Total
295158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-30167 | 2025-06-03 | N/A | 7.3 HIGH | ||
| Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is searched for configuration files (`SYSTEM_CONFIG_PATH` and `SYSTEM_JUPYTER_PATH`), which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected `%PROGRAMDATA%` are affected. Users should upgrade to Jupyter Core version 5.8.0 or later to receive a patch. Some other mitigations are available. As administrator, modify the permissions on the `%PROGRAMDATA%` directory so it is not writable by unauthorized users; or as administrator, create the `%PROGRAMDATA%\jupyter` directory with appropriately restrictive permissions; or as user or administrator, set the `%PROGRAMDATA%` environment variable to a directory with appropriately restrictive permissions (e.g. controlled by administrators _or_ the current user). | |||||
| CVE-2024-34256 | 1 Ofcms Project | 1 Ofcms | 2025-06-03 | N/A | 9.8 CRITICAL |
| OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function. | |||||
| CVE-2024-31952 | 2 Apple, Samsung | 2 Macos, Magician | 2025-06-03 | N/A | 6.7 MEDIUM |
| An issue was discovered in Samsung Magician 8.0.0 on macOS. Because symlinks are used during the installation process, an attacker can escalate privileges via arbitrary file permission writes. (The attacker must already have user privileges, and an administrator password must be entered during the program installation stage for privilege escalation.) | |||||
| CVE-2024-36071 | 2 Microsoft, Samsung | 2 Windows, Magician | 2025-06-03 | N/A | 6.3 MEDIUM |
| Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search Path. | |||||
| CVE-2024-31953 | 2 Apple, Samsung | 2 Macos, Magician | 2025-06-03 | N/A | 6.7 MEDIUM |
| An issue was discovered in Samsung Magician 8.0.0 on macOS. Because it is possible to tamper with the directory and executable files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (The attacker must already have user privileges, and an administrator password must be entered during the program installation stage for privilege escalation.) | |||||
| CVE-2024-53921 | 2 Microsoft, Samsung | 2 Windows, Magician | 2025-06-03 | N/A | 2.8 LOW |
| An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process. | |||||
| CVE-2025-5507 | 2025-06-03 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-4567 | 2025-06-03 | N/A | 4.8 MEDIUM | ||
| The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2025-45854 | 2025-06-03 | N/A | 9.8 CRITICAL | ||
| An arbitrary file upload vulnerability in the component /server/executeExec of JEHC-BPM v2.0.1 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2025-45542 | 2025-06-03 | N/A | 7.3 HIGH | ||
| SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries. | |||||
| CVE-2025-44148 | 2025-06-03 | N/A | 9.8 CRITICAL | ||
| Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component | |||||
| CVE-2025-3662 | 2025-06-03 | N/A | 6.1 MEDIUM | ||
| The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escalated it to an Unauthenticated Stored XSS | |||||
| CVE-2025-3584 | 2025-06-03 | N/A | 4.8 MEDIUM | ||
| The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-31712 | 2025-06-03 | N/A | 5.1 MEDIUM | ||
| In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. | |||||
| CVE-2025-31711 | 2025-06-03 | N/A | 5.1 MEDIUM | ||
| In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed. | |||||
| CVE-2025-31710 | 2025-06-03 | N/A | 5.9 MEDIUM | ||
| In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. | |||||
| CVE-2025-25022 | 2025-06-03 | N/A | 9.6 CRITICAL | ||
| IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files. | |||||
| CVE-2025-25021 | 2025-06-03 | N/A | 7.2 HIGH | ||
| IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code. | |||||
| CVE-2025-25020 | 2025-06-03 | N/A | 6.5 MEDIUM | ||
| IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input. | |||||
| CVE-2025-25019 | 2025-06-03 | N/A | 4.8 MEDIUM | ||
| IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system. | |||||