Security Vulnerabilities - CVEs Published In June 2025
A stored cross-site scripting (XSS) vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard content' text boxes. This can lead to the execution of malicious scripts when the dashboard is viewed. Users are recommended to update to version 14.2.1 or later to mitigate this vulnerability.
CVSS Score
5.4
EPSS Score
0.005
Published
2025-06-10
A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. This vulnerability could be exploited by attackers to execute malicious scripts when the survey is accessed through its public link. It is advised to update to version 14.2.1 or later to fix this issue.
CVSS Score
5.4
EPSS Score
0.003
Published
2025-06-10
A stored cross-site scripting (XSS) vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to the execution of malicious scripts when the event is viewed. Updating to version 14.2.1 or later is recommended to remediate this vulnerability.
CVSS Score
5.4
EPSS Score
0.005
Published
2025-06-10
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument fullname leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVSS Score
1.9
EPSS Score
0.002
Published
2025-06-10
A vulnerability has been found in D-Link DIR-632 FW103B08 and classified as critical. Affected by this vulnerability is the function FUN_00425fd8 of the file /biurl_grou of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
7.4
EPSS Score
0.015
Published
2025-06-10
Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
8.2
EPSS Score
0.011
Published
2025-06-10
Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.
CVSS Score
4.4
EPSS Score
0.01
Published
2025-06-10
Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.011
Published
2025-06-10
Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.005
Published
2025-06-10
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVSS Score
8.4
EPSS Score
0.015
Published
2025-06-10