CVE ID : CVE-2025-40726
Published : June 16, 2025, 9:15 a.m. | 1 hour, 4 minutes ago
Description : Reflected Cross-Site Scripting (XSS) vulnerability in /pages/search-results-page in Nosto, which allows remote attackers to execute arbitrary code via the q GET request parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40727
Published : June 16, 2025, 9:15 a.m. | 1 hour, 4 minutes ago
Description : A Reflected Cross Site Scripting (XSS) vulnerability was found in ‘/search’ in Phoenix Site CMS from Phoenix, which allows remote attackers to execute arbitrary code via ‘s’ GET parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40728
Published : June 16, 2025, 9:15 a.m. | 1 hour, 4 minutes ago
Description : SQL injection vulnerability in Customer Support System v1.0. This vulnerability allows an authenticated attacker to retrieve, create, update and delete databases via the id parameter in the /customer_support/manage_user.php endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40729
Published : June 16, 2025, 9:15 a.m. | 1 hour, 4 minutes ago
Description : Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers to execute arbitrary code via the page parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6114
Published : June 16, 2025, 9:15 a.m. | 1 hour, 4 minutes ago
Description : A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this vulnerability is the function form_portforwarding of the file /goform/form_portforwarding. The manipulation of the argument ingress_name_%d/sched_name_%d/name_%d leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6115
Published : June 16, 2025, 9:15 a.m. | 1 hour, 4 minutes ago
Description : A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this issue is the function form_macfilter. The manipulation of the argument mac_hostname_%d/sched_name_%d leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6172
Published : June 16, 2025, 9:15 a.m. | 1 hour, 4 minutes ago
Description : Permission vulnerability in the mobile application (com.afmobi.boomplayer) may lead to the risk of unauthorized operation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6100
Published : June 16, 2025, 2:15 a.m. | 4 hours, 3 minutes ago
Description : A vulnerability was found in realguoshuai open-video-cms 1.0. It has been rated as critical. This issue affects some unknown processing of the file /v1/video/list. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6101
Published : June 16, 2025, 3:15 a.m. | 3 hours, 3 minutes ago
Description : A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument function_name/function_args leads to improper neutralization of directives in dynamically evaluated code. The exploit has been disclosed to the public and may be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6103
Published : June 16, 2025, 3:15 a.m. | 1 hour, 14 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Wifi-soft UniBox Controller up to 20250506. Affected by this issue is some unknown functionality of the file /billing/test_accesscodelogin.php. The manipulation of the argument Password leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6102
Published : June 16, 2025, 3:15 a.m. | 1 hour, 14 minutes ago
Description : A vulnerability classified as critical was found in Wifi-soft UniBox Controller up to 20250506. Affected by this vulnerability is an unknown functionality of the file /authentication/logout.php. The manipulation of the argument mac_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6104
Published : June 16, 2025, 4:15 a.m. | 2 hours, 3 minutes ago
Description : A vulnerability, which was classified as critical, was found in Wifi-soft UniBox Controller up to 20250506. This affects an unknown part of the file /billing/pms_check.php. The manipulation of the argument ipaddress leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6106
Published : June 16, 2025, 5:15 a.m. | 1 hour, 3 minutes ago
Description : A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6105
Published : June 16, 2025, 5:15 a.m. | 1 hour, 3 minutes ago
Description : A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6107
Published : June 16, 2025, 5:15 a.m. | 1 hour, 3 minutes ago
Description : A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function set_attr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6099
Published : June 16, 2025, 1:15 a.m. | 1 hour, 4 minutes ago
Description : A vulnerability was found in szluyu99 gin-vue-blog up to 61dd11ccd296e8642a318ada3ef7b3f7776d2410. It has been declared as critical. This vulnerability affects unknown code of the file gin-blog-server/internal/manager.go of the component PATCH Request Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1411
Published : June 15, 2025, 1:15 p.m. | 12 hours, 6 minutes ago
Description : IBM Security Verify Directory Container 10.0.0.0 through 10.0.3.1 could allow a local user to execute commands as root due to execution with unnecessary privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-36041
Published : June 15, 2025, 1:15 p.m. | 12 hours, 6 minutes ago
Description : IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-6089
Published : June 15, 2025, 1:15 p.m. | 12 hours, 6 minutes ago
Description : A vulnerability has been found in Astun Technology iShare Maps 5.4.0 and classified as problematic. This vulnerability affects unknown code of the file atCheckJS.aspx. The manipulation of the argument ref leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-21085
Published : June 15, 2025, 3:15 p.m. | 10 hours, 7 minutes ago
Description : PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…