Security Vulnerabilities - CVEs Published In June 2025
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-user (super admin) installations, on multi-user installations, this allows non-super-admin users with campaign or template permissions to use the `{{ env }}` template expression to capture sensitive environment variables. Users should upgrade to v5.0.2 to mitigate the issue.
CVSS Score
9.0
EPSS Score
0.618
Published
2025-06-09
An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module
CVSS Score
6.8
EPSS Score
0.001
Published
2025-06-09
A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin/article.php. The manipulation of the argument active_post leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
2.0
EPSS Score
0.002
Published
2025-06-09
Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1.
CVSS Score
8.1
EPSS Score
0.003
Published
2025-06-09
Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6.
CVSS Score
8.1
EPSS Score
0.003
Published
2025-06-09
Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6.
CVSS Score
8.1
EPSS Score
0.003
Published
2025-06-09
Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX dc-woocommerce-multi-vendor allows Retrieve Embedded Sensitive Data.This issue affects MultiVendorX: from n/a through <= 4.2.22.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-06-09
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes allows Path Traversal. This issue affects WP Pipes: from n/a through 1.4.2.
CVSS Score
8.6
EPSS Score
0.004
Published
2025-06-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Inclusion.This issue affects Essential Real Estate: from n/a through <= 5.2.9.
CVSS Score
8.1
EPSS Score
0.005
Published
2025-06-09
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Path Traversal.This issue affects Welcart e-Commerce: from n/a through <= 2.11.13.
CVSS Score
6.8
EPSS Score
0.003
Published
2025-06-09