Vulnerabilities (CVE)

Total 296670 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-46923 1 Adobe 1 Experience Manager 2025-06-12 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46922 1 Adobe 1 Experience Manager 2025-06-12 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46920 1 Adobe 1 Experience Manager 2025-06-12 N/A 4.6 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46919 1 Adobe 1 Experience Manager 2025-06-12 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-3004 1 Forestblog Project 1 Forestblog 2025-06-12 4.0 MEDIUM 3.5 LOW
A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-31116 1 Opensecurity 1 Mobile Security Framework 2025-06-12 N/A 4.4 MEDIUM
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. This vulnerability is fixed in 4.3.2.
CVE-2025-29405 1 Emlog 1 Emlog 2025-06-12 N/A 6.3 MEDIUM
An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5.* allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-51322 1 Zucchetti 1 Ad Hoc Infinity 2025-06-12 N/A 5.4 MEDIUM
Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmd_container.jsp components
CVE-2025-4256 1 Seacms 1 Seacms 2025-06-12 4.0 MEDIUM 3.5 LOW
A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5875 2025-06-12 9.0 HIGH 8.8 HIGH
A vulnerability classified as critical has been found in TP-LINK Technologies TL-IPC544EP-W4 1.0.9 Build 240428 Rel 69493n. Affected is the function sub_69064 of the file /bin/main. The manipulation of the argument text leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-49579 2025-06-12 N/A 6.5 MEDIUM
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.
CVE-2025-49578 2025-06-12 N/A 6.5 MEDIUM
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by `Language::userDate` are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.
CVE-2025-49577 2025-06-12 N/A 6.5 MEDIUM
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1.
CVE-2025-49576 2025-06-12 N/A 6.5 MEDIUM
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1.
CVE-2025-49575 2025-06-12 N/A 6.5 MEDIUM
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.
CVE-2025-49081 2025-06-12 N/A N/A
There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data to the warehouse over the network. The attack complexity is low, there are no attack requirements, privileges required are high, and there is no user interaction required. There is no impact on confidentiality or integrity; the impact on availability is high.
CVE-2025-43866 2025-06-12 N/A N/A
vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is fixed in 4.11.0.
CVE-2025-43863 2025-06-12 N/A N/A
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct. This vulnerability is fixed in 4.11.
CVE-2025-45240 1 Qianfox 1 Foxcms 2025-06-12 N/A 6.5 MEDIUM
foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php.
CVE-2025-45238 1 Qianfox 1 Foxcms 2025-06-12 N/A 9.1 CRITICAL
foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method.