CVE-2025-48445 - Drupal Commerce Eurobank Redirect Authorization Bypass
CVE ID : CVE-2025-48445
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48445
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48446 - Drupal Commerce Alphabank Redirect Authorization Bypass Vulnerability
CVE ID : CVE-2025-48446
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48446
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48447 - Drupal Lightgallery Cross-Site Scripting (XSS)
CVE ID : CVE-2025-48447
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48447
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48448 - Drupal Admin Audit Trail Resource Exhaustion DoS
CVE ID : CVE-2025-48448
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48448
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49146 - PostgreSQL pgjdbc Channel Binding Authentication Bypass
CVE ID : CVE-2025-49146
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49146
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49148 - ClipShare Server DLL Load Hijacking Vulnerability
CVE ID : CVE-2025-49148
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. This vulnerability is fixed in 3.8.5.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49148
Published : June 11, 2025, 3:15 p.m. | 1 hour, 16 minutes ago
Description : ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. This vulnerability is fixed in 3.8.5.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26383 - Apache iSTAR Memory Information Disclosure
CVE ID : CVE-2025-26383
Published : June 11, 2025, 4:15 p.m. | 17 minutes ago
Description : The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26383
Published : June 11, 2025, 4:15 p.m. | 17 minutes ago
Description : The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1698 - "Xperia Fingerprint Sensor Null Pointer Denial of Service"
CVE ID : CVE-2025-1698
Published : June 11, 2025, 5:15 p.m. | 3 hours, 16 minutes ago
Description : Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1698
Published : June 11, 2025, 5:15 p.m. | 3 hours, 16 minutes ago
Description : Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1699 - MotoSignature Unauthorized Access Permission Vulnerability
CVE ID : CVE-2025-1699
Published : June 11, 2025, 5:15 p.m. | 3 hours, 16 minutes ago
Description : An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1699
Published : June 11, 2025, 5:15 p.m. | 3 hours, 16 minutes ago
Description : An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22874 - DigiCert SSL Verify Certificate Validation Bypass
CVE ID : CVE-2025-22874
Published : June 11, 2025, 5:15 p.m. | 3 hours, 16 minutes ago
Description : Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22874
Published : June 11, 2025, 5:15 p.m. | 3 hours, 16 minutes ago
Description : Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40915 - Mojolicious::Plugin::CSRF Weak Random Number Generation CSRF Vulnerability
CVE ID : CVE-2025-40915
Published : June 11, 2025, 5:15 p.m. | 3 hours, 16 minutes ago
Description : Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40915
Published : June 11, 2025, 5:15 p.m. | 3 hours, 16 minutes ago
Description : Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4673 - Apache Web Server HTTP Header Information Disclosure
CVE ID : CVE-2025-4673
Published : June 11, 2025, 5:15 p.m. | 3 hours, 16 minutes ago
Description : Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4673
Published : June 11, 2025, 5:15 p.m. | 3 hours, 16 minutes ago
Description : Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6001 - VirtueMart CSRF File Upload Bypass
CVE ID : CVE-2025-6001
Published : June 11, 2025, 5:15 p.m. | 3 hours, 16 minutes ago
Description : A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6001
Published : June 11, 2025, 5:15 p.m. | 3 hours, 16 minutes ago
Description : A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6002 - VirtueMart Unrestricted File Upload Vulnerability
CVE ID : CVE-2025-6002
Published : June 11, 2025, 5:15 p.m. | 3 hours, 16 minutes ago
Description : An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend. Authenticated attackers can upload files with arbitrary extensions, including executable or malicious files, potentially leading to remote code execution or other security impacts depending on server configuration.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6002
Published : June 11, 2025, 5:15 p.m. | 3 hours, 16 minutes ago
Description : An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend. Authenticated attackers can upload files with arbitrary extensions, including executable or malicious files, potentially leading to remote code execution or other security impacts depending on server configuration.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0913 - Apache os File Symlink Creation Vulnerability
CVE ID : CVE-2025-0913
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0913
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0917 - IBM Cognos Analytics Stored Cross-Site Scripting
CVE ID : CVE-2025-0917
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0917
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0923 - IBM Cognos Analytics Source Code Disclosure Vulnerability
CVE ID : CVE-2025-0923
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0923
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25032 - IBM Cognos Analytics Memory Exhaustion Denial of Service
CVE ID : CVE-2025-25032
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25032
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40912 - CryptX for Perl Malformed Unicode Injection Vulnerability
CVE ID : CVE-2025-40912
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40912
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX before 0.065 may be susceptible to CVE-2019-17362.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49150 - Cursor JSON File Remote Request Vulnerability
CVE ID : CVE-2025-49150
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent can edit JSON files, this means a malicious agent, for example, after a prompt injection attack already succeeded, could trigger a GET request to an attacker controlled URL, potentially exfiltrating other data the agent may have access to. This vulnerability is fixed in 0.51.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49150
Published : June 11, 2025, 6:15 p.m. | 2 hours, 17 minutes ago
Description : Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent can edit JSON files, this means a malicious agent, for example, after a prompt injection attack already succeeded, could trigger a GET request to an attacker controlled URL, potentially exfiltrating other data the agent may have access to. This vulnerability is fixed in 0.51.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30085 - RSForm!pro Joomla Remote Code Execution Vulnerability
CVE ID : CVE-2025-30085
Published : June 11, 2025, 8:15 p.m. | 17 minutes ago
Description : Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. The issue occurs within the submission export feature and requires administrative access to the export feature.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30085
Published : June 11, 2025, 8:15 p.m. | 17 minutes ago
Description : Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. The issue occurs within the submission export feature and requires administrative access to the export feature.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...