Total
29579 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8929 | 1 Google | 1 Tink Java | 2025-06-05 | 5.3 Medium |
| A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext. | ||||
| CVE-2023-44289 | 1 Dell | 1 Command\|configure | 2025-06-05 | 7.3 High |
| Dell Command | Configure versions prior to 4.11.0, contain an improper access control vulnerability. A local malicious standard user could potentially exploit this vulnerability while repairing/changing installation, leading to privilege escalation. | ||||
| CVE-2025-49002 | 1 Dataease | 1 Dataease | 2025-06-05 | 9.8 Critical |
| DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in v2.10.10. No known workarounds are available. | ||||
| CVE-2024-35252 | 1 Microsoft | 1 Azure Storage Data Movement Library | 2025-06-05 | 7.5 High |
| Azure Storage Movement Client Library Denial of Service Vulnerability | ||||
| CVE-2024-30103 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2025-06-05 | 8.8 High |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2024-29060 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-06-05 | 6.7 Medium |
| Visual Studio Elevation of Privilege Vulnerability | ||||
| CVE-2025-3431 | 1 Digitalzoomstudio | 1 Zoomsounds | 2025-06-04 | 7.5 High |
| The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91 via the 'dzsap_download' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2020-14525 | 1 Philips | 1 Clinical Collaboration Platform | 2025-06-04 | 3.5 Low |
| Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users. | ||||
| CVE-2024-27187 | 1 Joomla | 1 Joomla\! | 2025-06-04 | 7.5 High |
| Improper Access Controls allows backend users to overwrite their username when disallowed. | ||||
| CVE-2024-40749 | 1 Joomla | 1 Joomla\! | 2025-06-04 | 7.5 High |
| Improper Access Controls allows access to protected views. | ||||
| CVE-2025-3940 | 4 Blackberry, Linux, Microsoft and 1 more | 5 Qnx, Linux Kernel, Windows and 2 more | 2025-06-04 | 5.3 Medium |
| Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | ||||
| CVE-2025-3943 | 4 Blackberry, Linux, Microsoft and 1 more | 5 Qnx, Linux Kernel, Windows and 2 more | 2025-06-04 | 4.1 Medium |
| Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | ||||
| CVE-2025-30392 | 1 Microsoft | 1 Azure Ai Bot Service | 2025-06-04 | 9.8 Critical |
| Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-30390 | 1 Microsoft | 1 Azure Machine Learning | 2025-06-04 | 9.9 Critical |
| Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2024-13242 | 1 Swift Mailer Project | 1 Swift Mailer | 2025-06-04 | 9.1 Critical |
| Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*. | ||||
| CVE-2024-13239 | 1 Two-factor Authentication Project | 1 Two-factor Authentication | 2025-06-04 | 9.8 Critical |
| Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0. | ||||
| CVE-2024-13255 | 1 Restful Web Services Project | 1 Restful Web Services | 2025-06-04 | 7.5 High |
| Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10. | ||||
| CVE-2024-23681 | 1 Ls1intum | 1 Artemis Java Test Sandbox | 2025-06-04 | 8.2 High |
| Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. | ||||
| CVE-2011-2016 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-06-04 | 7.3 High |
| Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability." | ||||
| CVE-2024-13254 | 1 Rest Views Project | 1 Rest Views | 2025-06-04 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1. | ||||