Total
79741 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-3082 | 1 Wpexperts | 1 Post Smtp | 2025-06-04 | N/A | 7.2 HIGH |
The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
CVE-2025-31676 | 1 Email Tfa Project | 1 Email Tfa | 2025-06-04 | N/A | 8.8 HIGH |
Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email TFA: from 0.0.0 before 2.0.3. | |||||
CVE-2025-27956 | 2025-06-04 | N/A | 7.5 HIGH | ||
Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter. | |||||
CVE-2025-20298 | 2025-06-04 | N/A | 8.0 HIGH | ||
In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents. | |||||
CVE-2024-31127 | 2025-06-04 | N/A | 7.3 HIGH | ||
An improper verification of a loaded library in Zscaler Client Connector on Mac < 4.2.0.241 may allow a local attacker to elevate their privileges. | |||||
CVE-2025-30415 | 2025-06-04 | N/A | 7.5 HIGH | ||
Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077. | |||||
CVE-2024-53010 | 2025-06-04 | N/A | 7.8 HIGH | ||
Memory corruption may occur while attaching VM when the HLOS retains access to VM. | |||||
CVE-2025-21485 | 2025-06-04 | N/A | 7.8 HIGH | ||
Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC. | |||||
CVE-2025-4224 | 2025-06-04 | N/A | 7.2 HIGH | ||
The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
CVE-2025-5482 | 2025-06-04 | N/A | 8.8 HIGH | ||
The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords through the password reset functionality, including administrators, and leverage that to reset the user's password and gain access to their account. | |||||
CVE-2025-35036 | 2025-06-04 | N/A | 7.3 HIGH | ||
Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data. | |||||
CVE-2025-27029 | 2025-06-04 | N/A | 7.5 HIGH | ||
Transient DOS while processing the tone measurement response buffer when the response buffer is out of range. | |||||
CVE-2025-23105 | 2025-06-04 | N/A | 7.8 HIGH | ||
An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation. | |||||
CVE-2025-25021 | 2025-06-04 | N/A | 7.2 HIGH | ||
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code. | |||||
CVE-2025-5551 | 2025-06-04 | 7.5 HIGH | 7.3 HIGH | ||
A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. This affects an unknown part of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-53021 | 2025-06-04 | N/A | 8.2 HIGH | ||
Information disclosure may occur while processing goodbye RTCP packet from network. | |||||
CVE-2018-25112 | 2025-06-04 | N/A | 7.5 HIGH | ||
An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device. | |||||
CVE-2025-30167 | 2025-06-04 | N/A | 7.3 HIGH | ||
Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%\jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user). | |||||
CVE-2025-5549 | 2025-06-04 | 7.5 HIGH | 7.3 HIGH | ||
A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component PASV Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-21463 | 2025-06-04 | N/A | 7.5 HIGH | ||
Transient DOS while processing the EHT operation IE in the received beacon frame. |