Total
32075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51073 | 1 Buffalo | 2 Ls210d, Ls210d Firmware | 2025-06-06 | N/A | 8.1 HIGH |
| An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh. | |||||
| CVE-2023-7231 | 1 Evanliewer | 1 Illi Link Party\! | 2025-06-06 | N/A | 7.3 HIGH |
| The illi Link Party! WordPress plugin through 1.0 lacks proper access controls, allowing unauthenticated visitors to delete links. | |||||
| CVE-2023-48909 | 1 Aarboard | 1 Jave2 | 2025-06-06 | N/A | 8.8 HIGH |
| An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function. | |||||
| CVE-2024-6477 | 1 Ayecode | 1 Userswp | 2025-06-06 | N/A | 7.5 HIGH |
| The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address | |||||
| CVE-2025-31171 | 1 Huawei | 1 Harmonyos | 2025-06-06 | N/A | 6.8 MEDIUM |
| File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-4664 | 1 Google | 1 Chrome | 2025-06-06 | N/A | 4.3 MEDIUM |
| Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-1226 | 1 Yimihome | 1 Ywoa | 2025-06-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in ywoa up to 2024.07.03. It has been declared as critical. This vulnerability affects unknown code of the file /oa/setup/setup.jsp. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2024.07.04 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-3587 | 1 Zerowdd | 1 Studentmanager | 2025-06-05 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in ZeroWdd/code-projects studentmanager 1.0. This vulnerability affects unknown code of the file /getTeacherList. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-34699 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-06-05 | N/A | 7.8 HIGH |
| Windows Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2022-34692 | 1 Microsoft | 1 Exchange Server | 2025-06-05 | N/A | 5.3 MEDIUM |
| Microsoft Exchange Server Information Disclosure Vulnerability | |||||
| CVE-2022-34691 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-05 | N/A | 8.8 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2022-33646 | 1 Microsoft | 1 Azure Batch | 2025-06-05 | N/A | 7.0 HIGH |
| Azure Batch Node Agent Elevation of Privilege Vulnerability | |||||
| CVE-2022-33640 | 1 Microsoft | 2 Open Management Infrastructure, System Center Operations Manager | 2025-06-05 | N/A | 7.8 HIGH |
| System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | |||||
| CVE-2022-33631 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-06-05 | N/A | 7.3 HIGH |
| Microsoft Excel Security Feature Bypass Vulnerability | |||||
| CVE-2022-20389 | 1 Google | 1 Android | 2025-06-05 | N/A | 9.8 CRITICAL |
| Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004 | |||||
| CVE-2022-20388 | 1 Google | 1 Android | 2025-06-05 | N/A | 9.8 CRITICAL |
| Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323 | |||||
| CVE-2024-22365 | 1 Linux-pam | 1 Linux-pam | 2025-06-05 | N/A | 5.5 MEDIUM |
| linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. | |||||
| CVE-2024-22021 | 1 Veeam | 3 Availability Orchestrator, Disaster Recovery Orchestrator, Recovery Orchestrator | 2025-06-05 | N/A | 4.3 MEDIUM |
| Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. | |||||
| CVE-2024-11083 | 1 Properfraction | 1 Profilepress | 2025-06-05 | N/A | 5.3 MEDIUM |
| The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | |||||
| CVE-2024-12329 | 1 G5plus | 1 Essential Real Estate | 2025-06-05 | N/A | 4.3 MEDIUM |
| The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs | |||||