Security

CVE ID : CVE-2025-49589

Published : June 12, 2025, 9:15 p.m. | 46 minutes ago

Description : PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-44091

Published : June 12, 2025, 9:15 p.m. | 46 minutes ago

Description : yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-44905

Published : June 12, 2025, 4:15 p.m. | 1 hour, 50 minutes ago

Description : go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-44906

Published : June 12, 2025, 4:15 p.m. | 1 hour, 50 minutes ago

Description : uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-7562

Published : June 12, 2025, 4:15 p.m. | 1 hour, 50 minutes ago

Description : A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions (InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2) are affected by this issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-29744

Published : June 12, 2025, 4:15 p.m. | 1 hour, 50 minutes ago

Description : pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-36573

Published : June 12, 2025, 4:15 p.m. | 1 hour, 50 minutes ago

Description : Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. A user with local access could potentially exploit this vulnerability, leading to Information disclosure.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46035

Published : June 12, 2025, 4:15 p.m. | 1 hour, 50 minutes ago

Description : Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49467

Published : June 12, 2025, 4:15 p.m. | 1 hour, 50 minutes ago

Description : A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. The extension is vulnerable to SQL injection via publicly accessible actions to list events by date ranges.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-45256

Published : June 12, 2025, 5:15 p.m. | 50 minutes ago

Description : Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transaction.php, validation.php, or callback.php.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-55567

Published : June 12, 2025, 5:15 p.m. | 50 minutes ago

Description : Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5982

Published : June 12, 2025, 5:15 p.m. | 50 minutes ago

Description : An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49080

Published : June 12, 2025, 5:15 p.m. | 50 minutes ago

Description : There is a memory management vulnerability in Absolute
Secure Access server versions 9.0 to 13.54. Attackers with network access to
the server can cause a Denial of Service by sending a specially crafted
sequence of packets to the server. The attack complexity is low, there are no
attack requirements, privileges, or user interaction required. Loss of
availability is high; there is no impact on confidentiality or integrity.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-9512

Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago

Description : An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49181

Published : June 12, 2025, 2:15 p.m. | 3 hours, 45 minutes ago

Description : Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET
requests to gather sensitive information. An attacker could also send HTTP POST requests to modify
the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service
attack.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49182

Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago

Description : Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49183

Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago

Description : All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49184

Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago

Description : A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49185

Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago

Description : The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-49187

Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago

Description : For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…