LiveActive security incident?Get immediate response
CVE archive

June 2025

Browse CVE records published in June 2025, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 3541 matching CVEs · Page 1 of 71.

High · CVSS 8.7

CVE-2025-71319: image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application.

Published Jun 9, 2026 · Updated Jul 10, 2026

High · CVSS 7.5

CVE-2025-44203: In HotelDruid 3.0.0 and 3.0.7, the unauthenticated database-setup endpoint creadb.php can be reached before...

In HotelDruid 3.0.0 and 3.0.7, the unauthenticated database-setup endpoint creadb.php can be reached before setup is completed and performs database creation without locking. By sending many concurrent requests, an attacker can trigger a race condition during which verbose SQL error messages disclose the administrator username, password hash, and salt. The same race leaves the setup partially initialized, so the administrator can no longer log in with the credentials set during installation, resulting in a denial of service that requires reinstallation to recover. Remote exploitation additionally requires the installation to allow non-localhost access. The vulnerability was fixed in version 3.0.8.

Published Jun 20, 2025 · Updated Jul 9, 2026

Low · CVSS 2.5

CVE-2025-6170: Libxml2: stack buffer overflow in xmllint interactive shell command handling

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

Published Jun 16, 2025 · Updated Jul 8, 2026

High · CVSS 8.7

CVE-2025-4994: Authentication Bypass for SafeLine SL6 and SL6+

The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy (BLE) interface. Consequently, an attacker within wireless range can gain unauthorized administrative access to the device configuration.

Published Jun 22, 2026 · Updated Jul 7, 2026

Medium · CVSS 5.4

CVE-2025-15546: Iptanus File Upload < 5.1.7 - File Overwrite via Race Condition

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use (TOCTOU) race condition between the file existence check and the actual file write operation, an authenticated attacker can overwrite files uploaded by other users.

Published Jun 14, 2026 · Updated Jul 6, 2026

Medium · CVSS 6.5

CVE-2025-40910: Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses

Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.

Published Jun 27, 2025 · Updated Jul 3, 2026

Medium · CVSS 4.3

CVE-2025-36319: Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to cause a temporary denial using a specially crafted HTTP request due to improper allocation of resource throttling.

Published Jun 30, 2026 · Updated Jul 1, 2026

High · CVSS 7.6

CVE-2025-71355: Picklescan - Arbitrary Code Execution via Unsafe Numpy Function Detection Bypass

Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing._private.utils.runstring within the reduce method to import dangerous libraries like os and execute arbitrary OS commands when the pickle file is loaded.

Published Jun 30, 2026 · Updated Jul 1, 2026

Medium · CVSS 5.9

CVE-2025-12530: Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.

Published Jun 30, 2026 · Updated Jul 1, 2026

Medium · CVSS 6.5

CVE-2025-36327: Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security.

Published Jun 30, 2026 · Updated Jul 1, 2026

Medium · CVSS 4.3

CVE-2025-36324: Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Published Jun 30, 2026 · Updated Jul 1, 2026

High · CVSS 8.1

CVE-2025-71368: picklescan - Arbitrary Code Execution via Undetected doctest.debug_script

picklescan before 0.0.30 fails to detect the doctest.debug_script function when analyzing pickle files, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files embedding doctest.debug_script calls that bypass picklescan detection and execute arbitrary commands upon pickle.load invocation.

Published Jun 30, 2026 · Updated Jul 1, 2026

Medium · CVSS 5.7

CVE-2025-36321: Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

Published Jun 30, 2026 · Updated Jul 1, 2026

High · CVSS 8.1

CVE-2025-71374: picklescan - Arbitrary Code Execution via Undetected profile.Profile.run

picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files that bypass picklescan detection and achieve code execution upon deserialization.

Published Jun 30, 2026 · Updated Jul 1, 2026

Medium · CVSS 5.4

CVE-2025-36323: Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Published Jun 30, 2026 · Updated Jul 1, 2026

High · CVSS 8.1

CVE-2025-71352: picklescan - Remote Code Execution via Undetected trace.Trace.runctx in Pickle Files

picklescan before 0.0.29 fails to detect the built-in Python trace.Trace.runctx function when used in pickle file reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files with trace.Trace.runctx payloads that bypass picklescan detection and execute code upon pickle.load() invocation.

Published Jun 30, 2026 · Updated Jul 1, 2026

Medium · CVSS 6.9

CVE-2025-71381: Hono - Vary Header Injection in CORS Middleware

Hono before 4.10.2 (fixed in 4.10.3) contains a flaw in its CORS middleware: when the origin is not set to "*", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply arbitrary Vary values that are reflected into the response, potentially causing cache key pollution and inconsistent CORS enforcement in environments that rely on shared caches or proxies.

Published Jun 30, 2026 · Updated Jul 1, 2026

Medium · CVSS 6.4

CVE-2025-36320: Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Published Jun 30, 2026 · Updated Jul 1, 2026

Critical · CVSS 9.8

CVE-2025-71336: Flowise - Unsandboxed Remote Code Execution via Custom MCP

Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an unsandboxed remote code execution vulnerability in the Custom MCP feature, which is designed to execute OS commands such as launching local MCP servers. Because Flowise's authentication and authorization model is minimal and lacks role-based access control, and the default installation runs without authentication unless FLOWISE_USERNAME and FLOWISE_PASSWORD are set, an attacker can send a crafted JSON payload with the header 'x-request-from: internal' to the /api/v1/node-load-method/customMCP endpoint to execute arbitrary OS commands, resulting in complete compromise of the platform container or server.

Published Jun 25, 2026 · Updated Jun 30, 2026

High · CVSS 7

CVE-2025-6019: Libblockdev: lpe from allow_active to root in libblockdev via udisks

A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.

Published Jun 19, 2025 · Updated Jun 30, 2026

Medium · CVSS 6.1

CVE-2025-6035: Gimp: gimp integer overflow

A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.

Published Jun 13, 2025 · Updated Jun 30, 2026

High · CVSS 8.3

CVE-2025-6032: Podman: podman missing tls verification

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

Published Jun 24, 2025 · Updated Jun 30, 2026

High · CVSS 7.8

CVE-2025-6020: Linux-pam: linux-pam directory traversal

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

Published Jun 17, 2025 · Updated Jun 30, 2026

High · CVSS 7.8

CVE-2025-5914: Libarchive: double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

Published Jun 9, 2025 · Updated Jun 30, 2026

Medium · CVSS 6.6

CVE-2025-5915: Libarchive: heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.

Published Jun 9, 2025 · Updated Jun 30, 2026

Low · CVSS 2.8

CVE-2025-5917: Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.

Published Jun 9, 2025 · Updated Jun 30, 2026

Low · CVSS 3.9

CVE-2025-5916: Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.

Published Jun 9, 2025 · Updated Jun 30, 2026