Total
299828 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47869 | 1 Apache | 1 Nuttx | 2025-06-17 | N/A | 9.8 CRITICAL |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1. This issue affects Apache NuttX RTOS users that may have used or base their code on example application as presented in releases from 6.22 before 12.9.0. Users of XMLRPC in Apache NuttX RTOS are advised to review their code for this pattern and update buffer sizes as presented in the version of the example in release 12.9.0. | |||||
| CVE-2025-6120 | 1 Assimp | 1 Assimp | 2025-06-17 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | |||||
| CVE-2025-6121 | 1 Dlink | 2 Dir-632, Dir-632 Firmware | 2025-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-632 FW103B08. Affected by this issue is the function get_pure_content of the component HTTP POST Request Handler. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-35430 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-06-17 | N/A | 8.1 HIGH |
| In ZKTeco ZKBio CVSecurity v6.1.1 an authenticated user can bypass password checks while exporting data from the application. | |||||
| CVE-2024-35432 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-06-17 | N/A | 6.1 MEDIUM |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting. | |||||
| CVE-2025-28384 | 1 Openc3 | 1 Cosmos | 2025-06-17 | N/A | 9.1 CRITICAL |
| An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal. | |||||
| CVE-2024-21122 | 1 Oracle | 1 Peoplesoft Enterprise Hcm Shared Components | 2025-06-17 | N/A | 5.4 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Text Catalog). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Shared Components. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Shared Components, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Shared Components accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Shared Components accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2025-28382 | 1 Openc3 | 1 Cosmos | 2025-06-17 | N/A | 7.5 HIGH |
| An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal. | |||||
| CVE-2025-47091 | 1 Adobe | 1 Experience Manager | 2025-06-17 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2024-35431 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-06-17 | N/A | 7.5 HIGH |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticated user can download local files from the server. NOTE: Third parties have indicated other versions are also vulnerable including up to 6.4.1. | |||||
| CVE-2024-35433 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-06-17 | N/A | 8.1 HIGH |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, without the permissions of managing users, can create a new admin user. | |||||
| CVE-2024-55567 | 2025-06-17 | N/A | 7.5 HIGH | ||
| Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. | |||||
| CVE-2024-28000 | 1 Litespeedtech | 1 Litespeed Cache | 2025-06-17 | N/A | 9.8 CRITICAL |
| Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1. | |||||
| CVE-2024-11917 | 2025-06-17 | N/A | 8.1 HIGH | ||
| The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.9.2. This is due to improper configurations in the 'jobsearch_xing_response_data_callback', 'set_access_tokes', and 'google_callback' functions. This makes it possible for unauthenticated attackers to log in as the first connected Xing user, or any connected Xing user if the Xing id is known. It is also possible for unauthenticated attackers to log in as the first connected Google user if the user has logged in, without subsequently logging out, in thirty days. The vulnerability was partially patched in version 2.8.4. | |||||
| CVE-2023-45256 | 2025-06-17 | N/A | 5.4 MEDIUM | ||
| Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transaction.php, validation.php, or callback.php. | |||||
| CVE-2023-26159 | 1 Follow-redirects | 1 Follow Redirects | 2025-06-17 | N/A | 7.3 HIGH |
| Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. | |||||
| CVE-2025-28381 | 1 Openc3 | 1 Cosmos | 2025-06-17 | N/A | 7.5 HIGH |
| A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to access service credentials as environment variables stored in all containers. | |||||
| CVE-2024-36526 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-06-17 | N/A | 9.8 CRITICAL |
| ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key. | |||||
| CVE-2025-28380 | 1 Openc3 | 1 Cosmos | 2025-06-17 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter. | |||||
| CVE-2024-5475 | 1 Lepileppanen | 1 Responsive Video Embed | 2025-06-17 | N/A | 5.4 MEDIUM |
| The Responsive video embed WordPress plugin before 0.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||