CVE-2025-0913 - Apache os File Symlink Creation Vulnerability
CVE ID : CVE-2025-0913
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0913
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0917 - IBM Cognos Analytics Stored Cross-Site Scripting
CVE ID : CVE-2025-0917
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0917
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0923 - IBM Cognos Analytics Source Code Disclosure Vulnerability
CVE ID : CVE-2025-0923
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0923
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25032 - IBM Cognos Analytics Memory Exhaustion Denial of Service
CVE ID : CVE-2025-25032
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25032
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40912 - CryptX for Perl Malformed Unicode Injection Vulnerability
CVE ID : CVE-2025-40912
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40912
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49150 - Cursor JSON File Remote Request Vulnerability
CVE ID : CVE-2025-49150
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent can edit JSON files, this means a malicious agent, for example, after a prompt injection attack already succeeded, could trigger a GET request to an attacker controlled URL, potentially exfiltrating other data the agent may have access to. This vulnerability is fixed in 0.51.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49150
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent can edit JSON files, this means a malicious agent, for example, after a prompt injection attack already succeeded, could trigger a GET request to an attacker controlled URL, potentially exfiltrating other data the agent may have access to. This vulnerability is fixed in 0.51.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30085 - RSForm!pro Joomla Remote Code Execution Vulnerability
CVE ID : CVE-2025-30085
Published : June 11, 2025, 8:15 p.m. | 17 minutes ago
Description : Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. The issue occurs within the submission export feature and requires administrative access to the export feature.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30085
Published : June 11, 2025, 8:15 p.m. | 17 minutes ago
Description : Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. The issue occurs within the submission export feature and requires administrative access to the export feature.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32465 - Joomla RSTickets! Stored XSS Vulnerability
CVE ID : CVE-2025-32465
Published : June 11, 2025, 8:15 p.m. | 17 minutes ago
Description : A stored XSS vulnerability in RSTickets! component 1.9.12 - 3.3.0 for Joomla was discovered. It allows attackers to perform cross-site scripting (XSS) attacks via sending crafted payload.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32465
Published : June 11, 2025, 8:15 p.m. | 17 minutes ago
Description : A stored XSS vulnerability in RSTickets! component 1.9.12 - 3.3.0 for Joomla was discovered. It allows attackers to perform cross-site scripting (XSS) attacks via sending crafted payload.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32466 - RSMediaGallery Joomla SQL Injection Vulnerability
CVE ID : CVE-2025-32466
Published : June 11, 2025, 8:15 p.m. | 17 minutes ago
Description : A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32466
Published : June 11, 2025, 8:15 p.m. | 17 minutes ago
Description : A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-4976 - InfoZip ZIP Library Multiple Vulnerabilities (Unzip)
CVE ID : CVE-2022-4976
Published : June 12, 2025, 1:15 a.m. | 3 hours, 17 minutes ago
Description : Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-4976
Published : June 12, 2025, 1:15 a.m. | 3 hours, 17 minutes ago
Description : Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6005 - "kiCode111 like-girl SQL Injection"
CVE ID : CVE-2025-6005
Published : June 12, 2025, 2:15 a.m. | 2 hours, 17 minutes ago
Description : A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument title/aboutimg/info1/info2/info3/btn1/btn2/infox1/infox2/infox3/infox4/infox5/infox6/btnx2/infof1/infof2/infof3/infof4/btnf3/infod1/infod2/infod3/infod4/infod5 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6005
Published : June 12, 2025, 2:15 a.m. | 2 hours, 17 minutes ago
Description : A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument title/aboutimg/info1/info2/info3/btn1/btn2/infox1/infox2/infox3/infox4/infox5/infox6/btnx2/infof1/infof2/infof3/infof4/btnf3/infod1/infod2/infod3/infod4/infod5 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6006 - kiCode111 like-girl SQL Injection Vulnerability
CVE ID : CVE-2025-6006
Published : June 12, 2025, 2:15 a.m. | 2 hours, 17 minutes ago
Description : A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. This issue affects some unknown processing of the file /admin/ImgUpdaPost.php. The manipulation of the argument id/imgText/imgDatd/imgUrl leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6006
Published : June 12, 2025, 2:15 a.m. | 2 hours, 17 minutes ago
Description : A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. This issue affects some unknown processing of the file /admin/ImgUpdaPost.php. The manipulation of the argument id/imgText/imgDatd/imgUrl leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6007 - "kiCode111 like-girl SQL Injection Vulnerability"
CVE ID : CVE-2025-6007
Published : June 12, 2025, 2:15 a.m. | 2 hours, 17 minutes ago
Description : A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/Copyright leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6007
Published : June 12, 2025, 2:15 a.m. | 2 hours, 17 minutes ago
Description : A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/Copyright leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6008 - KiCode111 like-girl SQL Injection Vulnerability
CVE ID : CVE-2025-6008
Published : June 12, 2025, 2:15 a.m. | 2 hours, 17 minutes ago
Description : A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ImgAddPost.php. The manipulation of the argument imgDatd/imgText/imgUrl leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6008
Published : June 12, 2025, 2:15 a.m. | 2 hours, 17 minutes ago
Description : A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ImgAddPost.php. The manipulation of the argument imgDatd/imgText/imgUrl leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-36636 - Apache HTTP Server File Inclusion
CVE ID : CVE-2023-36636
Published : June 12, 2025, 3:15 a.m. | 1 hour, 17 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-36636
Published : June 12, 2025, 3:15 a.m. | 1 hour, 17 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49814 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-49814
Published : June 12, 2025, 3:15 a.m. | 1 hour, 17 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49814
Published : June 12, 2025, 3:15 a.m. | 1 hour, 17 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49815 - Apache HTTP Server Information Disclosure
CVE ID : CVE-2025-49815
Published : June 12, 2025, 3:15 a.m. | 1 hour, 17 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49815
Published : June 12, 2025, 3:15 a.m. | 1 hour, 17 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49816 - WordPress XSS
CVE ID : CVE-2025-49816
Published : June 12, 2025, 3:15 a.m. | 1 hour, 17 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49816
Published : June 12, 2025, 3:15 a.m. | 1 hour, 17 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49817 - Apache Apache Struts Remote Code Execution
CVE ID : CVE-2025-49817
Published : June 12, 2025, 3:15 a.m. | 1 hour, 17 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49817
Published : June 12, 2025, 3:15 a.m. | 1 hour, 17 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49818 - AirVPN DNS Spoofing Vulnerability
CVE ID : CVE-2025-49818
Published : June 12, 2025, 3:15 a.m. | 1 hour, 17 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49818
Published : June 12, 2025, 3:15 a.m. | 1 hour, 17 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49819 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-49819
Published : June 12, 2025, 3:15 a.m. | 1 hour, 17 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49819
Published : June 12, 2025, 3:15 a.m. | 1 hour, 17 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...