Total
300055 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6288 | 2025-07-01 | 4.7 Medium | ||
| The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’ parameter in all versions up to, and including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-13914 | 2025-07-01 | 7.2 High | ||
| The File Manager Advanced Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6 (advanced-file-manager-pro-premium), via the 'file_manager_advanced' shortcode. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary JavaScript files on the server. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Sites currently using 2.5.4 (file-manager-advanced-shortcode) should be updated to 2.6.0 (advanced-file-manager-pro-premium). | ||||
| CVE-2019-20444 | 5 Canonical, Debian, Fedoraproject and 2 more | 19 Ubuntu Linux, Debian Linux, Fedora and 16 more | 2025-07-01 | 9.1 Critical |
| HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." | ||||
| CVE-2025-50528 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-01 | 7.3 High |
| A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05.19 via the page parameter. | ||||
| CVE-2025-50367 | 1 Anujk305 | 1 Medical Card Generation System | 2025-07-01 | 6.1 Medium |
| A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript. | ||||
| CVE-2025-50369 | 1 Anujk305 | 1 Medical Card Generation System | 2025-07-01 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/admin/manage-card.php) of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authorized admin to delete medical card records by sending a simple GET request without verifying the origin of the request. | ||||
| CVE-2025-50370 | 1 Anujk305 | 1 Medical Card Generation System | 2025-07-01 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mcgs/admin/readenq.php of the Phpgurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authenticated admin to delete inquiry records via a simple GET request, without requiring a CSRF token or validating the origin of the request. | ||||
| CVE-2024-52900 | 1 Ibm | 1 Cognos Analytics | 2025-07-01 | 6.4 Medium |
| IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-51672 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2025-07-01 | 8 High |
| A time-based blind SQL injection vulnerability was identified in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability exists in the manage-companies.php file and allows remote attackers to execute arbitrary SQL code via the companyname parameter in a POST request. | ||||
| CVE-2025-6696 | 1 Wegia | 1 Wegia | 2025-07-01 | 3.5 Low |
| A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been classified as problematic. Affected is an unknown function of the file /html/atendido/Cadastro_Atendido.php of the component Cadastro de Atendio. The manipulation of the argument Nome/Sobrenome leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This is a different issue than CVE-2025-22615. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6697 | 1 Wegia | 1 Wegia | 2025-07-01 | 3.5 Low |
| A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /html/matPat/adicionar_tipoEntrada.php of the component Adicionar tipo. The manipulation of the argument Insira o novo tipo leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6698 | 1 Wegia | 1 Wegia | 2025-07-01 | 3.5 Low |
| A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /html/matPat/adicionar_tipoSaida.php of the component Adicionar tipo. The manipulation of the argument Insira o novo tipo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6750 | 1 Hdfgroup | 1 Hdf5 | 2025-07-01 | 3.3 Low |
| A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5035 | 1 Firelightwp | 1 Firelight Lightbox | 2025-07-01 | 5.4 Medium |
| The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitise and escape title attributes before outputting them in the page, which could allow users with a role as low as contributors to perform stored Cross-Site Scripting attacks. | ||||
| CVE-2025-5093 | 1 Dfactory | 1 Responsive Lightbox | 2025-07-01 | 5.4 Medium |
| The Responsive Lightbox & Gallery WordPress plugin before 2.5.2 use the Swipebox library which does not validate and escape title attributes before outputting them back in a page/post where used, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-6816 | 1 Hdfgroup | 1 Hdf5 | 2025-07-01 | 3.3 Low |
| A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6817 | 1 Hdfgroup | 1 Hdf5 | 2025-07-01 | 3.3 Low |
| A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6837 | 1 Code-projects | 1 Library System | 2025-07-01 | 6.3 Medium |
| A vulnerability classified as critical was found in code-projects Library System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-21364 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-07-01 | 7.8 High |
| Microsoft Excel Security Feature Bypass Vulnerability | ||||
| CVE-2025-21365 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-07-01 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||