Total
79878 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5912 | 1 Dlink | 2 Dir-632, Dir-632 Firmware | 2025-06-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-632 FW103B08. It has been declared as critical. This vulnerability affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-5913 | 1 Anujk305 | 1 Vehicle Record Management System | 2025-06-16 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-48445 | 1 Commerce Eurobank \(redirect\) Project | 1 Commerce Eurobank \(redirect\) | 2025-06-16 | N/A | 8.8 HIGH |
| Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1. | |||||
| CVE-2025-48446 | 1 Commerce Alphabank Redirect Project | 1 Commerce Alphabank Redirect | 2025-06-16 | N/A | 8.8 HIGH |
| Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3. | |||||
| CVE-2025-5357 | 1 Freefloat | 1 Freefloat Ftp Server | 2025-06-16 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component PWD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6129 | 2025-06-16 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability classified as critical was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6128 | 2025-06-16 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This affects an unknown part of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-49795 | 2025-06-16 | N/A | 7.5 HIGH | ||
| A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. | |||||
| CVE-2025-3834 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.1 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report. | |||||
| CVE-2025-3836 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report. | |||||
| CVE-2025-41403 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data. | |||||
| CVE-2025-36527 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports. | |||||
| CVE-2025-41407 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report. | |||||
| CVE-2025-27709 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports. | |||||
| CVE-2025-36528 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports. | |||||
| CVE-2025-41444 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2025-06-16 | N/A | 8.3 HIGH |
| Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module. | |||||
| CVE-2025-5979 | 1 Fabian | 1 School Fees Payment System | 2025-06-16 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /branch.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5980 | 1 Carmelogarcia | 1 Restaurant Order System | 2025-06-16 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in code-projects Restaurant Order System 1.0. This vulnerability affects unknown code of the file /order.php. The manipulation of the argument tabidNoti leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5958 | 1 Google | 1 Chrome | 2025-06-16 | N/A | 8.8 HIGH |
| Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-5959 | 1 Google | 1 Chrome | 2025-06-16 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||