CVE ID : CVE-2025-31711
Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago
Description : In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-31712
Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago
Description : In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-4567
Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago
Description : The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3662
Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago
Description : The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries’ caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escalated it to an Unauthenticated Stored XSS
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3584
Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago
Description : The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3919
Published : June 2, 2025, 11:15 p.m. | 2 hours, 21 minutes ago
Description : The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings parameters.
This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts on the plugin settings page that will execute whenever an administrative user accesses an injected page.
The vulnerability was partially fixed in version 2.4.3 and fully fixed in version 2.4.4
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49162
Published : June 3, 2025, 12:15 a.m. | 1 hour, 21 minutes ago
Description : Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49163
Published : June 3, 2025, 12:15 a.m. | 1 hour, 21 minutes ago
Description : Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49164
Published : June 3, 2025, 12:15 a.m. | 1 hour, 21 minutes ago
Description : Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5068
Published : June 3, 2025, 12:15 a.m. | 1 hour, 21 minutes ago
Description : Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-5419
Published : June 3, 2025, 12:15 a.m. | 1 hour, 21 minutes ago
Description : Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1051
Published : June 2, 2025, 7:15 p.m. | 2 hours, 59 minutes ago
Description : Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-23099
Published : June 2, 2025, 7:15 p.m. | 4 hours, 10 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-23105
Published : June 2, 2025, 7:15 p.m. | 4 hours, 10 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-49069
Published : June 2, 2025, 7:15 p.m. | 4 hours, 10 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Cross Site Request Forgery.This issue affects Contact Forms by Cimatti: from n/a through 1.9.8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48387
Published : June 2, 2025, 8:15 p.m. | 3 hours, 10 minutes ago
Description : tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-47585
Published : June 2, 2025, 8:15 p.m. | 3 hours, 10 minutes ago
Description : Missing Authorization vulnerability in Mage people team Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through 2.3.8.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-48996
Published : June 2, 2025, 8:15 p.m. | 3 hours, 10 minutes ago
Description : HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the `haxPsuUsage` API endpoint, related to a flat present in open-apis versions up to and including 10.0.2. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. When chained with other authorization issues (e.g., HAX-3), this could assist in targeted attacks such as unauthorized content modification or deletion. Commit 06c2e1fbb7131a8fe66aa0600f38dcacae6b7ac7 patches the vulnerability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-48877
Published : June 2, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-52035
Published : June 2, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…