Security Vulnerabilities - CVEs Published In June 2025
In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible
CVSS Score
5.4
EPSS Score
0.001
Published
2025-06-23
In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
CVSS Score
4.8
EPSS Score
0.0
Published
2025-06-23
In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
CVSS Score
4.3
EPSS Score
0.0
Published
2025-06-23
In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
CVSS Score
4.8
EPSS Score
0.0
Published
2025-06-23
SQL Injection vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version before 5.4.3 allows a remote attacker to obtain sensitive information via the ks parameter in json_scorm.php file
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-23
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted tag structures and attribute values that include an @import directive and other script injection vectors. The vulnerability is triggered when a user views a crafted e-mail message in the Classic UI, requiring no additional user interaction.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-06-23
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-06-23
An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-06-23
A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-06-23
An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization.
Successful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-06-23