6.4

CVSS3.1

CVE-2025-5258 - Conference Scheduler <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via classN…

The Conference Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level…

📅 Published: June 24, 2025, 7:24 a.m. 🔄 Last Modified: April 8, 2026, 4:35 p.m.

9.8

CVSS3.1

CVE-2025-50213 - Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOper…

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflake…

📅 Published: June 24, 2025, 7:06 a.m. 🔄 Last Modified: July 11, 2025, 6:36 p.m.

8.2

CVSS3.1

CVE-2025-2962 - Infinite loop in dns_copy_qname

A denial-of-service issue in the dns implemenation could cause an infinite loop.

📅 Published: June 24, 2025, 5:32 a.m. 🔄 Last Modified: Oct. 30, 2025, 3:50 p.m.

9.3

CVSS4.0

CVE-2025-48890 -

WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in miniigd SOAP service. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be execu…

📅 Published: June 24, 2025, 4:37 a.m. 🔄 Last Modified: June 26, 2025, 6:58 p.m.

9.3

CVSS4.0

CVE-2025-43879 -

WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in the telnet function. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be execut…

📅 Published: June 24, 2025, 4:37 a.m. 🔄 Last Modified: June 26, 2025, 7:25 p.m.

4.8

CVSS4.0

CVE-2025-43877 -

WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product.

📅 Published: June 24, 2025, 4:37 a.m. 🔄 Last Modified: June 26, 2025, 6:58 p.m.

8.7

CVSS4.0

CVE-2025-41427 -

WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Connection Diagnostics page. If a remote authenticated attacker sends a specially crafted request to the affected product, an arbitrary …

📅 Published: June 24, 2025, 4:37 a.m. 🔄 Last Modified: July 13, 2025, 9:48 p.m.

5.3

CVSS4.0

CVE-2025-36519 -

Unrestricted upload of file with dangerous type issue exists in WRC-2533GST2, WRC-1167GST2, WRC-2533GST2, WRC-2533GS2V-B,WRC-2533GS2-B v1.69 and earlier, WRC-2533GS2-W, WRC-1167GST2, WRC-1167GS2-B, and WRC-1167GS2H-B. If a specially crafted file is uploaded by a remote authenticated attacker, arbit…

📅 Published: June 24, 2025, 4:36 a.m. 🔄 Last Modified: Feb. 3, 2026, 8:16 a.m.

0.0

CVE-2025-53017 -

Reason: This candidate was issued in error.

📅 Published: June 24, 2025, 3:50 a.m. 🔄 Last Modified: June 30, 2025, 4:15 p.m.

0.0

CVE-2025-53001 -

Reason: This candidate was issued in error.

📅 Published: June 24, 2025, 3:50 a.m. 🔄 Last Modified: June 30, 2025, 4:15 p.m.
Total resulsts: 343749
Page 4361 of 34,375
« previous page » next page
Filters