Total
9880 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21152 | 1 Oracle | 1 Process Manufacturing Financials | 2025-06-17 | 8.1 High |
| Vulnerability in the Oracle Process Manufacturing Financials product of Oracle E-Business Suite (component: Allocation Rules). Supported versions that are affected are 12.2.12-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Financials. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Process Manufacturing Financials accessible data as well as unauthorized access to critical data or complete access to all Oracle Process Manufacturing Financials accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2023-52190 | 1 Wpswings | 1 Coupon Referral Program | 2025-06-17 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2. | ||||
| CVE-2025-49200 | 2025-06-17 | 6.5 Medium | ||
| The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and decompressing the backup files. | ||||
| CVE-2023-40385 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-06-17 | 6.5 Medium |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on. | ||||
| CVE-2023-48135 | 1 Linecorp | 1 Line | 2025-06-17 | 5.4 Medium |
| An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-48131 | 1 Linecorp | 1 Line | 2025-06-17 | 5.4 Medium |
| An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43994 | 1 Linecorp | 1 Line | 2025-06-16 | 5.4 Medium |
| An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-42829 | 1 Apple | 1 Macos | 2025-06-16 | 5.5 Medium |
| The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases. | ||||
| CVE-2024-40554 | 1 Project Team | 1 Tmall Demo | 2025-06-13 | 7.5 High |
| An access control issue in Tmall_demo v2024.07.03 allows attackers to obtain sensitive information. | ||||
| CVE-2024-48900 | 1 Moodle | 1 Moodle | 2025-06-13 | 4.3 Medium |
| A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to. | ||||
| CVE-2025-4977 | 1 Netgear | 2 Dgnd3700, Dgnd3700 Firmware | 2025-06-12 | 5.3 Medium |
| A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some unknown functionality of the file /BRS_top.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | ||||
| CVE-2024-53359 | 1 Zalo | 1 Zalo | 2025-06-12 | 7.5 High |
| An issue in Zalo v23.09.01 allows attackers to obtain sensitive user information via a crafted GET request. | ||||
| CVE-2025-4980 | 1 Netgear | 2 Dgnd3700, Dgnd3700 Firmware | 2025-06-12 | 5.3 Medium |
| A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | ||||
| CVE-2025-49653 | 2025-06-12 | 8 High | ||
| Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform. | ||||
| CVE-2025-49150 | 2025-06-12 | 5.9 Medium | ||
| Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent can edit JSON files, this means a malicious agent, for example, after a prompt injection attack already succeeded, could trigger a GET request to an attacker controlled URL, potentially exfiltrating other data the agent may have access to. This vulnerability is fixed in 0.51.0. | ||||
| CVE-2023-41752 | 3 Apache, Apache Software Foundation, Fedoraproject | 3 Traffic Server, Apache Traffic Server, Fedora | 2025-06-12 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue. | ||||
| CVE-2021-25736 | 3 Kubernetes, Microsoft, Redhat | 3 Kubernetes, Windows, Openshift | 2025-06-12 | 5.8 Medium |
| Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected. | ||||
| CVE-2021-4430 | 1 Ortussolutions | 1 Coldbox Elixir | 2025-06-12 | 3.5 Low |
| A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address this issue. The identifier of the patch is a3aa62daea2e44c76d08d1eac63768cd928cd69e. It is recommended to upgrade the affected component. The identifier VDB-244485 was assigned to this vulnerability. | ||||
| CVE-2025-3877 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2025-06-11 | 5.4 Medium |
| This CVE was marked as fixed, but due to other code landing - was not actually fixed. It was subsequently fixed in CVE-2025-5986. | ||||
| CVE-2023-50253 | 1 Laf | 1 Laf | 2025-06-09 | 9.7 Critical |
| Laf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist. | ||||