Total
33598 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41404 | 2 Debian, Ini4j Project | 2 Debian Linux, Ini4j | 2025-06-09 | 7.5 High |
| An issue in the fetch() method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | ||||
| CVE-2022-28391 | 1 Busybox | 1 Busybox | 2025-06-09 | 8.8 High |
| BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. | ||||
| CVE-2019-3844 | 4 Canonical, Netapp, Redhat and 1 more | 8 Ubuntu Linux, Cn1610, Cn1610 Firmware and 5 more | 2025-06-09 | 7.8 High |
| It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled. | ||||
| CVE-2023-34969 | 4 Debian, Fedoraproject, Freedesktop and 1 more | 5 Debian Linux, Fedora, Dbus and 2 more | 2025-06-09 | 6.5 Medium |
| D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6. | ||||
| CVE-2022-42012 | 3 Fedoraproject, Freedesktop, Redhat | 4 Fedora, Dbus, Enterprise Linux and 1 more | 2025-06-09 | 6.5 Medium |
| An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. | ||||
| CVE-2025-48998 | 1 Dataease | 1 Dataease | 2025-06-09 | 8.8 High |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. No known workarounds are available. | ||||
| CVE-2020-21514 | 1 Fluentd | 2 Fluentd, Fluentd-ui | 2025-06-09 | 8.8 High |
| An issue was discovered in Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password. | ||||
| CVE-2024-0753 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-06-07 | 6.5 Medium |
| In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| CVE-2023-51073 | 1 Buffalo | 2 Ls210d, Ls210d Firmware | 2025-06-06 | 8.1 High |
| An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh. | ||||
| CVE-2023-7231 | 1 Evanliewer | 1 Illi Link Party\! | 2025-06-06 | 7.3 High |
| The illi Link Party! WordPress plugin through 1.0 lacks proper access controls, allowing unauthenticated visitors to delete links. | ||||
| CVE-2023-48909 | 1 Aarboard | 1 Jave2 | 2025-06-06 | 8.8 High |
| An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function. | ||||
| CVE-2025-4664 | 1 Google | 1 Chrome | 2025-06-06 | 4.3 Medium |
| Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-20697 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows Server 2022 23h2 | 2025-06-05 | 7.3 High |
| Windows libarchive Remote Code Execution Vulnerability | ||||
| CVE-2025-3587 | 1 Zerowdd | 1 Studentmanager | 2025-06-05 | 6.3 Medium |
| A vulnerability classified as critical was found in ZeroWdd/code-projects studentmanager 1.0. This vulnerability affects unknown code of the file /getTeacherList. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-34699 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-06-05 | 7.8 High |
| Windows Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2022-34692 | 1 Microsoft | 1 Exchange Server | 2025-06-05 | 5.3 Medium |
| Microsoft Exchange Server Information Disclosure Vulnerability | ||||
| CVE-2022-34691 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-05 | 8.8 High |
| Active Directory Domain Services Elevation of Privilege Vulnerability | ||||
| CVE-2022-33646 | 1 Microsoft | 1 Azure Batch | 2025-06-05 | 7 High |
| Azure Batch Node Agent Elevation of Privilege Vulnerability | ||||
| CVE-2022-33640 | 1 Microsoft | 2 Open Management Infrastructure, System Center Operations Manager | 2025-06-05 | 7.8 High |
| System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | ||||
| CVE-2022-33631 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-06-05 | 7.3 High |
| Microsoft Excel Security Feature Bypass Vulnerability | ||||