Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1331 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2025-06-05 | N/A | 7.8 HIGH |
| IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function. | |||||
| CVE-2025-3597 | 1 Firelightwp | 1 Firelight Lightbox | 2025-06-05 | N/A | N/A |
| The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free version too, making it theoretically exploitable there as well. | |||||
| CVE-2024-7762 | 1 Presstigers | 1 Simple Job Board | 2025-06-05 | N/A | N/A |
| The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes | |||||
| CVE-2023-48951 | 1 Openlinksw | 1 Virtuoso | 2025-06-05 | N/A | 7.5 HIGH |
| An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | |||||
| CVE-2022-42541 | 1 Google | 1 Android | 2025-06-05 | N/A | 9.8 CRITICAL |
| Remote code execution | |||||
| CVE-2025-48999 | 1 Dataease | 1 Dataease | 2025-06-05 | N/A | 8.8 HIGH |
| DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, `getUrlType()` retrieves `hostName`. Since the judgment statement returns false, it will not enter the if statement and will not be filtered. The payload can be directly concatenated at the replace location to construct a malicious JDBC statement. Version 2.10.10 contains a patch for the issue. | |||||
| CVE-2025-49001 | 1 Dataease | 1 Dataease | 2025-06-05 | N/A | 9.8 CRITICAL |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available. | |||||
| CVE-2023-6837 | 1 Wso2 | 5 Api Manager, Carbon Identity Application Authentication Endpoint, Carbon Identity Application Authentication Framework and 2 more | 2025-06-05 | N/A | 8.2 HIGH |
| Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provisioning enabled with the "Prompt for username, password and consent" option. * A service provider that uses the above IDP for federated authentication and has the "Assert identity using mapped local subject identifier" flag enabled. Attacker should have: * A fresh valid user account in the federated IDP that has not been used earlier. * Knowledge of the username of a valid user in the local IDP. When all preconditions are met, a malicious actor could use JIT provisioning flow to perform user impersonation. | |||||
| CVE-2024-25941 | 1 Freebsd | 1 Freebsd | 2025-06-04 | N/A | N/A |
| The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail. Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by "pstat -t" may be leaked. | |||||
| CVE-2024-22899 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2025-06-04 | N/A | 8.8 HIGH |
| Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function. | |||||
| CVE-2025-25227 | 1 Joomla | 1 Joomla\! | 2025-06-04 | N/A | N/A |
| Insufficient state checks lead to a vector that allows to bypass 2FA checks. | |||||
| CVE-2024-13613 | 1 Kainex | 1 Wise Chat | 2025-06-04 | N/A | 7.5 HIGH |
| The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments included in chat messages. The vulnerability was partially patched in version 3.3.3. | |||||
| CVE-2025-33103 | 1 Ibm | 1 I | 2025-06-04 | N/A | 8.8 HIGH |
| IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. | |||||
| CVE-2024-4665 | 1 Metagauss | 1 Eventprime | 2025-06-04 | N/A | N/A |
| The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce. | |||||
| CVE-2024-8700 | 1 Total-soft | 1 Event Calendar | 2025-06-04 | N/A | N/A |
| The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars. | |||||
| CVE-2025-1138 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2025-06-04 | N/A | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing. | |||||
| CVE-2025-47697 | 1 Uchida | 2 Wivia 5, Wivia 5 Firmware | 2025-06-04 | N/A | 7.5 HIGH |
| Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user. | |||||
| CVE-2024-10075 | 1 Automattic | 1 Jetpack | 2025-06-04 | N/A | N/A |
| The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block. | |||||
| CVE-2024-13241 | 1 Getopensocial | 1 Open Social | 2025-06-04 | N/A | N/A |
| Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5. | |||||
| CVE-2024-13240 | 1 Getopensocial | 1 Open Social | 2025-06-04 | N/A | N/A |
| Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05. | |||||