CVE-2025-60694
(7.5 HIGH)

EPSS: 0.00%

updated 2025-11-13T18:31:17

2 posts

A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function improperly concatenates user-supplied CGI parameters (route_ipaddr_0~3, route_netmask_0~3, route_gateway_0~3) into fixed-size buffers (v6, v10, v14) without proper bounds checking. Remote attackers can exploit this vulnerabi

CVE-2025-60691
(8.8 HIGH)

EPSS: 0.00%

updated 2025-11-13T18:31:17

2 posts

A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The apply_cgi and block_cgi functions copy user-supplied input from the "url" CGI parameter into stack buffers (v36, v29) using sprintf without bounds checking. Because these buffers are allocated as single-byte variables, any non-empty input will trigger a buffer overflow.

CVE-2025-60692
(8.4 HIGH)

EPSS: 0.00%

updated 2025-11-13T18:31:17

2 posts

A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The functions get_mac_from_ip and get_ip_from_mac use sscanf with overly permissive "%100s" format specifiers to parse entries from /proc/net/arp into fixed-size buffers (v6: 50 bytes, v7 sub-arrays: 50 bytes). This allows local attackers controll

CVE-2025-60689
(5.4 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T18:31:17

2 posts

An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs because user-supplied CGI parameters (wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip, ttcp_size) are concatenated into system command strings without proper sanitization and executed via wl_exec_cmd. Succes

CVE-2025-60695
(5.9 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T18:31:16

2 posts

A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). The function sub_4045A8 reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and then copies it into caller-provided buffer a1 using strcpy without boundary checks. Since a1 is often allocated with significantly smaller sizes (20-32 bytes), local attackers co

CVE-2025-60690
(8.8 HIGH)

EPSS: 0.00%

updated 2025-11-13T18:31:16

2 posts

A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching <parameter>_0~3 into a fixed-size buffer (a2) without bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute a

CVE-2025-60688
(6.5 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T18:31:16

2 posts

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse function). The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack buffer using strcpy() without any length validation. Maliciously crafted input can overflow the

CVE-2025-60686
(5.1 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T18:31:11

2 posts

A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X V9.1.0u.6681_B20230703). Both programs parse the contents of /proc/net/arp using sscanf() with "%s" format specifiers into fixed-size stack buffers without length validation. Specifically, one function

CVE-2025-60687
(6.5 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T18:31:11

2 posts

An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619_B20230130 within the cstecgi.cgi binary (sub_41EC68 function). The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long. The parameter is then directly inserted into a system command using sprintf() and executed with system(). Maliciously c

CVE-2025-60683
(6.5 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T18:31:11

2 posts

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary, specifically in the sub_40BFA4 function that handles network interface reinitialization from '/var/system/linux_vlan_reinit'. Input is only partially validated by checking the prefix of interface names, and is concatenated into shell commands executed via system() withou

CVE-2025-64383
(6.5 MEDIUM)

EPSS: 0.03%

updated 2025-11-13T18:31:05

1 posts

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Qode Qi Blocks qi-blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through <= 1.4.3.

CVE-2025-64380
(6.5 MEDIUM)

EPSS: 0.03%

updated 2025-11-13T18:31:05

1 posts

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Stored XSS.This issue affects Booster for WooCommerce: from n/a through <= 7.3.2.

CVE-2025-64379
(4.3 MEDIUM)

EPSS: 0.02%

updated 2025-11-13T18:31:04

1 posts

Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through <= 7.4.0.

CVE-2025-64370
(5.3 MEDIUM)

EPSS: 0.02%

updated 2025-11-13T18:31:04

1 posts

Missing Authorization vulnerability in YOP YOP Poll yop-poll allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YOP Poll: from n/a through <= 6.5.38.

CVE-2025-63666
(9.8 CRITICAL)

EPSS: 0.03%

updated 2025-11-13T18:31:03

1 posts

Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to access protected resources.

1 repos

https://github.com/Remenis/CVE-2025-63666

CVE-2025-60701
(0 None)

EPSS: 0.00%

updated 2025-11-13T18:15:54.137000

2 posts

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_433188` function in `prog.cgi` stores user-supplied email configuration parameters (`EmailFrom`, `EmailTo`, `SMTPServerAddress`, `SMTPServerPort`, `AccountName`) in NVRAM via `nvram_safe_set`. These values are later retrieved in the `sub_448FDC` functio

CVE-2025-60700
(0 None)

EPSS: 0.00%

updated 2025-11-13T18:15:54.010000

2 posts

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `librcm.so` binaries. The `sub_4455BC` function in `prog.cgi` stores user-supplied `SetDMZSettings/IPAddress` values in NVRAM via `nvram_safe_set("dmz_ipaddr", ...)`. These values are later retrieved in the `DMZ_run` function of `librcm.so` using `nvram_safe_get` and concatena

CVE-2025-60698
(0 None)

EPSS: 0.00%

updated 2025-11-13T18:15:53.880000

2 posts

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_432F60` function in `prog.cgi` stores user-supplied `SetSysLogSettings/IPAddress` values in NVRAM via `nvram_safe_set("SysLogRemote_IPAddress", ...)`. These values are later retrieved in the `sub_448DCC` function of `rc` using `nvram_safe_get` and conca

CVE-2025-60697
(0 None)

EPSS: 0.00%

updated 2025-11-13T18:15:53.753000

2 posts

A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_4438A4` function in `prog.cgi` stores user-supplied DDNS parameters (`ServerAddress` and `Hostname`) in NVRAM via `nvram_safe_set`. These values are later retrieved in the `start_DDNS_ipv4` function of `rc` using `nvram_safe_get` and concatenated into D

CVE-2025-60696
(8.4 HIGH)

EPSS: 0.00%

updated 2025-11-13T18:15:53.587000

2 posts

A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). The arplookup function parses lines from /proc/net/arp using sscanf("%16s ... %18s ..."), storing results into buffers v6 (12 bytes) and v7 (20 bytes). Since the format specifiers allow up to 16 and 18 bytes respectively, oversized input can overflow the buf

CVE-2025-60693
(6.5 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T18:15:53.040000

2 posts

A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to six user-supplied CGI parameters matching <parameter>_0~5 into a fixed-size buffer (a2) without proper bounds checking, appending colon delimiters during concatenation. Remote attackers can exploit this vulnerabil

CVE-2025-60685
(5.1 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T18:15:51.567000

2 posts

A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). The binary reads the /proc/stat file using fgets() into a local buffer and subsequently parses the line using sscanf() into a single-byte variable with the %s format specifier. Maliciously crafted /proc/stat content can overwrite adjacent stack memory, potent

CVE-2025-60684
(6.5 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T18:15:51.387000

2 posts

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length validation. Maliciously crafted input can overflow the

CVE-2025-60682
(6.5 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T18:15:51.023000

2 posts

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, specifically in the sub_402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell commands and executed via system() without any sanitization or escaping. An unauthenticated remote attack

CVE-2025-60671
(0 None)

EPSS: 0.00%

updated 2025-11-13T18:15:50.877000

2 posts

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit file. The vulnerability occurs because content read from this file is only partially validated for a prefix and then formatted using vsnprintf() before being executed with system(), allowing an attack

CVE-2025-59480
(6.1 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T18:15:50.703000

2 posts

Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses

CVE-2025-11777
(3.1 LOW)

EPSS: 0.00%

updated 2025-11-13T18:15:49.393000

2 posts

Mattermost versions 10.11.x <= 10.11.3, 10.5.x <= 10.5.11 fail to properly validate team membership permissions in the Add Channel Member API which allows users from one team to access user metadata and channel membership information from other teams via the API endpoint

CVE-2025-12762
(9.1 CRITICAL)

EPSS: 0.00%

updated 2025-11-13T17:39:19

3 posts

pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.

CVE-2025-64407
(5.3 MEDIUM)

EPSS: 0.11%

updated 2025-11-13T17:15:50.523000

1 posts

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Such links could also be used to transmit system information, such as environment variables or configuration settings. In the affected versions of Apache OpenOffice, documents that used a cer

CVE-2025-20346
(4.3 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T17:15:45.630000

2 posts

A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control (RBAC). An attacker could exploit this vulnerability by logging in to an affected system and modifying certain policy co

CVE-2025-20341
(8.8 HIGH)

EPSS: 0.00%

updated 2025-11-13T17:15:45.400000

3 posts

A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to

CVE-2025-64382
(4.3 MEDIUM)

EPSS: 0.02%

updated 2025-11-13T16:15:55.877000

1 posts

Missing Authorization vulnerability in WebToffee Order Export & Order Import for WooCommerce order-import-export-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Export & Order Import for WooCommerce: from n/a through <= 2.6.7.

CVE-2025-13118
(6.3 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T16:15:50.843000

1 posts

A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-13023
(9.8 CRITICAL)

EPSS: 0.02%

updated 2025-11-13T16:15:50.533000

1 posts

Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145.

CVE-2025-64517
(4.4 MEDIUM)

EPSS: 0.02%

updated 2025-11-13T15:36:04

2 posts

### Summary When `Defaults targetpw` (or `Defaults rootpw`) is enabled, the password of the target account (or root account) instead of the invoking user is used for authentication. `sudo-rs` prior to 0.2.10 incorrectly recorded the invoking user’s UID instead of the authenticated-as user's UID in the authentication timestamp. Any later `sudo` invocation on the same terminal while the timestamp wa

CVE-2025-9242
(9.8 CRITICAL)

EPSS: 60.33%

updated 2025-11-13T15:31:32

4 posts

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and

Nuclei template

1 repos

https://github.com/watchtowrlabs/watchTowr-vs-WatchGuard-CVE-2025-9242

CVE-2025-64404
(7.5 HIGH)

EPSS: 0.01%

updated 2025-11-13T15:31:32

2 posts

Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used background fill images, or bullet images, linked to external files would load the contents of those files wit

CVE-2025-64405
(7.5 HIGH)

EPSS: 0.01%

updated 2025-11-13T15:31:32

2 posts

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, Calc spreadsheet containing DDE links to external files would load the contents of those files without prompting the user for permission to do

CVE-2025-30662
(6.6 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T15:30:38

1 posts

Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.

CVE-2025-12817
(3.1 LOW)

EPSS: 0.00%

updated 2025-11-13T15:30:37

2 posts

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

CVE-2025-12764
(7.5 HIGH)

EPSS: 0.00%

updated 2025-11-13T15:30:37

2 posts

pgAdmin <= 9.9  is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.

CVE-2025-64741
(8.1 HIGH)

EPSS: 0.00%

updated 2025-11-13T15:30:37

2 posts

Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.

CVE-2025-62483
(5.3 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T15:30:37

1 posts

Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.

CVE-2025-13119
(4.3 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T15:30:37

1 posts

A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been published and may be used.

CVE-2025-30669
(4.8 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T15:30:31

1 posts

Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.

CVE-2025-64739
(4.3 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T15:30:31

1 posts

External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.

CVE-2025-12763
(6.8 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T15:30:30

2 posts

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input.

CVE-2025-64740
(7.5 HIGH)

EPSS: 0.00%

updated 2025-11-13T15:15:53.820000

1 posts

Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

CVE-2025-64711
(3.9 LOW)

EPSS: 0.01%

updated 2025-11-13T15:15:52.707000

1 posts

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on PrivateBin will execute arbitrary JavaScript within their own session (self-XSS). This allows an attacker who

CVE-2025-62482
(4.3 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T15:15:51.697000

1 posts

Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.

CVE-2025-13117
(5.4 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T15:15:50.463000

1 posts

A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but di

CVE-2025-13076
(4.7 MEDIUM)

EPSS: 0.03%

updated 2025-11-13T15:15:50.250000

1 posts

A flaw has been found in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/usersetting.php. Executing manipulation of the argument usname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.

CVE-2025-12735
(9.8 CRITICAL)

EPSS: 0.12%

updated 2025-11-13T15:15:49.590000

1 posts

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted variables object into the evaluate() function and trigger arbitrary code execution.

CVE-2023-7326
(0 None)

EPSS: 0.15%

updated 2025-11-13T15:15:48.983000

1 posts

The Epson Stylus SX510W embedded web management service fails to properly handle consecutive ampersand characters in query parameters when accessing /PRESENTATION/HTML/TOP/INDEX.HTML. A remote attacker can send a malformed request that triggers improper input parsing or memory handling, resulting in the printer process shutting down or powering off, causing a denial of service condition.

CVE-2025-64402
(6.5 MEDIUM)

EPSS: 0.03%

updated 2025-11-13T15:08:55.247000

2 posts

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to external files would load the contents of those files without prompting the user for permission to

CVE-2025-64403
(8.1 HIGH)

EPSS: 0.03%

updated 2025-11-13T15:08:42.313000

3 posts

Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links to be loaded without prompt. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue.

CVE-2025-12480
(9.1 CRITICAL)

EPSS: 52.34%

updated 2025-11-13T15:07:03.620000

5 posts

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.

Nuclei template

1 repos

https://github.com/velmetrac/CVE-2025-12480

CVE-2025-59118
(7.3 HIGH)

EPSS: 0.05%

updated 2025-11-13T15:04:59.130000

2 posts

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue.

1 repos

https://github.com/B1ack4sh/Blackash-CVE-2025-59118

CVE-2025-12765
(7.5 HIGH)

EPSS: 0.00%

updated 2025-11-13T14:15:47.873000

2 posts

pgAdmin <= 9.9  is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.

CVE-2025-12818
(5.9 MEDIUM)

EPSS: 0.00%

updated 2025-11-13T13:15:45.313000

2 posts

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

CVE-2025-64384(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-11-13T12:32:48

1 posts

Missing Authorization vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetFormBuilder: from n/a through <= 3.5.3.

CVE-2025-64292(CVSS UNKNOWN)

EPSS: 0.03%

updated 2025-11-13T12:32:46

1 posts

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PascalBajorat Analytics Germanized for Google Analytics ga-germanized allows DOM-Based XSS.This issue affects Analytics Germanized for Google Analytics: from n/a through <= 1.6.2.

CVE-2025-7704
(5.4 MEDIUM)

EPSS: 0.04%

updated 2025-11-13T10:15:54.823000

1 posts

Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability

CVE-2025-64381
(0 None)

EPSS: 0.03%

updated 2025-11-13T10:15:54.180000

1 posts

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Calendar booking allows Stored XSS.This issue affects Booking Calendar: from n/a through <= 10.14.7.

CVE-2025-64369
(0 None)

EPSS: 0.02%

updated 2025-11-13T10:15:53.423000

1 posts

Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.58.

CVE-2025-12733
(8.8 HIGH)

EPSS: 0.22%

updated 2025-11-13T06:30:30

2 posts

The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.9.6. This is due to the use of eval() on unsanitized user-supplied input in the pmxi_if function within helpers/functions.php. This makes it possible for authenticated attackers, with import capabilities (typically administrators), t

CVE-2025-12620
(4.9 MEDIUM)

EPSS: 0.02%

updated 2025-11-13T06:30:30

1 posts

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the ‘filterbyauthor’ parameter in all versions up to, and including, 6.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level a

CVE-2025-12536
(5.3 MEDIUM)

EPSS: 0.04%

updated 2025-11-13T06:30:30

1 posts

The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the '_srfm_email_notification' post meta registration. This is due to setting the 'auth_callback' parameter to '__return_true', which allows unauthenticated access to the metadata. This makes it possible for unauthenticated attackers to extract sensitive data includin

CVE-2025-12366
(4.3 MEDIUM)

EPSS: 0.03%

updated 2025-11-13T06:30:30

1 posts

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.5 via the pagelayer_replace_page function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to replace media files belonging to other use

CVE-2025-12089
(6.5 MEDIUM)

EPSS: 0.99%

updated 2025-11-13T06:30:30

1 posts

The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cleanCache() function in all versions up to, and including, 1.10.45. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution

CVE-2025-12891
(5.3 MEDIUM)

EPSS: 0.05%

updated 2025-11-13T05:16:03.007000

1 posts

The Survey Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ays_survey_show_results' AJAX endpoint in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated attackers to view all survey submissions.

CVE-2025-12979
(5.3 MEDIUM)

EPSS: 0.05%

updated 2025-11-13T04:15:46.730000

1 posts

The Welcart e-Commerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'usces_export' action in all versions up to, and including, 2.11.24. This makes it possible for unauthenticated attackers to access configured payment credentials (ex. PayPal api secret) , as well as business contact details, mail templates, and other operational settin

CVE-2025-12892
(5.3 MEDIUM)

EPSS: 0.05%

updated 2025-11-13T04:15:46.537000

1 posts

The Survey Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_plugin_option() function in all versions up to, and including, 5.1.9.4. This makes it possible for unauthenticated attackers to update the ays_survey_maker_upgrade_plugin option.

CVE-2025-11923
(8.8 HIGH)

EPSS: 0.04%

updated 2025-11-13T04:15:44.543000

2 posts

The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating a user's identity prior to allowing them to modify their own role via the REST API. The permission check in the update_item_permissions_check() function returns true when a user updates their own account without verifying the

CVE-2025-59367(CVSS UNKNOWN)

EPSS: 0.23%

updated 2025-11-13T03:31:30

1 posts

An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security Update for DSL Series Router' section on the ASUS Security Advisory for more information.

CVE-2025-59089
(5.9 MEDIUM)

EPSS: 0.05%

updated 2025-11-13T00:31:26

1 posts

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copies the entire buffered stream into a new buffer on each recv() call, even when the transfer is incompl

CVE-2025-59088
(8.6 HIGH)

EPSS: 0.04%

updated 2025-11-13T00:31:25

2 posts

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames

CVE-2025-63419
(6.1 MEDIUM)

EPSS: 0.03%

updated 2025-11-13T00:31:25

1 posts

Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.

1 repos

https://github.com/MMAKINGDOM/CVE-2025-63419

CVE-2025-52331
(6.1 MEDIUM)

EPSS: 0.03%

updated 2025-11-13T00:31:25

1 posts

Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation in the HTML report, which allows potentially malicious HTML tags to be injected into the report. User

CVE-2025-13075
(4.7 MEDIUM)

EPSS: 0.03%

updated 2025-11-13T00:30:30

1 posts

A vulnerability was detected in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/usersettingdel.php. Performing manipulation of the argument eid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

CVE-2025-12703(CVSS UNKNOWN)

EPSS: 0.00%

updated 2025-11-13T00:30:30

1 posts

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-7329(CVSS UNKNOWN)

EPSS: 0.40%

updated 2025-11-13T00:30:24

1 posts

Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of service and configuration loss.

CVE-2023-7327(CVSS UNKNOWN)

EPSS: 0.10%

updated 2025-11-13T00:30:24

1 posts

Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to use URL-encoded traversal sequences to read arbitrary files from the underlying filesystem with the privileges of the gateway service, leading to disclosure of sensitive information.

CVE-2021-4463(CVSS UNKNOWN)

EPSS: 0.07%

updated 2025-11-13T00:30:24

1 posts

Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.

CVE-2022-4982(CVSS UNKNOWN)

EPSS: 0.06%

updated 2025-11-13T00:30:24

1 posts

DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers (`frame.html` and `frame.A100.html`) that accept a path parameter (`content` or `sidebar`) which is not properly validated or canonicalized. An attacker can supply directory-traversal sequences to cause the server to read and return arbitrary fi

CVE-2017-20211(CVSS UNKNOWN)

EPSS: 0.29%

updated 2025-11-13T00:30:24

1 posts

UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A crafted input may cause the control to dereference an attacker-controlled pointer, enabling remote code execution in the co

CVE-2016-15055(CVSS UNKNOWN)

EPSS: 0.97%

updated 2025-11-13T00:30:24

1 posts

JVC VN-T IP-camera models firmware versions up to 2016-08-22 (confirmed on the VN-T216VPRU model) contain a directory traversal vulnerability in the checkcgi endpoint that accepts a user-controlled file parameter. An unauthenticated remote attacker can leverage this vulnerability to read arbitrary files on the device.

CVE-2025-11560
(6.1 MEDIUM)

EPSS: 0.03%

updated 2025-11-13T00:30:17

1 posts

The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used against high-privilege users such as admins.

CVE-2025-64707
(0 None)

EPSS: 0.04%

updated 2025-11-12T23:15:40.130000

1 posts

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring the cache is cleared after roles are updated.

CVE-2025-64500
(7.3 HIGH)

EPSS: 0.01%

updated 2025-11-12T22:15:50.127000

1 posts

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony's HttpFoundation component defines an object-oriented layer for the HTTP specification. Starting in version 2.0.0 and prior to version 5.4.50, 6.4.29, and 7.3.7, the `Request` class improperly interprets some `PATH_INFO` in a way that leads to representing some URLs with a path that doesn't st

1 repos

https://github.com/B1ack4sh/Blackash-CVE-2025-64500

CVE-2025-59491
(6.1 MEDIUM)

EPSS: 0.03%

updated 2025-11-12T22:15:48.847000

1 posts

Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields.

CVE-2025-43205
(6.5 MEDIUM)

EPSS: 0.02%

updated 2025-11-12T22:15:48.297000

1 posts

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in watchOS 11.4, tvOS 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be able to bypass ASLR.

CVE-2021-4464
(0 None)

EPSS: 0.34%

updated 2025-11-12T22:15:42.027000

1 posts

FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service ('webs') fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun, leading to a crash or potential control of execution flow.

CVE-2025-64186
(8.7 HIGH)

EPSS: 0.01%

updated 2025-11-12T21:45:07

1 posts

### Summary A vulnerability was identified in the `evervault-go` SDK’s attestation verification logic that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not meet expected integrity guarantees. The exploitability of this issue is limited in Evervault-hosted environments as an attacker would require the pre-requisite ability to

CVE-2025-46608
(9.1 CRITICAL)

EPSS: 0.04%

updated 2025-11-12T21:31:15

1 posts

Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. This vulnerability is considered Critical, as it may result in unauthorized access with elevated privileges, compromising system integrity and customer data. Dell recommen

CVE-2025-8485
(7.3 HIGH)

EPSS: 0.01%

updated 2025-11-12T21:31:15

1 posts

An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application.

CVE-2025-8421
(6.6 MEDIUM)

EPSS: 0.01%

updated 2025-11-12T21:31:15

1 posts

An improper default permission vulnerability was reported in Lenovo Dock Manager that, under certain conditions during installation, could allow an authenticated local user to redirect log files with elevated privileges.

CVE-2025-27368
(4.3 MEDIUM)

EPSS: 0.03%

updated 2025-11-12T21:31:15

1 posts

IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond what the user is intended to view.

CVE-2025-46427
(8.8 HIGH)

EPSS: 0.17%

updated 2025-11-12T21:31:14

1 posts

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

CVE-2025-64170
(3.8 LOW)

EPSS: 0.01%

updated 2025-11-12T21:15:53.433000

2 posts

sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version 0.2.10, if a user begins entering a password but does not press return for an extended period, a password timeout may occur. When this happens, the keystrokes that were entered are echoed back to the console. This could reveal partial password information, possibly exposing histor

CVE-2025-13061
(6.3 MEDIUM)

EPSS: 0.04%

updated 2025-11-12T21:15:48.763000

1 posts

A vulnerability was detected in itsourcecode Online Voting System 1.0. This impacts an unknown function of the file /index.php?page=manage_voting. Performing manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The exploit is now public and may be used.

CVE-2025-62215
(7.0 HIGH)

EPSS: 0.71%

updated 2025-11-12T21:14:53.247000

8 posts

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2025-46428
(8.8 HIGH)

EPSS: 0.17%

updated 2025-11-12T20:15:42.953000

1 posts

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.

CVE-2025-13060
(7.3 HIGH)

EPSS: 0.03%

updated 2025-11-12T20:15:39.357000

1 posts

A security vulnerability has been detected in SourceCodester Survey Application System 1.0. This affects an unknown function of the file /view_survey.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

CVE-2025-64531
(7.8 HIGH)

EPSS: 0.03%

updated 2025-11-12T18:41:07.100000

1 posts

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-61834
(7.8 HIGH)

EPSS: 0.03%

updated 2025-11-12T18:40:52.677000

1 posts

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-61833
(7.8 HIGH)

EPSS: 0.03%

updated 2025-11-12T18:40:45.433000

1 posts

Substance3D - Stager versions 3.1.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2025-13042
(8.8 HIGH)

EPSS: 0.07%

updated 2025-11-12T18:31:32

3 posts

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2025-2843
(8.8 HIGH)

EPSS: 0.02%

updated 2025-11-12T18:31:32

2 posts

A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with *ClusterRole* upon deployment of the *Namespace-Scoped* Custom Resource MonitorStack. This issue allows an adversarial Kubernetes Account with only namespaced-level roles, for example, a tenant controlling a namespace, to create a MonitorStack in the authorized namespace and then elevate permission to the cl

CVE-2025-11367(CVSS UNKNOWN)

EPSS: 0.33%

updated 2025-11-12T18:31:32

1 posts

The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization

CVE-2025-20378
(3.1 LOW)

EPSS: 0.04%

updated 2025-11-12T18:31:32

1 posts

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a malicious URL using the `return_to` parameter of the Splunk Web login endpoint. When an authenticated user visits the malicious URL, it could cause an unvalidated redirect to an external malicious site. To b

CVE-2025-11366(CVSS UNKNOWN)

EPSS: 0.10%

updated 2025-11-12T18:31:31

1 posts

N-central < 2025.4 is vulnerable to authentication bypass via path traversal

CVE-2025-64406
(4.3 MEDIUM)

EPSS: 0.03%

updated 2025-11-12T18:31:25

2 posts

An out-of-bounds Write vulnerability in Apache OpenOffice could allow an attacker to craft a document that would crash the program, or otherwise corrupt other memory areas. This issue affects Apache OpenOffice: through 4.1.15. Users are recommended to upgrade to version 4.1.16, which fixes the issue.

CVE-2025-12871
(9.8 CRITICAL)

EPSS: 0.13%

updated 2025-11-12T18:31:24

1 posts

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.

CVE-2025-13026
(9.8 CRITICAL)

EPSS: 0.04%

updated 2025-11-12T18:31:20

1 posts

Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145.

CVE-2025-25236
(5.3 MEDIUM)

EPSS: 0.03%

updated 2025-11-12T18:15:35.200000

1 posts

Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate brute-force, password-spraying or credential-stuffing attacks.

CVE-2025-20379
(3.5 LOW)

EPSS: 0.02%

updated 2025-11-12T18:15:35.030000

1 posts

In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands. They could b

CVE-2025-12870
(9.8 CRITICAL)

EPSS: 0.08%

updated 2025-11-12T17:15:36.727000

1 posts

The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.

CVE-2025-52881
(0 None)

EPSS: 0.01%

updated 2025-11-12T16:20:22.257000

4 posts

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also perm

2 repos

https://github.com/jq6l43d1/proxmox-lxc-docker-fix

https://github.com/omne-earth/arca

CVE-2025-52565
(0 None)

EPSS: 0.01%

updated 2025-11-12T16:20:22.257000

4 posts

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a pat

1 repos

https://github.com/omne-earth/arca

CVE-2025-42890
(10.0 CRITICAL)

EPSS: 0.07%

updated 2025-11-12T16:19:59.103000

4 posts

SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system.

CVE-2025-59499
(8.8 HIGH)

EPSS: 0.07%

updated 2025-11-12T16:19:34.210000

1 posts

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2025-11700
(0 None)

EPSS: 0.04%

updated 2025-11-12T16:19:12.850000

1 posts

N-central versions < 2025.4 are vulnerable to an XML External Entities injection leading to information disclosure

CVE-2025-11567
(0 None)

EPSS: 0.01%

updated 2025-11-12T16:19:12.850000

1 posts

CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured.

CVE-2025-40177
(0 None)

EPSS: 0.02%

updated 2025-11-12T16:19:12.850000

1 posts

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix bootlog initialization ordering As soon as we queue MHI buffers to receive the bootlog from the device, we could be receiving data. Therefore all the resources needed to process that data need to be setup prior to queuing the buffers. We currently initialize some of the resources after queuing the buffers which

CVE-2025-40173
(0 None)

EPSS: 0.02%

updated 2025-11-12T16:19:12.850000

1 posts

In the Linux kernel, the following vulnerability has been resolved: net/ip6_tunnel: Prevent perpetual tunnel growth Similarly to ipv4 tunnel, ipv6 version updates dev->needed_headroom, too. While ipv4 tunnel headroom adjustment growth was limited in commit 5ae1e9922bbd ("net: ip_tunnel: prevent perpetual headroom growth"), ipv6 tunnel yet increases the headroom without any ceiling. Reflect ipv4

CVE-2025-40169
(0 None)

EPSS: 0.02%

updated 2025-11-12T16:19:12.850000

1 posts

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject negative offsets for ALU ops When verifying BPF programs, the check_alu_op() function validates instructions with ALU operations. The 'offset' field in these instructions is a signed 16-bit integer. The existing check 'insn->off > 1' was intended to ensure the offset is either 0, or 1 for BPF_MOD/BPF_DIV. However, b

CVE-2025-12901
(4.3 MEDIUM)

EPSS: 0.01%

updated 2025-11-12T16:19:12.850000

1 posts

The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. This is due to missing nonce validation on the set_subscription_level() function. This makes it possible for unauthenticated attackers to modify the subscription settings of authenticated users via a forged request granted they can trick a logged-in user into performing a

CVE-2025-12087
(4.3 MEDIUM)

EPSS: 0.03%

updated 2025-11-12T16:19:12.850000

1 posts

The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.22 via the 'awwlm_remove_added_wishlist_page' AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete wishlist items from other u

CVE-2025-40744
(7.5 HIGH)

EPSS: 0.02%

updated 2025-11-12T16:19:12.850000

1 posts

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks.

CVE-2024-32011
(8.8 HIGH)

EPSS: 0.06%

updated 2025-11-12T16:19:12.850000

1 posts

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application user.

CVE-2024-32010
(7.8 HIGH)

EPSS: 0.01%

updated 2025-11-12T16:19:12.850000

1 posts

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run system commands via the database.

CVE-2025-62452
(8.0 HIGH)

EPSS: 0.06%

updated 2025-11-12T16:19:12.850000

1 posts

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

CVE-2025-62220
(8.8 HIGH)

EPSS: 0.06%

updated 2025-11-12T16:19:12.850000

1 posts

Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network.

CVE-2025-60715
(8.0 HIGH)

EPSS: 0.06%

updated 2025-11-12T16:19:12.850000

1 posts

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

CVE-2025-62876(CVSS UNKNOWN)

EPSS: 0.01%

updated 2025-11-12T15:31:37

1 posts

A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affects lightdm-kde-greeter. before 6.0.4.

CVE-2025-11566(CVSS UNKNOWN)

EPSS: 0.07%

updated 2025-11-12T15:31:30

1 posts

CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on the /REST/shutdownnow endpoint.

CVE-2025-11565(CVSS UNKNOWN)

EPSS: 0.01%

updated 2025-11-12T15:31:30

1 posts

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST/REST/UpdateJRE request payload.

CVE-2025-64401
(7.5 HIGH)

EPSS: 0.03%

updated 2025-11-12T15:31:29

2 posts

Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "floating frames" linked to external files would load the contents of those frames without prompting the user for permissio

CVE-2025-61623
(6.5 MEDIUM)

EPSS: 0.04%

updated 2025-11-12T15:31:29

1 posts

Reflected cross-site scripting vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue.

CVE-2025-52665
(10.0 CRITICAL)

EPSS: 8.39%

updated 2025-11-12T14:51:21.057000

1 posts

A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later.  Affected Products: UniFi Access Application (Version 3.3.22 through 3.4.31). 
 Mitigation: Update yo

Nuclei template

CVE-2025-40175(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-11-12T12:30:39

1 posts

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skb_get. It increases the reference counter for that SKB to prevent unexpected freeing by another component. However, there may be a case where the index is requested, SKB is assigned and never cons

CVE-2025-40172(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-11-12T12:30:38

1 posts

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Currently, if find_and_map_user_pages() takes a DMA xfer request from the user with a length field set to 0, or in a rare case, the host receives QAIC_TRANS_DMA_XFER_CONT from the device where resources->xferred_dma_size is equal to the requested transaction

CVE-2025-40174(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-11-12T12:30:38

1 posts

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix SMP ordering in switch_mm_irqs_off() Stephen noted that it is possible to not have an smp_mb() between the loaded_mm store and the tlb_gen load in switch_mm(), meaning the ordering against flush_tlb_mm_range() goes out the window, and it becomes possible for switch_mm() to not observe a recent tlb_gen update and fail

CVE-2025-40171(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-11-12T12:30:37

1 posts

In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: move lsop put work to nvmet_fc_ls_req_op It’s possible for more than one async command to be in flight from __nvmet_fc_send_ls_req. For each command, a tgtport reference is taken. In the current code, only one put work item is queued at a time, which results in a leaked reference. To fix this, move the work item to t

CVE-2025-12998(CVSS UNKNOWN)

EPSS: 0.05%

updated 2025-11-12T12:30:36

2 posts

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5.

CVE-2025-40176(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-11-12T12:30:36

1 posts

In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tls_strp_msg_hold fails Async decryption calls tls_strp_msg_hold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with async decryption can lead to various issues (UAF on the skb, writing into userspace memory aft

CVE-2025-40170(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-11-12T12:30:36

1 posts

In the Linux kernel, the following vulnerability has been resolved: net: use dst_dev_rcu() in sk_setup_caps() Use RCU to protect accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size(). Also use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(), and ip_dst_mtu_maybe_forward(). ip4_dst_hoplimit() can use dst_dev_net_rcu().

CVE-2025-12382(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-11-12T12:30:34

2 posts

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows Path Traversal, Code Injection.This issue affects Algosec Firewall Analyzer: A33.0 (up to build 320), A33.10 (up to build 210).

CVE-2025-12903
(7.5 HIGH)

EPSS: 0.21%

updated 2025-11-12T09:30:33

1 posts

The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaulted_nonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with permission_callback set to __return_true and processing user-supplied token IDs without verifying ownershi

CVE-2025-13047
(7.5 HIGH)

EPSS: 0.05%

updated 2025-11-12T09:30:33

1 posts

Bacteriology Laboratory Reporting System developed by ViewLead Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

CVE-2025-13046
(7.5 HIGH)

EPSS: 0.05%

updated 2025-11-12T09:30:32

1 posts

Bacteriology Laboratory Reporting System developed by ViewLead Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

CVE-2025-12833
(4.3 MEDIUM)

EPSS: 0.03%

updated 2025-11-12T06:30:30

1 posts

The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139 via the 'post_attachment_upload' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author-level access and above, to attach arbitrary

CVE-2025-54983
(5.2 MEDIUM)

EPSS: 0.01%

updated 2025-11-12T06:30:24

1 posts

A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls.

CVE-2025-40111(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-11-12T03:30:37

1 posts

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix Use-after-free in validation Nodes stored in the validation duplicates hashtable come from an arena allocator that is cleared at the end of vmw_execbuf_process. All nodes are expected to be cleared in vmw_validation_drop_ht but this node escaped because its resource was destroyed prematurely.

CVE-2025-40110(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-11-12T03:30:26

1 posts

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmw_cmd_res_check allows explicit invalid (SVGA3D_INVALID_ID) identifiers because some svga commands accept SVGA3D_INVALID_ID to mean "no surface", unfortunately f

CVE-2025-40827
(7.8 HIGH)

EPSS: 0.01%

updated 2025-11-11T21:30:39

2 posts

A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All versions < V225.0 Update 10). The affected application is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system.

CVE-2025-40815
(7.2 HIGH)

EPSS: 0.04%

updated 2025-11-11T21:30:39

1 posts

A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24R

CVE-2025-40763
(7.8 HIGH)

EPSS: 0.01%

updated 2025-11-11T21:30:39

1 posts

A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly validate environment variables when loading shared libraries, allowing path hijacking through malicious library substitution. This could allow a local attacker to execute arbitrary code with superuser privileges by manipulating the environment variable and placing a malicious lib

CVE-2024-32009
(7.8 HIGH)

EPSS: 0.01%

updated 2025-11-11T21:30:39

1 posts

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to wrongly set permissions to a binary which allows any local attacker to gain administrative privileges.

CVE-2024-32008
(7.8 HIGH)

EPSS: 0.01%

updated 2025-11-11T21:30:39

1 posts

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user.