Common Vulnerabilities and Exposures (CVEs)

CVE-2025-5976 – PHPGurukul Rail Pass Management System Cross Site Scripting Vulnerability

CVE ID : CVE-2025-5976

Published : June 10, 2025, 8:15 p.m. | 1 hour, 33 minutes ago

Description : A vulnerability has been found in PHPGurukul Rail Pass Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/add-pass.php. The manipulation of the argument fullname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5979 – Code-projects School Fees Payment System SQL Injection Vulnerability

CVE ID : CVE-2025-5979

Published : June 10, 2025, 9:15 p.m. | 33 minutes ago

Description : A vulnerability classified as critical has been found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /branch.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5978 – Tenda FH1202 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5978

Published : June 10, 2025, 9:15 p.m. | 33 minutes ago

Description : A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-35940 – ArchiverSpaApi JWT Signing Key Hard-Coded Vulnerability

CVE ID : CVE-2025-35940

Published : June 10, 2025, 9:15 p.m. | 33 minutes ago

Description : The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5980 – Code-projects Restaurant Order System SQL Injection Vulnerability

CVE ID : CVE-2025-5980

Published : June 10, 2025, 9:15 p.m. | 33 minutes ago

Description : A vulnerability classified as critical was found in code-projects Restaurant Order System 1.0. This vulnerability affects unknown code of the file /order.php. The manipulation of the argument tabidNoti leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5335 – Autodesk Installer Privilege Escalation Vulnerability

CVE ID : CVE-2025-5335

Published : June 10, 2025, 3:15 p.m. | 1 hour, 35 minutes ago

Description : A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application. Exploitation of this vulnerability may lead to code execution.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-5353 – Ivanti Workspace Control SQL Credential Decryption Vulnerability

CVE ID : CVE-2025-5353

Published : June 10, 2025, 3:15 p.m. | 2 hours, 25 minutes ago

Description : A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-46612 – Airleader Master and Easy JSP File Upload Remote Command Execution

CVE ID : CVE-2025-46612

Published : June 10, 2025, 3:15 p.m. | 1 hour, 35 minutes ago

Description : The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak and easily guessable) and upload a JSP file via the Panel Designer dashboard.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-27206 – Adobe Commerce Improper Access Control Security Feature Bypass

CVE ID : CVE-2025-27206

Published : June 10, 2025, 4:15 p.m. | 34 minutes ago

Description : Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-27207 – Adobe Commerce Improper Access Control Vulnerability

CVE ID : CVE-2025-27207

Published : June 10, 2025, 4:15 p.m. | 34 minutes ago

Description : Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-30220 – GeoServer XML External Entity (XXE) Injection

CVE ID : CVE-2025-30220

Published : June 10, 2025, 4:15 p.m. | 1 hour, 25 minutes ago

Description : GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. The gt-xsd-core Schemas class is not using the EntityResolver provided by the ParserHandler (if any was configured). This also impacts users of gt-wfs-ng DataStore where the ENTITY_RESOLVER connection parameter was not being used as intended. This vulnerability is fixed in GeoTools 33.1, 32.3, 31.7, and 28.6.1, GeoServer 2.27.1, 2.26.3, and 2.25.7, and GeoNetwork 4.4.8 and 4.2.13.

Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-40585 – Energy Services G5DFR Default Credentials Backdoor

CVE ID : CVE-2025-40585

Published : June 10, 2025, 4:15 p.m. | 34 minutes ago

Description : A vulnerability has been identified in Energy Services (All versions with G5DFR). Affected solutions using G5DFR contain default credentials. This could allow an attacker to gain control of G5DFR component and tamper with outputs from the device.

Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-40591 – RUGGEDCOM ROX Command Injection Vulnerability

CVE ID : CVE-2025-40591

Published : June 10, 2025, 4:15 p.m. | 34 minutes ago

Description : A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions
Severity: 7.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-43585 – Adobe Commerce Improper Authorization Security Feature Bypass

CVE ID : CVE-2025-43585

Published : June 10, 2025, 4:15 p.m. | 34 minutes ago

Description : Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access leading to a limited impact to confidentiality and a high impact to integrity. Exploitation of this issue does not require user interaction.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-44044 – Keyoti SearchUnit XXE File Exfiltration

CVE ID : CVE-2025-44044

Published : June 10, 2025, 4:15 p.m. | 34 minutes ago

Description : Keyoti SearchUnit prior to 9.0.0. is vulnerable to XML External Entity (XXE). An attacker who can force a vulnerable SearchUnit host into parsing maliciously crafted XML and/or DTD files can exfiltrate some files from the underlying operating system.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-43586 – Adobe Commerce Privilege Escalation Vulnerability

CVE ID : CVE-2025-43586

Published : June 10, 2025, 4:15 p.m. | 1 hour, 25 minutes ago

Description : Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized elevated access. Exploitation of this issue does not require user interaction.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…