CVE-2025-5687 - Mozilla VPN macOS Privilege Escalation
CVE ID : CVE-2025-5687
Published : June 11, 2025, 12:15 p.m. | 15 minutes ago
Description : A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.28.0 < (macOS).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5687
Published : June 11, 2025, 12:15 p.m. | 15 minutes ago
Description : A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.28.0 < (macOS).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5986 - Thunderbird Automatic PDF Download Vulnerability
CVE ID : CVE-2025-5986
Published : June 11, 2025, 12:15 p.m. | 15 minutes ago
Description : A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird < 128.11.1 and Thunderbird < 139.0.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5986
Published : June 11, 2025, 12:15 p.m. | 15 minutes ago
Description : A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data (e.g. using /dev/urandom on Linux) or to leak Windows credentials via SMB links when the email is viewed in HTML mode. While user interaction is required to download the .pdf file, visual obfuscation can conceal the download trigger. Viewing the email in HTML mode is enough to load external content. This vulnerability affects Thunderbird < 128.11.1 and Thunderbird < 139.0.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5144 - "Stored Cross-Site Scripting in The Events Calendar for WordPress"
CVE ID : CVE-2025-5144
Published : June 11, 2025, 1:15 p.m. | 3 hours, 17 minutes ago
Description : The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-date-*’ parameters in all versions up to, and including, 6.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5144
Published : June 11, 2025, 1:15 p.m. | 3 hours, 17 minutes ago
Description : The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-date-*’ parameters in all versions up to, and including, 6.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32711 - Microsoft 365 Copilot Command Injection Vulnerability
CVE ID : CVE-2025-32711
Published : June 11, 2025, 2:15 p.m. | 2 hours, 16 minutes ago
Description : Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32711
Published : June 11, 2025, 2:15 p.m. | 2 hours, 16 minutes ago
Description : Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-35941 - Apache Struts Password Exposure
CVE ID : CVE-2025-35941
Published : June 11, 2025, 2:15 p.m. | 2 hours, 16 minutes ago
Description : A password is exposed locally.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-35941
Published : June 11, 2025, 2:15 p.m. | 2 hours, 16 minutes ago
Description : A password is exposed locally.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40914 - Perl CryptX Integer Overflow Vulnerability
CVE ID : CVE-2025-40914
Published : June 11, 2025, 2:15 p.m. | 2 hours, 16 minutes ago
Description : Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40914
Published : June 11, 2025, 2:15 p.m. | 2 hours, 16 minutes ago
Description : Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4605 - Autodesk Maya Uncontrolled Memory Allocation Vulnerability
CVE ID : CVE-2025-4605
Published : June 11, 2025, 2:15 p.m. | 2 hours, 16 minutes ago
Description : A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4605
Published : June 11, 2025, 2:15 p.m. | 2 hours, 16 minutes ago
Description : A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4922 - Nomad Prefix-Based ACL Policy Vulnerability (Insufficient ACL Resolution)
CVE ID : CVE-2025-4922
Published : June 11, 2025, 2:15 p.m. | 2 hours, 16 minutes ago
Description : Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4922
Published : June 11, 2025, 2:15 p.m. | 2 hours, 16 minutes ago
Description : Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0163 - IBM Security Verify Access Appliance and Docker Information Disclosure Vulnerability
CVE ID : CVE-2025-0163
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0163
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3473 - IBM Security Guardium Privilege Escalation Local Buffer Overflow
CVE ID : CVE-2025-3473
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3473
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48013 - Drupal Quick Node Block Missing Authorization Vulnerability
CVE ID : CVE-2025-48013
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48013
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48444 - Drupal Quick Node Block Authorization Bypass
CVE ID : CVE-2025-48444
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48444
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48445 - Drupal Commerce Eurobank Redirect Authorization Bypass
CVE ID : CVE-2025-48445
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48445
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48446 - Drupal Commerce Alphabank Redirect Authorization Bypass Vulnerability
CVE ID : CVE-2025-48446
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48446
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48447 - Drupal Lightgallery Cross-Site Scripting (XSS)
CVE ID : CVE-2025-48447
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48447
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48448 - Drupal Admin Audit Trail Resource Exhaustion DoS
CVE ID : CVE-2025-48448
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48448
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49146 - PostgreSQL pgjdbc Channel Binding Authentication Bypass
CVE ID : CVE-2025-49146
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49146
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49148 - ClipShare Server DLL Load Hijacking Vulnerability
CVE ID : CVE-2025-49148
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. This vulnerability is fixed in 3.8.5.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49148
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. This vulnerability is fixed in 3.8.5.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26383 - Apache iSTAR Memory Information Disclosure
CVE ID : CVE-2025-26383
Published : June 11, 2025, 4:15 p.m. | 17 minutes ago
Description : The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26383
Published : June 11, 2025, 4:15 p.m. | 17 minutes ago
Description : The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1698 - "Xperia Fingerprint Sensor Null Pointer Denial of Service"
CVE ID : CVE-2025-1698
Published : June 11, 2025, 5:15 p.m. | 3 hours, 16 minutes ago
Description : Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1698
Published : June 11, 2025, 5:15 p.m. | 3 hours, 16 minutes ago
Description : Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1699 - MotoSignature Unauthorized Access Permission Vulnerability
CVE ID : CVE-2025-1699
Published : June 11, 2025, 5:15 p.m. | 3 hours, 16 minutes ago
Description : An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1699
Published : June 11, 2025, 5:15 p.m. | 3 hours, 16 minutes ago
Description : An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...