CVE ID : CVE-2025-49789
Published : June 11, 2025, 3:15 a.m. | 2 hours, 36 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Common Vulnerabilities and Exposures (CVEs)
CVE ID : CVE-2025-49790
Published : June 11, 2025, 3:15 a.m. | 2 hours, 36 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49792
Published : June 11, 2025, 3:15 a.m. | 2 hours, 36 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4666
Published : June 11, 2025, 4:15 a.m. | 1 hour, 36 minutes ago
Description : The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nickname’ parameter in all versions up to, and including, 7.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4798
Published : June 11, 2025, 4:15 a.m. | 1 hour, 36 minutes ago
Description : The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on the directory an administrator can select for storing downloads. This makes it possible for authenticated attackers, with Administrator-level access and above, to download and read any file on the server, including system and configuration files.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4799
Published : June 11, 2025, 4:15 a.m. | 1 hour, 36 minutes ago
Description : The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability can be paired with CVE-2025-4798 to delete any file within the WordPress root directory.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-33053
Published : June 10, 2025, 5:22 p.m. | 6 hours, 37 minutes ago
Description : External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-33064
Published : June 10, 2025, 5:22 p.m. | 6 hours, 37 minutes ago
Description : Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46837
Published : June 10, 2025, 11:15 p.m. | 44 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46840
Published : June 10, 2025, 11:15 p.m. | 44 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47092
Published : June 10, 2025, 11:15 p.m. | 2 hours, 34 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47093
Published : June 10, 2025, 11:15 p.m. | 2 hours, 34 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47094
Published : June 10, 2025, 11:15 p.m. | 2 hours, 34 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47095
Published : June 10, 2025, 11:15 p.m. | 2 hours, 34 minutes ago
Description : Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47096
Published : June 10, 2025, 11:15 p.m. | 2 hours, 34 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Low privileges are required.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47102
Published : June 10, 2025, 11:15 p.m. | 2 hours, 34 minutes ago
Description : Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47113
Published : June 10, 2025, 11:15 p.m. | 2 hours, 34 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47115
Published : June 10, 2025, 11:15 p.m. | 2 hours, 34 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47114
Published : June 10, 2025, 11:15 p.m. | 2 hours, 34 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47849
Published : June 10, 2025, 11:15 p.m. | 2 hours, 34 minutes ago
Description : A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts. A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack.
Users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following:
* Strict validation on Role Type hierarchy: the caller’s role must be equal to or higher than the target user’s role.
* API privilege comparison: the caller must possess all privileges of the user they are operating on.
* Two new domain-level settings (restricted to the default admin):
- role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: “Admin, DomainAdmin, ResourceAdmin”.
- allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…