Total
9480 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-41230 | 2025-06-24 | 7.5 High | ||
| VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to sensitive information. | ||||
| CVE-2025-3415 | 2025-06-24 | 7.5 High | ||
| A flaw exists in Grafana Alerting, where the DingDing contact-point integration URL can be revealed in plain text to users with viewer-level permissions due to misconfigured access control. This disclosure permits unauthorized users to view sensitive webhook URLs, including API tokens or keys, without needing elevated privileges. | ||||
| CVE-2025-25037 | 2025-06-23 | N/A | ||
| An information disclosure vulnerability exists in Aquatronica Controller System firmware versions <= 5.1.6 and web interface versions <= 2.0. The tcp.php endpoint fails to restrict unauthenticated access, allowing remote attackers to issue crafted POST requests and retrieve sensitive configuration data, including plaintext administrative credentials. Exploitation of this flaw can lead to full compromise of the system, enabling unauthorized manipulation of connected devices and aquarium parameters. | ||||
| CVE-2025-52467 | 2025-06-23 | 9.1 Critical | ||
| pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In particular, the GITHUB_TOKEN with write permissions for the repository, allowing an attacker to tamper with all aspects of the repository, including pushing arbitrary code and releases. This issue has been patched in commit 8eb3567. | ||||
| CVE-2025-23173 | 2025-06-23 | 7.5 High | ||
| The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces significant risk, as websockify has known weaknesses that can be exploited, potentially leading to remote code execution. Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. Workarounds or Mitigation: Restrict access to TCP port 6080 if uCPE console access is not necessary. Versa recommends that Director be upgraded to one of the remediated software versions. | ||||
| CVE-2025-27387 | 2025-06-23 | 7.4 High | ||
| OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure. | ||||
| CVE-2025-52488 | 2025-06-23 | 8.6 High | ||
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been patched in version 10.0.1. | ||||
| CVE-2024-24215 | 1 Cellinx | 1 Nvt Web Server | 2025-06-20 | 5.3 Medium |
| An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request. | ||||
| CVE-2024-23224 | 1 Apple | 1 Macos | 2025-06-20 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.3, macOS Ventura 13.6.4. An app may be able to access sensitive user data. | ||||
| CVE-2023-48132 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-48129 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43997 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in Yoruichi hobby base mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43996 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43995 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43992 | 1 Linecorp | 1 Line | 2025-06-20 | 5.4 Medium |
| An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2020-36771 | 1 Cloudlinux | 1 Cagefs | 2025-06-20 | 7.8 High |
| CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user. | ||||
| CVE-2024-38467 | 1 Guoxinled | 1 Synthesis Image System | 2025-06-20 | 7.5 High |
| Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API. | ||||
| CVE-2024-20920 | 1 Oracle | 1 Solaris | 2025-06-20 | 3.8 Low |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). | ||||
| CVE-2023-52101 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-20 | 9.1 Critical |
| Component exposure vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service availability and integrity. | ||||
| CVE-2023-42934 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-20 | 4.2 Medium |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information. | ||||