total
299609 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6050 | 2025-06-17 | N/A | N/A | ||
| Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before including them in JSON responses served via "/admin/displayable_links.js". An authenticated admin user can create a blog post with a malicious JavaScript payload in the title field, then trick another admin user into clicking a direct link to the "/admin/displayable_links.js" endpoint, causing the malicious script to execute in their browser. | |||||
| CVE-2025-49864 | 2025-06-17 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in AFS Analytics AFS Analytics allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects AFS Analytics: from n/a through 4.21. | |||||
| CVE-2025-48111 | 2025-06-17 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0. | |||||
| CVE-2025-2327 | 2025-06-17 | N/A | N/A | ||
| A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured. | |||||
| CVE-2025-49855 | 2025-06-17 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks Flexible Shortcodes allows DOM-Based XSS. This issue affects Meks Flexible Shortcodes: from n/a through 1.3.7. | |||||
| CVE-2025-47573 | 2025-06-17 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows Blind SQL Injection. This issue affects School Management: from n/a through 92.0.0. | |||||
| CVE-2025-49823 | 2025-06-17 | N/A | N/A | ||
| (conda) Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix (user_prefix) using an eval statement, which executes unsanitized user input as shell code. Although the script runs with user privileges (not root), an attacker could exploit this by injecting arbitrary commands through a malicious path during installation. Exploitation requires explicit user action. This issue has been patched in version 3.11.3. | |||||
| CVE-2025-6166 | 2025-06-17 | 2.7 LOW | 3.5 LOW | ||
| A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. The identifier of the patch is 5db74202d632306a883ccce7339c5bdba0d16c5a. It is recommended to upgrade the affected component. | |||||
| CVE-2025-49850 | 2025-06-17 | N/A | N/A | ||
| A Heap-based Buffer Overflow vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the end of allocated data structures. | |||||
| CVE-2025-47865 | 2025-06-17 | N/A | 7.5 HIGH | ||
| A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affected installations. | |||||
| CVE-2025-49795 | 2025-06-17 | N/A | 7.5 HIGH | ||
| A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. | |||||
| CVE-2025-28972 | 2025-06-17 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Suhas Surse WP Employee Attendance System allows Blind SQL Injection. This issue affects WP Employee Attendance System: from n/a through 3.5. | |||||
| CVE-2025-49316 | 2025-06-17 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team Tobias WP2LEADS allows Reflected XSS. This issue affects WP2LEADS: from n/a through 3.5.0. | |||||
| CVE-2025-49444 | 2025-06-17 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor allows Upload a Web Shell to a Web Server. This issue affects Reformer for Elementor: from n/a through 1.0.5. | |||||
| CVE-2025-6069 | 2025-06-17 | N/A | 4.3 MEDIUM | ||
| The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. | |||||
| CVE-2025-49447 | 2025-06-17 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0. | |||||
| CVE-2025-49158 | 2025-06-17 | N/A | 6.7 MEDIUM | ||
| An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2025-40674 | 2025-06-17 | N/A | N/A | ||
| Reflected Cross-Site Scripting (XSS) in osCommerce v4. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the name of any parameter in /watch/en/about-us. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. | |||||
| CVE-2025-47866 | 2025-06-17 | N/A | 4.3 MEDIUM | ||
| An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations. | |||||
| CVE-2025-49865 | 2025-06-17 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.0.1. | |||||