Total
297964 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-28389 | 2025-06-13 | N/A | 9.8 CRITICAL | ||
| Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack. | |||||
| CVE-2025-28388 | 2025-06-13 | N/A | 9.8 CRITICAL | ||
| OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials for the Service Account. | |||||
| CVE-2025-28381 | 2025-06-13 | N/A | 7.5 HIGH | ||
| A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to access service credentials as environment variables stored in all containers. | |||||
| CVE-2024-21733 | 1 Apache | 1 Tomcat | 2025-06-13 | N/A | 5.3 MEDIUM |
| Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. | |||||
| CVE-2023-52115 | 1 Huawei | 1 Harmonyos | 2025-06-13 | N/A | 7.5 HIGH |
| The iaware module has a Use-After-Free (UAF) vulnerability. Successful exploitation of this vulnerability may affect the system functions. | |||||
| CVE-2023-52074 | 1 Flycms Project | 1 Flycms | 2025-06-13 | N/A | 8.8 HIGH |
| FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte. | |||||
| CVE-2023-0224 | 1 Givewp | 1 Givewp | 2025-06-13 | N/A | 9.8 CRITICAL |
| The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks | |||||
| CVE-2022-4976 | 2025-06-13 | N/A | 9.8 CRITICAL | ||
| Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141. | |||||
| CVE-2024-33901 | 1 Keepassxc | 1 Keepassxc | 2025-06-13 | N/A | 6.5 MEDIUM |
| Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs. | |||||
| CVE-2024-32407 | 1 Inducer | 1 Relate | 2025-06-13 | N/A | 8.8 HIGH |
| An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature. | |||||
| CVE-2024-32405 | 1 Inducer | 1 Relate | 2025-06-13 | N/A | 2.6 LOW |
| Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function. | |||||
| CVE-2024-50849 | 1 Rws | 1 Worldserver | 2025-06-13 | N/A | 4.8 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code. | |||||
| CVE-2025-26013 | 1 Olajowon | 1 Loggrove | 2025-06-13 | N/A | 8.2 HIGH |
| An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitive information via the read.py component. | |||||
| CVE-2025-26014 | 1 Olajowon | 1 Loggrove | 2025-06-13 | N/A | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter. | |||||
| CVE-2025-45752 | 1 Seeddms | 1 Seeddms | 2025-06-13 | N/A | 7.2 HIGH |
| A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager. | |||||
| CVE-2024-57529 | 1 Jeppesen | 1 Jetplanner | 2025-06-13 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code. | |||||
| CVE-2025-28099 | 1 Fumiao | 1 Opencms | 2025-06-13 | N/A | 4.3 MEDIUM |
| opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp, | |||||
| CVE-2025-6030 | 2025-06-13 | N/A | N/A | ||
| Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. Research was completed on the 2024 KIA Soluto. Attack confirmed on other KIA Models in Ecuador. | |||||
| CVE-2025-6029 | 2025-06-13 | N/A | N/A | ||
| Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry System, primarily distributed in Ecuador, which allows a replay attack. Manufacture is unknown at the time of release. CVE Record will be updated once this is clarified. | |||||
| CVE-2025-48068 | 2025-06-13 | N/A | N/A | ||
| Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a malicious webpage while npm run dev is active. This issue has been patched in versions 14.2.30 and 15.2.2. | |||||