Total
32075 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-33472 | 1 Scada-lts | 1 Scada-lts | 2025-06-11 | N/A | 8.8 HIGH |
An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function. | |||||
CVE-2023-21901 | 1 Oracle | 1 Financial Services Analytical Applications Infrastructure | 2025-06-11 | N/A | 7.4 HIGH |
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L). | |||||
CVE-2024-0748 | 1 Mozilla | 1 Firefox | 2025-06-11 | N/A | 4.3 MEDIUM |
A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122. | |||||
CVE-2024-8009 | 1 Automattic | 1 Sensei Lms | 2025-06-11 | N/A | 7.5 HIGH |
The Sensei LMS WordPress plugin before 4.20.0 disclose all users of the blog including their email address to teachers on the students page | |||||
CVE-2024-34509 | 2 Debian, Offis | 2 Debian Linux, Dcmtk | 2025-06-11 | N/A | 5.3 MEDIUM |
dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. | |||||
CVE-2021-43905 | 1 Microsoft | 1 365 Copilot | 2025-06-11 | 6.8 MEDIUM | 9.6 CRITICAL |
Microsoft Office app Remote Code Execution Vulnerability | |||||
CVE-2023-43591 | 1 Zoom | 1 Rooms | 2025-06-11 | N/A | 7.8 HIGH |
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | |||||
CVE-2024-9529 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2025-06-11 | N/A | 6.6 MEDIUM |
The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege users such as admin to run arbitrary PHP functions. | |||||
CVE-2024-27447 | 1 Pretix | 1 Pretix | 2025-06-11 | N/A | 9.8 CRITICAL |
pretix before 2024.1.1 mishandles file validation. | |||||
CVE-2022-43855 | 1 Ibm | 1 Spss Statistics | 2025-06-10 | N/A | 6.2 MEDIUM |
IBM SPSS Statistics 26.0, 27.0.1, and 28.0 IO Module could allow a local user to create multiple files that could exhaust the file handles capacity and cause a denial of service. | |||||
CVE-2023-30305 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-10 | N/A | 7.5 HIGH |
An issue discovered in Linksys E5600 routers allows attackers to hijack TCP sessions which could lead to a denial of service. | |||||
CVE-2024-26529 | 1 Mz-automation | 1 Libiec61850 | 2025-06-10 | N/A | 7.5 HIGH |
An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c. | |||||
CVE-2019-13939 | 1 Siemens | 46 Apogee Modular Building Controller, Apogee Modular Building Controller Firmware, Apogee Modular Equiment Controller and 43 more | 2025-06-10 | 4.8 MEDIUM | 7.1 HIGH |
A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Desigo PXC00-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC100-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC12-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC36.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC50-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3 < V6.0.327), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. | |||||
CVE-2025-5649 | 1 Razormist | 1 Student Result Management System | 2025-06-10 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability classified as critical has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /admin/core/new_user of the component Register Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2023-5553 | 1 Axis | 2 Axis Os, Axis Os 2022 | 2025-06-10 | N/A | 7.6 HIGH |
During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
CVE-2020-7533 | 1 Schneider-electric | 32 140cpu65260, 140cpu65260 Firmware, 140noc77101 and 29 more | 2025-06-10 | 7.5 HIGH | 9.8 CRITICAL |
CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests. | |||||
CVE-2024-1526 | 1 Devpups | 1 Social Pug | 2025-06-10 | N/A | 5.3 MEDIUM |
The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that user have access to password protected post before displaying its content in a meta tag. | |||||
CVE-2023-42876 | 1 Apple | 1 Macos | 2025-06-09 | N/A | 7.1 HIGH |
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to a denial-of-service or potentially disclose memory contents. | |||||
CVE-2025-31201 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-09 | N/A | 7.5 HIGH |
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS. | |||||
CVE-2025-4094 | 1 Unitedover | 1 Digits | 2025-06-09 | N/A | 9.8 CRITICAL |
The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them. |