CVE ID : CVE-2025-46035
Published : June 12, 2025, 4:15 p.m. | 1 hour, 50 minutes ago
Description : Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49467
Published : June 12, 2025, 4:15 p.m. | 1 hour, 50 minutes ago
Description : A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. The extension is vulnerable to SQL injection via publicly accessible actions to list events by date ranges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2023-45256
Published : June 12, 2025, 5:15 p.m. | 50 minutes ago
Description : Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transaction.php, validation.php, or callback.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-55567
Published : June 12, 2025, 5:15 p.m. | 50 minutes ago
Description : Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5982
Published : June 12, 2025, 5:15 p.m. | 50 minutes ago
Description : An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49080
Published : June 12, 2025, 5:15 p.m. | 50 minutes ago
Description : There is a memory management vulnerability in Absolute
Secure Access server versions 9.0 to 13.54. Attackers with network access to
the server can cause a Denial of Service by sending a specially crafted
sequence of packets to the server. The attack complexity is low, there are no
attack requirements, privileges, or user interaction required. Loss of
availability is high; there is no impact on confidentiality or integrity.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-9512
Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago
Description : An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49181
Published : June 12, 2025, 2:15 p.m. | 3 hours, 45 minutes ago
Description : Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET
requests to gather sensitive information. An attacker could also send HTTP POST requests to modify
the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service
attack.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49182
Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago
Description : Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49183
Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago
Description : All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49184
Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago
Description : A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49185
Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago
Description : The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49187
Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago
Description : For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49188
Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago
Description : The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49191
Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago
Description : Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49186
Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago
Description : The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49189
Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago
Description : The HttpOnlyflag of the session cookie “@@” is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49190
Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago
Description : The application is vulnerable to Server-Side Request Forgery (SSRF). An endpoint can be used to send server internal requests to other ports.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-56158
Published : June 12, 2025, 3:15 p.m. | 45 minutes ago
Description : XWiki is a generic wiki platform. It’s possible to execute any SQL query in Oracle by using the function like DBMS_XMLGEN or DBMS_XMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. This vulnerability is fixed in 16.10.2, 16.4.7, and 15.10.16.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49192
Published : June 12, 2025, 3:15 p.m. | 45 minutes ago
Description : The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives. This could potentially reveal confidential information or allow others to take control of their computer while clicking on seemingly innocuous objects.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…