Vulnerabilities (CVE)

Total 79741 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-3082 1 Wpexperts 1 Post Smtp 2025-06-04 N/A 7.2 HIGH
The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-31676 1 Email Tfa Project 1 Email Tfa 2025-06-04 N/A 8.8 HIGH
Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email TFA: from 0.0.0 before 2.0.3.
CVE-2025-27956 2025-06-04 N/A 7.5 HIGH
Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter.
CVE-2025-20298 2025-06-04 N/A 8.0 HIGH
In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents.
CVE-2024-31127 2025-06-04 N/A 7.3 HIGH
An improper verification of a loaded library in Zscaler Client Connector on Mac < 4.2.0.241 may allow a local attacker to elevate their privileges.
CVE-2025-30415 2025-06-04 N/A 7.5 HIGH
Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077.
CVE-2024-53010 2025-06-04 N/A 7.8 HIGH
Memory corruption may occur while attaching VM when the HLOS retains access to VM.
CVE-2025-21485 2025-06-04 N/A 7.8 HIGH
Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.
CVE-2025-4224 2025-06-04 N/A 7.2 HIGH
The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2025-5482 2025-06-04 N/A 8.8 HIGH
The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords through the password reset functionality, including administrators, and leverage that to reset the user's password and gain access to their account.
CVE-2025-35036 2025-06-04 N/A 7.3 HIGH
Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data.
CVE-2025-27029 2025-06-04 N/A 7.5 HIGH
Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.
CVE-2025-23105 2025-06-04 N/A 7.8 HIGH
An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
CVE-2025-25021 2025-06-04 N/A 7.2 HIGH
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code.
CVE-2025-5551 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. This affects an unknown part of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-53021 2025-06-04 N/A 8.2 HIGH
Information disclosure may occur while processing goodbye RTCP packet from network.
CVE-2018-25112 2025-06-04 N/A 7.5 HIGH
An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device.
CVE-2025-30167 2025-06-04 N/A 7.3 HIGH
Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%\jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user).
CVE-2025-5549 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component PASV Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-21463 2025-06-04 N/A 7.5 HIGH
Transient DOS while processing the EHT operation IE in the received beacon frame.