CVE-2025-43699 - Salesforce OmniStudio FlexCards Field Level Security Bypass
CVE ID : CVE-2025-43699
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for OmniUICard objects. This impacts OmniStudio: before Spring 2025
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43699
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for OmniUICard objects. This impacts OmniStudio: before Spring 2025
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43700 - Salesforce OmniStudio FlexCards Data Exposure Permission Vulnerability
CVE ID : CVE-2025-43700
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43700
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43701 - Salesforce OmniStudio FlexCards Information Disclosure Vulnerability
CVE ID : CVE-2025-43701
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts OmniStudio: before version 254.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43701
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts OmniStudio: before version 254.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4577 - Smash Balloon Social Post Feed - WordPress Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-4577
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4577
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4774 - Elementor Premium Addons Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-4774
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4774
Published : June 10, 2025, 12:15 p.m. | 2 hours, 3 minutes ago
Description : The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49454 - LoftOcean TinySalt PHP Remote File Inclusion Vulnerability
CVE ID : CVE-2025-49454
Published : June 10, 2025, 1:15 p.m. | 1 hour, 3 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt allows PHP Local File Inclusion.This issue affects TinySalt: from n/a before 3.10.0.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49454
Published : June 10, 2025, 1:15 p.m. | 1 hour, 3 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt allows PHP Local File Inclusion.This issue affects TinySalt: from n/a before 3.10.0.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49455 - LoftOcean TinySalt Object Injection Vulnerability
CVE ID : CVE-2025-49455
Published : June 10, 2025, 1:15 p.m. | 1 hour, 3 minutes ago
Description : Deserialization of Untrusted Data vulnerability in LoftOcean TinySalt allows Object Injection.This issue affects TinySalt: from n/a before 3.10.0.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49455
Published : June 10, 2025, 1:15 p.m. | 1 hour, 3 minutes ago
Description : Deserialization of Untrusted Data vulnerability in LoftOcean TinySalt allows Object Injection.This issue affects TinySalt: from n/a before 3.10.0.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49507 - LoftOcean CozyStay Deserialization of Untrusted Data Object Injection Vulnerability
CVE ID : CVE-2025-49507
Published : June 10, 2025, 1:15 p.m. | 1 hour, 3 minutes ago
Description : Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay allows Object Injection.This issue affects CozyStay: from n/a before 1.7.1.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49507
Published : June 10, 2025, 1:15 p.m. | 1 hour, 3 minutes ago
Description : Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay allows Object Injection.This issue affects CozyStay: from n/a before 1.7.1.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49509 - Roland Beaussant Audio Editor & Recorder Missing Authorization Vulnerability
CVE ID : CVE-2025-49509
Published : June 10, 2025, 1:15 p.m. | 1 hour, 3 minutes ago
Description : Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through 2.2.1.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49509
Published : June 10, 2025, 1:15 p.m. | 1 hour, 3 minutes ago
Description : Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through 2.2.1.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49510 - WooCommerce Min Max Step Quantity Limits Manager CSRF Vulnerability
CVE ID : CVE-2025-49510
Published : June 10, 2025, 1:15 p.m. | 1 hour, 3 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager for WooCommerce: from n/a through 5.1.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49510
Published : June 10, 2025, 1:15 p.m. | 1 hour, 3 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager for WooCommerce: from n/a through 5.1.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49511 - Civi Framework CSRF
CVE ID : CVE-2025-49511
Published : June 10, 2025, 1:15 p.m. | 1 hour, 3 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in uxper Civi Framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a through 2.1.6.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49511
Published : June 10, 2025, 1:15 p.m. | 1 hour, 3 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in uxper Civi Framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a through 2.1.6.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47162 - Microsoft Office Heap-based Buffer Overflow Vulnerability
CVE ID : CVE-2025-47162
Published : June 10, 2025, 5:23 p.m. | 1 hour, 1 minute ago
Description : Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47162
Published : June 10, 2025, 5:23 p.m. | 1 hour, 1 minute ago
Description : Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47163 - Microsoft Office SharePoint Remote Code Execution Vulnerability
CVE ID : CVE-2025-47163
Published : June 10, 2025, 5:23 p.m. | 1 hour, 1 minute ago
Description : Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47163
Published : June 10, 2025, 5:23 p.m. | 1 hour, 1 minute ago
Description : Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47164 - Microsoft Office Use After Free Remote Code Execution Vulnerability
CVE ID : CVE-2025-47164
Published : June 10, 2025, 5:23 p.m. | 1 hour, 1 minute ago
Description : Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47164
Published : June 10, 2025, 5:23 p.m. | 1 hour, 1 minute ago
Description : Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47165 - Microsoft Office Excel Use-After-Free Vulnerability Allows Local Code Execution
CVE ID : CVE-2025-47165
Published : June 10, 2025, 5:23 p.m. | 1 hour, 1 minute ago
Description : Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47165
Published : June 10, 2025, 5:23 p.m. | 1 hour, 1 minute ago
Description : Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47166 - Microsoft Office SharePoint Remote Code Execution
CVE ID : CVE-2025-47166
Published : June 10, 2025, 5:23 p.m. | 1 hour, 1 minute ago
Description : Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47166
Published : June 10, 2025, 5:23 p.m. | 1 hour, 1 minute ago
Description : Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47167 - Microsoft Office Type Confusion Code Execution
CVE ID : CVE-2025-47167
Published : June 10, 2025, 5:23 p.m. | 1 hour ago
Description : Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47167
Published : June 10, 2025, 5:23 p.m. | 1 hour ago
Description : Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47168 - Microsoft Office Word Use-After-Free Remote Code Execution Vulnerability
CVE ID : CVE-2025-47168
Published : June 10, 2025, 5:23 p.m. | 1 hour ago
Description : Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47168
Published : June 10, 2025, 5:23 p.m. | 1 hour ago
Description : Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47169 - Microsoft Office Word Heap Buffer Overflow (Code Execution)
CVE ID : CVE-2025-47169
Published : June 10, 2025, 5:23 p.m. | 1 hour ago
Description : Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47169
Published : June 10, 2025, 5:23 p.m. | 1 hour ago
Description : Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47170 - Microsoft Office Word Use After Free Code Execution Vulnerability
CVE ID : CVE-2025-47170
Published : June 10, 2025, 5:23 p.m. | 1 hour ago
Description : Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47170
Published : June 10, 2025, 5:23 p.m. | 1 hour ago
Description : Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47171 - Microsoft Office Outlook Remote Code Execution Vulnerability
CVE ID : CVE-2025-47171
Published : June 10, 2025, 5:23 p.m. | 1 hour ago
Description : Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47171
Published : June 10, 2025, 5:23 p.m. | 1 hour ago
Description : Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...