Development

CVE ID : CVE-2025-6365

Published : June 20, 2025, 9:15 p.m. | 1 hour, 15 minutes ago

Description : A vulnerability was found in HobbesOSR Kitten up to c4f8b7c3158983d1020af432be1b417b28686736 and classified as critical. Affected by this issue is the function set_pte_at in the library /include/arch-arm64/pgtable.h. The manipulation leads to resource consumption. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Severity: 5.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6369

Published : June 20, 2025, 10:15 p.m. | 29 minutes ago

Description : A vulnerability classified as critical has been found in D-Link DIR-619L 2.06B01. Affected is the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime/config.save_network_enabled leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6370

Published : June 20, 2025, 10:15 p.m. | 29 minutes ago

Description : A vulnerability classified as critical was found in D-Link DIR-619L 2.06B01. Affected by this vulnerability is the function formWlanGuestSetup of the file /goform/formWlanGuestSetup. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6368

Published : June 20, 2025, 10:15 p.m. | 15 minutes ago

Description : A vulnerability was found in D-Link DIR-619L 2.06B01. It has been rated as critical. This issue affects the function formSetEmail of the file /goform/formSetEmail. The manipulation of the argument curTime/config.smtp_email_subject leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3319

Published : June 20, 2025, 3:15 p.m. | 2 hours, 59 minutes ago

Description : IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52784

Published : June 20, 2025, 3:15 p.m. | 2 hours, 9 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in hideoguchi Bluff Post allows Stored XSS. This issue affects Bluff Post: from n/a through 1.1.1.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52781

Published : June 20, 2025, 3:15 p.m. | 2 hours, 9 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in Beee TinyNav allows Stored XSS. This issue affects TinyNav: from n/a through 1.4.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52782

Published : June 20, 2025, 3:15 p.m. | 2 hours, 9 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in King Rayhan Scroll UP allows Reflected XSS. This issue affects Scroll UP: from n/a through 2.0.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52783

Published : June 20, 2025, 3:15 p.m. | 2 hours, 9 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in themelocation Change Cart button Colors WooCommerce allows Stored XSS. This issue affects Change Cart button Colors WooCommerce: from n/a through 1.0.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52789

Published : June 20, 2025, 3:15 p.m. | 2 hours, 9 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in George Lewe Lewe ChordPress allows Stored XSS. This issue affects Lewe ChordPress: from n/a through 3.9.7.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52792

Published : June 20, 2025, 3:15 p.m. | 2 hours, 9 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in vgstef WP User Stylesheet Switcher allows Stored XSS. This issue affects WP User Stylesheet Switcher: from n/a through v2.2.0.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52794

Published : June 20, 2025, 3:15 p.m. | 2 hours, 9 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in Creative-Solutions Creative Contact Form allows Stored XSS. This issue affects Creative Contact Form: from n/a through 1.0.0.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52795

Published : June 20, 2025, 3:15 p.m. | 2 hours, 9 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in aharonyan WP Front User Submit / Front Editor allows Cross Site Request Forgery. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.4.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52802

Published : June 20, 2025, 3:15 p.m. | 2 hours, 9 minutes ago

Description : Missing Authorization vulnerability in enguerranws Import YouTube videos as WP Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Import YouTube videos as WP Posts: from n/a through 2.1.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52793

Published : June 20, 2025, 3:15 p.m. | 2 hours, 9 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in Esselink.nu Esselink.nu Settings allows Reflected XSS. This issue affects Esselink.nu Settings: from n/a through 2.94.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52790

Published : June 20, 2025, 3:15 p.m. | 2 hours, 9 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in r-win WP-DownloadCounter allows Stored XSS. This issue affects WP-DownloadCounter: from n/a through 1.01.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52791

Published : June 20, 2025, 3:15 p.m. | 2 hours, 9 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in devfelixmoira Knowledge Base – Knowledge Base Maker allows Stored XSS. This issue affects Knowledge Base – Knowledge Base Maker: from n/a through 1.1.8.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52822

Published : June 20, 2025, 3:15 p.m. | 2 hours, 59 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Iqonic Design WP Roadmap allows SQL Injection. This issue affects WP Roadmap: from n/a through 2.1.3.

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52825

Published : June 20, 2025, 3:15 p.m. | 2 hours, 59 minutes ago

Description : Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager allows Privilege Escalation. This issue affects Real Estate Manager: from n/a through 7.3.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52821

Published : June 20, 2025, 3:15 p.m. | 2 hours, 59 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in thanhtungtnt Video List Manager allows SQL Injection. This issue affects Video List Manager: from n/a through 1.7.

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…