High · CVSS 7.8 · CISA KEV
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
Published Jun 23, 2015 · Updated Nov 17, 2025
High · CVSS 8.8 · CISA KEV
Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability."
Published Jun 10, 2015 · Updated Oct 21, 2025
High · CVSS 8.8 · CISA KEV
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Published Jun 10, 2015 · Updated Oct 21, 2025
Low · CVSS 3.9
pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.
Published Jun 26, 2025 · Updated Jul 2, 2025
Low · CVSS 3.4
RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network.
Published Jun 29, 2025 · Updated Jun 30, 2025
Critical · CVSS 9.8
yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.
Published Jun 26, 2025 · Updated Jun 27, 2025
Critical · CVSS 9.8
yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.
Published Jun 26, 2025 · Updated Jun 27, 2025
Unknown · CVSS Not scored
Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.
Published Jun 13, 2017 · Updated May 30, 2025
Medium · CVSS 4
A vulnerability classified as problematic was found in cchetanonline WP-CopyProtect up to 3.0.0. This vulnerability affects the function CopyProtect_options_page of the file wp-copyprotect.php. The manipulation of the argument CopyProtect_nrc_text leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.1.0 is able to address this issue. The patch is identified as 8b8fe4102886b326330dc1ff06b17313fb10aee5. It is recommended to upgrade the affected component. VDB-231202 is the identifier assigned to this vulnerability.
Published Jun 12, 2023 · Updated Jan 6, 2025
Unknown · CVSS Not scored
end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.
Published Jun 25, 2023 · Updated Nov 27, 2024
Unknown · CVSS Not scored
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
Published Jun 29, 2023 · Updated Nov 26, 2024
Unknown · CVSS Not scored
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
Published Jun 12, 2017 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos.
Published Jun 30, 2017 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.
Published Jun 30, 2017 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Jun 10, 2015 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title.
Published Jun 30, 2017 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) usr or (2) pwd parameter.
Published Jun 18, 2015 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp.
Published Jun 30, 2015 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos.
Published Jun 30, 2017 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in LivelyCart 1.2.0 allows remote attackers to execute arbitrary SQL commands via the search_query parameter to product/search.
Published Jun 30, 2015 · Updated Sep 16, 2024
Medium · CVSS 4
A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The name of the patch is 5966a5e6343e3d5610bdfa126a5cfbae95e629b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230664.
Published Jun 6, 2023 · Updated Aug 6, 2024
Medium · CVSS 5
A vulnerability, which was classified as problematic, was found in WooSidebars Sidebar Manager Converter Plugin up to 1.1.1 on WordPress. This affects the function process_request of the file classes/class-woosidebars-sbm-converter.php. The manipulation leads to open redirect. It is possible to initiate the attack remotely. Upgrading to version 1.1.2 is able to address this issue. The patch is named a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230655.
Published Jun 5, 2023 · Updated Aug 6, 2024
Medium · CVSS 4
A vulnerability classified as problematic was found in ruddernation TinyChat Room Spy Plugin up to 1.2.8 on WordPress. This vulnerability affects the function wp_show_room_spy of the file room-spy.php. The manipulation of the argument room leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.9 is able to address this issue. The name of the patch is ab72627a963d61fb3bc31018e3855b08dc94a979. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230392.
Published Jun 1, 2023 · Updated Aug 6, 2024
Medium · CVSS 4
A vulnerability classified as problematic was found in WooFramework Tweaks Plugin up to 1.0.1 on WordPress. Affected by this vulnerability is the function admin_screen_logic of the file wooframework-tweaks.php. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is 3b57d405149c1a59d1119da6e0bb8212732c9c88. It is recommended to upgrade the affected component. The identifier VDB-230653 was assigned to this vulnerability.
Published Jun 5, 2023 · Updated Aug 6, 2024
Medium · CVSS 5
A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. This affects the function install_new_favicon of the file admin/class-favicon-by-realfavicongenerator-admin.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.2.13 is able to address this issue. The identifier of the patch is 949a1ae7216216350458844f50a72f100b56d4e7. It is recommended to upgrade the affected component. The identifier VDB-230661 was assigned to this vulnerability.
Published Jun 6, 2023 · Updated Aug 6, 2024
Medium · CVSS 5
A vulnerability, which was classified as problematic, has been found in WooSidebars Plugin up to 1.4.1 on WordPress. Affected by this issue is the function enable_custom_post_sidebars of the file classes/class-woo-sidebars.php. The manipulation of the argument sendback leads to open redirect. The attack may be launched remotely. Upgrading to version 1.4.2 is able to address this issue. The patch is identified as 1ac6d6ac26e185673f95fc1ccc56a392169ba601. It is recommended to upgrade the affected component. VDB-230654 is the identifier assigned to this vulnerability.
Published Jun 5, 2023 · Updated Aug 6, 2024
Medium · CVSS 4.3
A vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress. Affected is the function admin_screen_logic of the file wooframework-branding.php. The manipulation of the argument url leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is f12fccd7b5eaf66442346f748c901ef504742f78. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230652.
Published Jun 5, 2023 · Updated Aug 6, 2024
Medium · CVSS 6.5
A vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress. It has been rated as critical. This issue affects the function watu_exams of the file controllers/exam.php of the component Exam Handler. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. Upgrading to version 2.6.8 is able to address this issue. The patch is named bf42e7cfd819a3e76cf3e1465697e89f4830590c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230651.
Published Jun 4, 2023 · Updated Aug 6, 2024
Medium · CVSS 5
A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file wp-media-cincopa.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.137 is able to address this issue. The name of the patch is ee28e91f4d5404905204c43b7b84a8ffecad932e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230264.
Published Jun 1, 2023 · Updated Aug 6, 2024
Unknown · CVSS Not scored
An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.
Published Jun 19, 2020 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
Published Jun 12, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.
Published Jun 25, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negative sample rate.
Published Jun 25, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a cryptographic routine.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges).
Published Jun 22, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE application.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.
Published Jun 6, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.
Published Jun 25, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory.
Published Jun 13, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack.
Published Jun 16, 2017 · Updated Aug 6, 2024