CVE-2025-21463 - Cisco Wireless EHT IE Beacon Frame Processing Denial of Service
CVE ID : CVE-2025-21463
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : Transient DOS while processing the EHT operation IE in the received beacon frame.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21463
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : Transient DOS while processing the EHT operation IE in the received beacon frame.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21480 - NVIDIA GPU Micronode Command Execution Memory Corruption
CVE ID : CVE-2025-21480
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21480
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21485 - Apache Kafka FastRPC Memory Corruption Vulnerability
CVE ID : CVE-2025-21485
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21485
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21486 - Apache HTTP Server Heap Overflow
CVE ID : CVE-2025-21486
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21486
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27029 - Cisco Router Denial of Service
CVE ID : CVE-2025-27029
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27029
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27031 - Cisco Router IOCTL Memory Corruption
CVE ID : CVE-2025-27031
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27031
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27038 - Google Chrome Adreno GPU Driver Buffer Overflow
CVE ID : CVE-2025-27038
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27038
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31710 - Cisco Engineermode Command Injection Vulnerability
CVE ID : CVE-2025-31710
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31710
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31711 - Apache CPLog Null Pointer Dereference Denial of Service
CVE ID : CVE-2025-31711
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31711
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31712 - Cisco cplog Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-31712
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31712
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3584 - WordPress Newsletter Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-3584
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3584
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3662 - FancyBox for WordPress Unauthenticated Stored XSS
CVE ID : CVE-2025-3662
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escalated it to an Unauthenticated Stored XSS
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3662
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escalated it to an Unauthenticated Stored XSS
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4567 - WordPress Post Slider Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-4567
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4567
Published : June 3, 2025, 6:15 a.m. | 2 hours, 47 minutes ago
Description : The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21479 - NVIDIA GPU Unauthenticated Command Execution Vulnerability
CVE ID : CVE-2025-21479
Published : June 3, 2025, 7:15 a.m. | 1 hour, 47 minutes ago
Description : Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21479
Published : June 3, 2025, 7:15 a.m. | 1 hour, 47 minutes ago
Description : Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41428 - TimeWorks Path Traversal Vulnerability
CVE ID : CVE-2025-41428
Published : June 3, 2025, 8:15 a.m. | 47 minutes ago
Description : Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41428
Published : June 3, 2025, 8:15 a.m. | 47 minutes ago
Description : Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46355 - PC Time Tracer Elevation of Privilege Vulnerability
CVE ID : CVE-2025-46355
Published : June 3, 2025, 8:15 a.m. | 47 minutes ago
Description : Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46355
Published : June 3, 2025, 8:15 a.m. | 47 minutes ago
Description : Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1725 - WordPress Bit File Manager Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-1725
Published : June 3, 2025, 9:15 a.m. | 2 hours, 19 minutes ago
Description : The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1725
Published : June 3, 2025, 9:15 a.m. | 2 hours, 19 minutes ago
Description : The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4420 - Vayu Blocks Stored Cross-Site Scripting (XSS) in WordPress
CVE ID : CVE-2025-4420
Published : June 3, 2025, 9:15 a.m. | 2 hours, 19 minutes ago
Description : The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerWidth’ parameter in all versions up to, and including, 1.3.1 due to a missing capability check on the vayu_blocks_option_panel_callback() function and insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4420
Published : June 3, 2025, 9:15 a.m. | 2 hours, 19 minutes ago
Description : The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerWidth’ parameter in all versions up to, and including, 1.3.1 due to a missing capability check on the vayu_blocks_option_panel_callback() function and insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5103 - WooCommerce Ultimate Gift Cards SQL Injection Vulnerability
CVE ID : CVE-2025-5103
Published : June 3, 2025, 9:15 a.m. | 2 hours, 19 minutes ago
Description : The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the 'default_price' and 'product_id' parameters in all versions up to, and including, 3.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5103
Published : June 3, 2025, 9:15 a.m. | 2 hours, 19 minutes ago
Description : The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to boolean-based SQL Injection via the 'default_price' and 'product_id' parameters in all versions up to, and including, 3.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5116 - WordPress WP Plugin Info Card Stored Cross-Site Scripting
CVE ID : CVE-2025-5116
Published : June 3, 2025, 9:15 a.m. | 2 hours, 19 minutes ago
Description : The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerid’ parameter in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This issue is due to an incomplete patch for CVE-2025-31835.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5116
Published : June 3, 2025, 9:15 a.m. | 2 hours, 19 minutes ago
Description : The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerid’ parameter in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This issue is due to an incomplete patch for CVE-2025-31835.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-36486 - Parallels Desktop for Mac Privilege Escalation Vulnerability
CVE ID : CVE-2024-36486
Published : June 3, 2025, 10:15 a.m. | 1 hour, 19 minutes ago
Description : A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-36486
Published : June 3, 2025, 10:15 a.m. | 1 hour, 19 minutes ago
Description : A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...