Total
35523 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-48133 | 1 Linecorp | 1 Line | 2025-06-16 | 5.4 Medium |
| An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43994 | 1 Linecorp | 1 Line | 2025-06-16 | 5.4 Medium |
| An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-42941 | 1 Apple | 2 Ipados, Iphone Os | 2025-06-16 | 4.8 Medium |
| The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets. | ||||
| CVE-2023-42830 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-16 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information. | ||||
| CVE-2023-42829 | 1 Apple | 1 Macos | 2025-06-16 | 5.5 Medium |
| The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases. | ||||
| CVE-2024-25675 | 1 Misp | 1 Misp | 2025-06-16 | 9.8 Critical |
| An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp. | ||||
| CVE-2023-5485 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-06-16 | 4.3 Medium |
| Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2023-43989 | 1 Linecorp | 1 Line | 2025-06-16 | 5.4 Medium |
| An issue in mokumoku chohu mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2025-5428 | 1 Juzaweb | 1 Cms | 2025-06-16 | 6.3 Medium |
| A vulnerability classified as critical has been found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/log-viewer of the component Error Logs Page. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-45561 | 1 Linecorp | 1 Line | 2025-06-13 | 5.3 Medium |
| An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | ||||
| CVE-2023-4280 | 1 Silabs | 1 Gecko Software Development Kit | 2025-06-13 | 9.3 Critical |
| An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. | ||||
| CVE-2024-0985 | 2 Postgresql, Redhat | 7 Postgresql, Enterprise Linux, Rhel Aus and 4 more | 2025-06-13 | 8 High |
| Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected. | ||||
| CVE-2024-48900 | 1 Moodle | 1 Moodle | 2025-06-13 | 4.3 Medium |
| A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to. | ||||
| CVE-2024-46213 | 1 Redaxo | 1 Redaxo | 2025-06-13 | 7.2 High |
| REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability. | ||||
| CVE-2024-31759 | 1 Publiccms | 1 Publiccms | 2025-06-12 | 8.8 High |
| An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function. | ||||
| CVE-2025-4190 | 1 Aleapp | 1 Csv Mass Importer | 2025-06-12 | 7.2 High |
| The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) | ||||
| CVE-2025-48187 | 1 Infiniflow | 1 Ragflow | 2025-06-12 | 9.1 Critical |
| RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting. | ||||
| CVE-2023-39323 | 3 Fedoraproject, Golang, Redhat | 3 Fedora, Go, Enterprise Linux | 2025-06-12 | 8.1 High |
| Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex. | ||||
| CVE-2023-41752 | 3 Apache, Apache Software Foundation, Fedoraproject | 3 Traffic Server, Apache Traffic Server, Fedora | 2025-06-12 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue. | ||||
| CVE-2023-41077 | 1 Apple | 1 Macos | 2025-06-12 | 5.5 Medium |
| An app may be able to access protected user data. This issue is fixed in macOS Sonoma 14, macOS Ventura 13.6.1. The issue was addressed with improved checks. | ||||