CVE-2025-49209 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-49209
Published : June 4, 2025, 3:15 a.m. | 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49209
Published : June 4, 2025, 3:15 a.m. | 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49210 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-49210
Published : June 4, 2025, 3:15 a.m. | 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49210
Published : June 4, 2025, 3:15 a.m. | 19 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49223 - Billboard.js Prototype Pollution Vulnerability
CVE ID : CVE-2025-49223
Published : June 4, 2025, 3:15 a.m. | 19 minutes ago
Description : billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49223
Published : June 4, 2025, 3:15 a.m. | 19 minutes ago
Description : billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5552 - ChestnutCMS Groovy Deserialization Remote Vulnerability
CVE ID : CVE-2025-5552
Published : June 4, 2025, 3:15 a.m. | 19 minutes ago
Description : A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5552
Published : June 4, 2025, 3:15 a.m. | 19 minutes ago
Description : A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5553 - PHPGurukul Rail Pass Management System SQL Injection
CVE ID : CVE-2025-5553
Published : June 4, 2025, 3:15 a.m. | 19 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5553
Published : June 4, 2025, 3:15 a.m. | 19 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5554 - PHPGurukul Rail Pass Management System SQL Injection Vulnerability
CVE ID : CVE-2025-5554
Published : June 4, 2025, 3:15 a.m. | 19 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Rail Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pass-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5554
Published : June 4, 2025, 3:15 a.m. | 19 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Rail Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pass-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20984 - Samsung Cloud for Galaxy Watch Default Permission Vulnerability
CVE ID : CVE-2025-20984
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20984
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20985 - Microsoft Xbox ThemeManager Privilege Escalation Vulnerability
CVE ID : CVE-2025-20985
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Improper privilege management in ThemeManager prior to SMR Jun-2025 Release 1 allows local privileged attackers to reuse trial items.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20985
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Improper privilege management in ThemeManager prior to SMR Jun-2025 Release 1 allows local privileged attackers to reuse trial items.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20986 - Samsung Galaxy Watch Screen Capture Access Control Vulnerability
CVE ID : CVE-2025-20986
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Improper access control in ScreenCapture for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to take screenshots.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20986
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Improper access control in ScreenCapture for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to take screenshots.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20987 - Samsung Galaxy Fingerprint Vulnerability - Authentication Bypass
CVE ID : CVE-2025-20987
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a auth_token.
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20987
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a auth_token.
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20988 - Qualcomm Fingerprint Trustlet OOB Read Vulnerability
CVE ID : CVE-2025-20988
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20988
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20989 - Fingerprint Trustlet Log Forgery Vulnerability
CVE ID : CVE-2025-20989
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmac_key.
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20989
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmac_key.
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20991 - Android Bluetooth Improper Export of Components Vulnerability
CVE ID : CVE-2025-20991
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20991
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20992 - Samsung Camera Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-20992
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20992
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20993 - Samsung Camera libsecimaging Camera Buffer Overflow
CVE ID : CVE-2025-20993
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20993
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20994 - Samsung Internet File Access Vulnerability
CVE ID : CVE-2025-20994
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20994
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20995 - Samsung Internet File Access Vulnerability
CVE ID : CVE-2025-20995
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to read and write arbitrary files.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20995
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to read and write arbitrary files.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20996 - Samsung Smart Switch Authorization Bypass
CVE ID : CVE-2025-20996
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Improper authorization in Smart Switch installed on non-Samsung Device prior to version 3.7.64.10 allows local attackers to read data with the privilege of Smart Switch. User interaction is required for triggering this vulnerability.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20996
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : Improper authorization in Smart Switch installed on non-Samsung Device prior to version 3.7.64.10 allows local attackers to read data with the privilege of Smart Switch. User interaction is required for triggering this vulnerability.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5539 - WordPress WP Easy Contact Stored Cross-Site Scripting
CVE ID : CVE-2025-5539
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : The Simple Contact Form Plugin for WordPress – WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5539
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : The Simple Contact Form Plugin for WordPress – WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5561 - PHPGurukul Curfew e-Pass Management System SQL Injection Vulnerability
CVE ID : CVE-2025-5561
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5561
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5562 - PHPGurukul Curfew SQL Injection Vulnerability
CVE ID : CVE-2025-5562
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/edit-category-detail.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5562
Published : June 4, 2025, 5:15 a.m. | 2 hours, 19 minutes ago
Description : A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/edit-category-detail.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...