Total
296670 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-46923 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-46922 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-46920 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 4.6 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-46919 | 1 Adobe | 1 Experience Manager | 2025-06-12 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
CVE-2025-3004 | 1 Forestblog Project | 1 Forestblog | 2025-06-12 | 4.0 MEDIUM | 3.5 LOW |
A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-31116 | 1 Opensecurity | 1 Mobile Security Framework | 2025-06-12 | N/A | 4.4 MEDIUM |
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. This vulnerability is fixed in 4.3.2. | |||||
CVE-2025-29405 | 1 Emlog | 1 Emlog | 2025-06-12 | N/A | 6.3 MEDIUM |
An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5.* allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
CVE-2024-51322 | 1 Zucchetti | 1 Ad Hoc Infinity | 2025-06-12 | N/A | 5.4 MEDIUM |
Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmd_container.jsp components | |||||
CVE-2025-4256 | 1 Seacms | 1 Seacms | 2025-06-12 | 4.0 MEDIUM | 3.5 LOW |
A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-5875 | 2025-06-12 | 9.0 HIGH | 8.8 HIGH | ||
A vulnerability classified as critical has been found in TP-LINK Technologies TL-IPC544EP-W4 1.0.9 Build 240428 Rel 69493n. Affected is the function sub_69064 of the file /bin/main. The manipulation of the argument text leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2025-49579 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1. | |||||
CVE-2025-49578 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by `Language::userDate` are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1. | |||||
CVE-2025-49577 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1. | |||||
CVE-2025-49576 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1. | |||||
CVE-2025-49575 | 2025-06-12 | N/A | 6.5 MEDIUM | ||
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1. | |||||
CVE-2025-49081 | 2025-06-12 | N/A | N/A | ||
There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data to the warehouse over the network. The attack complexity is low, there are no attack requirements, privileges required are high, and there is no user interaction required. There is no impact on confidentiality or integrity; the impact on availability is high. | |||||
CVE-2025-43866 | 2025-06-12 | N/A | N/A | ||
vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is fixed in 4.11.0. | |||||
CVE-2025-43863 | 2025-06-12 | N/A | N/A | ||
vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality: they can call that route infinitely which will return the message that password is wrong until it is correct. This vulnerability is fixed in 4.11. | |||||
CVE-2025-45240 | 1 Qianfox | 1 Foxcms | 2025-06-12 | N/A | 6.5 MEDIUM |
foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php. | |||||
CVE-2025-45238 | 1 Qianfox | 1 Foxcms | 2025-06-12 | N/A | 9.1 CRITICAL |
foxcms v1.2.5 was discovered to contain an arbitrary file deletion vulnerability via the delRestoreSerie method. |