Security Vulnerabilities - CVEs Published In June 2025
A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-06-02
A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-06-02
A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-06-02
A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-06-02
Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-06-02
An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-06-02
An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-06-02
An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-06-02
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.006
Published
2025-06-02
A server-side request forgery vulnerability exists in HPE StoreOnce Software.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-02