Total
79808 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30415 | 2025-06-04 | N/A | 7.5 HIGH | ||
| Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077. | |||||
| CVE-2024-53010 | 2025-06-04 | N/A | 7.8 HIGH | ||
| Memory corruption may occur while attaching VM when the HLOS retains access to VM. | |||||
| CVE-2025-21485 | 2025-06-04 | N/A | 7.8 HIGH | ||
| Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC. | |||||
| CVE-2025-4224 | 2025-06-04 | N/A | 7.2 HIGH | ||
| The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-5482 | 2025-06-04 | N/A | 8.8 HIGH | ||
| The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's passwords through the password reset functionality, including administrators, and leverage that to reset the user's password and gain access to their account. | |||||
| CVE-2025-35036 | 2025-06-04 | N/A | 7.3 HIGH | ||
| Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data. | |||||
| CVE-2025-27029 | 2025-06-04 | N/A | 7.5 HIGH | ||
| Transient DOS while processing the tone measurement response buffer when the response buffer is out of range. | |||||
| CVE-2025-25021 | 2025-06-04 | N/A | 7.2 HIGH | ||
| IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code. | |||||
| CVE-2025-5551 | 2025-06-04 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. This affects an unknown part of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-53021 | 2025-06-04 | N/A | 8.2 HIGH | ||
| Information disclosure may occur while processing goodbye RTCP packet from network. | |||||
| CVE-2018-25112 | 2025-06-04 | N/A | 7.5 HIGH | ||
| An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device. | |||||
| CVE-2025-30167 | 2025-06-04 | N/A | 7.3 HIGH | ||
| Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%\jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user). | |||||
| CVE-2025-5549 | 2025-06-04 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component PASV Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-21463 | 2025-06-04 | N/A | 7.5 HIGH | ||
| Transient DOS while processing the EHT operation IE in the received beacon frame. | |||||
| CVE-2025-5548 | 2025-06-04 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4392 | 2025-06-04 | N/A | 7.2 HIGH | ||
| The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitize_file() function. This makes it possible for unauthenticated attackers to bypass the plugin’s MIME-only checks and inject arbitrary web scripts in pages that will execute whenever a user accesses the html file. | |||||
| CVE-2024-53020 | 2025-06-04 | N/A | 8.2 HIGH | ||
| Information disclosure may occur while decoding the RTP packet with invalid header extension from network. | |||||
| CVE-2025-5547 | 2025-06-04 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown processing of the component CDUP Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5601 | 2025-06-04 | N/A | 7.8 HIGH | ||
| Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2024-13967 | 2025-06-04 | N/A | 8.8 HIGH | ||
| This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web Server of EIBPORT. This issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9.8. | |||||