Total
4916 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-28203 | 1 Govicture | 2 Rx1800, Rx1800 Firmware | 2025-06-12 | 8.8 High |
| Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability. | ||||
| CVE-2025-5796 | 1 Code-projects | 1 Simple Laundry System | 2025-06-12 | 3.5 Low |
| A vulnerability has been found in code-projects Laundry System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /data/edit_type.php. The manipulation of the argument Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5797 | 1 Code-projects | 1 Simple Laundry System | 2025-06-12 | 3.5 Low |
| A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. This issue affects some unknown processing of the file /data/insert_type.php. The manipulation of the argument Type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-39323 | 3 Fedoraproject, Golang, Redhat | 3 Fedora, Go, Enterprise Linux | 2025-06-12 | 8.1 High |
| Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex. | ||||
| CVE-2025-5879 | 2025-06-12 | 3.5 Low | ||
| A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-48140 | 2025-06-12 | 9.9 Critical | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI allows Code Injection. This issue affects MetalpriceAPI: from n/a through 1.1.4. | ||||
| CVE-2025-48123 | 2025-06-12 | 10 Critical | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows Code Injection. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37. | ||||
| CVE-2025-49013 | 2025-06-12 | 10 Critical | ||
| WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of `${{ github.event.review.body }}` and other user controlled variables directly inside shell script contexts in GitHub Actions workflows. This introduces a code injection vulnerability: a malicious actor submitting a crafted pull request review containing shell metacharacters or commands could execute arbitrary shell code on the GitHub Actions runner. This can lead to arbitrary command execution with the permissions of the workflow, potentially compromising CI infrastructure, secrets, and build outputs. Developers who maintain or contribute to the repos WilderForge/WilderForge, WilderForge/ExampleMod, WilderForge/WilderWorkspace, WilderForge/WildermythGameProvider, WilderForge/AutoSplitter, WilderForge/SpASM, WilderForge/thrixlvault, WilderForge/MassHash, and/or WilderForge/DLC_Disabler; as well as users who fork any of the above repositories and reuse affected GitHub Actions workflows, are affected. End users of any the above software and users who only install pre-built releases or artifacts are not affected. This vulnerability does not impact runtime behavior of the software or compiled outputs unless those outputs were produced during exploitation of this vulnerability. A current workaround is to disable GitHub Actions in affected repositories, or remove the affected workflows. | ||||
| CVE-2025-5884 | 2025-06-12 | 3.5 Low | ||
| A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202. This affects an unknown part of the component Display MFP Information List. The manipulation of the argument Model Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-30085 | 2025-06-12 | N/A | ||
| Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. The issue occurs within the submission export feature and requires administrative access to the export feature. | ||||
| CVE-2023-5044 | 1 Kubernetes | 1 Ingress-nginx | 2025-06-12 | 7.6 High |
| Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. | ||||
| CVE-2022-31860 | 1 Openremote | 1 Openremote | 2025-06-12 | 9.8 Critical |
| An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule. | ||||
| CVE-2023-42833 | 2 Apple, Redhat | 6 Ipados, Iphone Os, Macos and 3 more | 2025-06-11 | 8.8 High |
| A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution. | ||||
| CVE-2023-33472 | 1 Scada-lts | 1 Scada-lts | 2025-06-11 | 8.8 High |
| An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function. | ||||
| CVE-2024-3931 | 1 Totara | 2 Enterprise Lms, Totara | 2025-06-10 | 3.5 Low |
| A vulnerability was found in Totara LMS up to 18.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/roles/check.php of the component User Selector. The manipulation of the argument ID Number leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 13.46, 14.38, 15.33, 16.27, 17.21 and 18.8 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-45753 | 1 Vtiger | 1 Vtiger Crm | 2025-06-10 | 7.2 High |
| A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature. | ||||
| CVE-2025-5137 | 1 Dedecms | 1 Dedecms | 2025-06-10 | 4.7 Medium |
| A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sys_verifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5726 | 1 Razormist | 1 Student Result Management System | 2025-06-10 | 2.4 Low |
| A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /script/academic/division-system of the component Division System Page. The manipulation of the argument Division leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5727 | 1 Razormist | 1 Student Result Management System | 2025-06-10 | 2.4 Low |
| A vulnerability classified as problematic has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/announcement of the component Announcement Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5757 | 1 Carmelogarcia | 1 Traffic Offense Reporting System | 2025-06-10 | 3.5 Low |
| A vulnerability was found in code-projects Traffic Offense Reporting System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /save-reported.php. The manipulation of the argument offence_id/vehicle_no/driver_license/name/address/gender/officer_reporting/offence leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||