Total
79769 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27187 | 1 Joomla | 1 Joomla\! | 2025-06-04 | N/A | 7.5 HIGH |
| Improper Access Controls allows backend users to overwrite their username when disallowed. | |||||
| CVE-2024-40748 | 1 Joomla | 1 Joomla\! | 2025-06-04 | N/A | 7.5 HIGH |
| Lack of output escaping in the id attribute of menu lists. | |||||
| CVE-2024-40749 | 1 Joomla | 1 Joomla\! | 2025-06-04 | N/A | 7.5 HIGH |
| Improper Access Controls allows access to protected views. | |||||
| CVE-2025-22205 | 1 Admiror-design-studio | 1 Admiror Gallery | 2025-06-04 | N/A | 7.5 HIGH |
| Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x. | |||||
| CVE-2025-22210 | 1 Hikashop | 1 Hikashop | 2025-06-04 | N/A | 7.2 HIGH |
| A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the category management area in backend. | |||||
| CVE-2025-25227 | 1 Joomla | 1 Joomla\! | 2025-06-04 | N/A | 7.5 HIGH |
| Insufficient state checks lead to a vector that allows to bypass 2FA checks. | |||||
| CVE-2024-13613 | 1 Kainex | 1 Wise Chat | 2025-06-04 | N/A | 7.5 HIGH |
| The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments included in chat messages. The vulnerability was partially patched in version 3.3.3. | |||||
| CVE-2025-33103 | 1 Ibm | 1 I | 2025-06-04 | N/A | 8.5 HIGH |
| IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. | |||||
| CVE-2025-4842 | 1 Dlink | 2 Dcs-932l, Dcs-932l Firmware | 2025-06-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. This vulnerability affects the function isUCPCameraNameChanged of the file /sbin/ucp. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-4843 | 1 Dlink | 2 Dcs-932l, Dcs-932l Firmware | 2025-06-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. This affects the function SubUPnPCSInit of the file /sbin/udev. The manipulation of the argument CameraName leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-4844 | 1 Freefloat | 1 Ftp Server | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component CD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4845 | 1 Freefloat | 1 Ftp Server | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component TRACE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4847 | 1 Freefloat | 1 Ftp Server | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component MLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4848 | 1 Freefloat | 1 Ftp Server | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RECV Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-8700 | 1 Total-soft | 1 Event Calendar | 2025-06-04 | N/A | 7.5 HIGH |
| The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars. | |||||
| CVE-2025-47161 | 1 Microsoft | 1 Defender For Endpoint | 2025-06-04 | N/A | 7.8 HIGH |
| Microsoft Defender for Endpoint Elevation of Privilege Vulnerability | |||||
| CVE-2025-41385 | 1 Uchida | 2 Wivia 5, Wivia 5 Firmware | 2025-06-04 | N/A | 7.2 HIGH |
| An OS Command Injection issue exists in wivia 5 all versions. If this vulnerability is exploited, an arbitrary OS command may be executed by a logged-in administrative user. | |||||
| CVE-2025-47697 | 1 Uchida | 2 Wivia 5, Wivia 5 Firmware | 2025-06-04 | N/A | 7.5 HIGH |
| Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user. | |||||
| CVE-2025-48492 | 1 Getsimple-ce | 1 Getsimple Cms | 2025-06-04 | N/A | 8.8 HIGH |
| GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution (RCE). This issue is set to be patched in version 3.3.22. | |||||
| CVE-2025-3937 | 4 Blackberry, Linux, Microsoft and 1 more | 5 Qnx, Linux Kernel, Windows and 2 more | 2025-06-04 | N/A | 7.7 HIGH |
| Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | |||||