Total
90929 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27954 | 1 Philips | 1 Clinical Collaboration Platform | 2025-06-13 | N/A | 6.5 MEDIUM |
| An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx. | |||||
| CVE-2025-27953 | 1 Philips | 1 Clinical Collaboration Platform | 2025-06-13 | N/A | 6.5 MEDIUM |
| An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component. | |||||
| CVE-2025-23104 | 1 Samsung | 2 Exynos 2200, Exynos 2200 Firmware | 2025-06-13 | N/A | 6.5 MEDIUM |
| An issue was discovered in Samsung Mobile Processor Exynos 2200. A Use-After-Free in the mobile processor leads to privilege escalation. | |||||
| CVE-2025-46981 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-46979 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-46978 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-46977 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-46976 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-44115 | 1 Cotonti | 1 Cotonti Siena | 2025-06-13 | N/A | 5.4 MEDIUM |
| A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting. | |||||
| CVE-2025-48919 | 2025-06-13 | N/A | 5.0 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0. | |||||
| CVE-2025-48917 | 2025-06-13 | N/A | 5.0 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal EU Cookie Compliance (GDPR Compliance) allows Cross-Site Scripting (XSS).This issue affects EU Cookie Compliance (GDPR Compliance): from 0.0.0 before 1.26.0. | |||||
| CVE-2024-33900 | 1 Keepassxc | 1 Keepassxc | 2025-06-13 | N/A | 6.5 MEDIUM |
| KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs. | |||||
| CVE-2025-6035 | 2025-06-13 | N/A | 6.6 MEDIUM | ||
| A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios. | |||||
| CVE-2025-46096 | 2025-06-13 | N/A | 6.1 MEDIUM | ||
| Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component | |||||
| CVE-2025-44091 | 2025-06-13 | N/A | 5.4 MEDIUM | ||
| yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function. | |||||
| CVE-2024-21733 | 1 Apache | 1 Tomcat | 2025-06-13 | N/A | 5.3 MEDIUM |
| Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. | |||||
| CVE-2024-33901 | 1 Keepassxc | 1 Keepassxc | 2025-06-13 | N/A | 6.5 MEDIUM |
| Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs. | |||||
| CVE-2024-50849 | 1 Rws | 1 Worldserver | 2025-06-13 | N/A | 4.8 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code. | |||||
| CVE-2024-57529 | 1 Jeppesen | 1 Jetplanner | 2025-06-13 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code. | |||||
| CVE-2025-28099 | 1 Fumiao | 1 Opencms | 2025-06-13 | N/A | 4.3 MEDIUM |
| opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp, | |||||