Security Vulnerabilities - CVEs Published In June 2025
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-06-13
A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user.
The attacker must have network access to the management web interface and successfully authenticate to exploit this issue.
Cloud NGFW and Prisma Access are not impacted by this vulnerability.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-06-13
An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-06-13
yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-06-12
Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-06-12
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Multiple system messages are inserted into the CommandPaletteFooter as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-06-12
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The citizen-search-noresults-title and citizen-search-noresults-desc system messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-06-12
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various preferences messages are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This vulnerability is fixed in 3.3.1.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-06-12
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Various date messages returned by `Language::userDate` are inserted into raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-06-12
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. All system messages in menu headings using the Menu.mustache template are inserted as raw HTML, allowing anybody who can edit those messages to insert arbitrary HTML into the DOM. This impacts wikis where a group has the `editinterface` but not the `editsitejs` user right. This vulnerability is fixed in 3.3.1.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-06-12