Total
297954 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-23105 | 1 Samsung | 6 Exynos 1480, Exynos 1480 Firmware, Exynos 2200 and 3 more | 2025-06-13 | N/A | 7.8 HIGH |
| An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation. | |||||
| CVE-2025-23099 | 1 Samsung | 4 Exynos 1480, Exynos 1480 Firmware, Exynos 2400 and 1 more | 2025-06-13 | N/A | 9.1 CRITICAL |
| An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes. | |||||
| CVE-2025-27955 | 1 Philips | 1 Clinical Collaboration Platform | 2025-06-13 | N/A | 6.5 MEDIUM |
| Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code. | |||||
| CVE-2018-16210 | 1 Wago | 28 750-352, 750-352 Firmware, 750-362 and 25 more | 2025-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field. | |||||
| CVE-2022-45064 | 1 Apache | 1 Apache Sling Engine | 2025-06-13 | N/A | 8.0 HIGH |
| The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power. Please update to Apache Sling Engine >= 2.14.0 and enable the "Check Content-Type overrides" configuration option. | |||||
| CVE-2025-27954 | 1 Philips | 1 Clinical Collaboration Platform | 2025-06-13 | N/A | 6.5 MEDIUM |
| An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx. | |||||
| CVE-2025-27953 | 1 Philips | 1 Clinical Collaboration Platform | 2025-06-13 | N/A | 6.5 MEDIUM |
| An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component. | |||||
| CVE-2025-23104 | 1 Samsung | 2 Exynos 2200, Exynos 2200 Firmware | 2025-06-13 | N/A | 6.5 MEDIUM |
| An issue was discovered in Samsung Mobile Processor Exynos 2200. A Use-After-Free in the mobile processor leads to privilege escalation. | |||||
| CVE-2025-45542 | 1 Vishalmathur | 1 Cloudclassroom-php Project | 2025-06-13 | N/A | 7.3 HIGH |
| SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries. | |||||
| CVE-2025-46981 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-46979 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-46978 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-46977 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-46976 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-44115 | 1 Cotonti | 1 Cotonti Siena | 2025-06-13 | N/A | 5.4 MEDIUM |
| A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting. | |||||
| CVE-2025-48919 | 2025-06-13 | N/A | 5.0 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0. | |||||
| CVE-2025-48917 | 2025-06-13 | N/A | 5.0 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal EU Cookie Compliance (GDPR Compliance) allows Cross-Site Scripting (XSS).This issue affects EU Cookie Compliance (GDPR Compliance): from 0.0.0 before 1.26.0. | |||||
| CVE-2024-57459 | 1 Vishalmathur | 1 Cloudclassroom-php Project | 2025-06-13 | N/A | 7.3 HIGH |
| A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands. | |||||
| CVE-2025-22941 | 1 Adtran | 2 411, 411 Firmware | 2025-06-13 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. | |||||
| CVE-2024-31503 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-06-13 | N/A | 7.5 HIGH |
| Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover. | |||||