CVE List - 2025 / November
Showing 901 - 1000 of 1779 CVEs for November 2025 (Page 10 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-12866 | 2025-11-10 | Hundred Plus|EIP Plus - Weak Password Recovery Mechanism |
| CVE-2025-12928 | 2025-11-10 | code-projects Online Job Search Engine login.php sql injection |
| CVE-2025-12867 | 2025-11-10 | Hundred Plus|EIP Plus - Arbitrary File Uplaod |
| CVE-2025-12868 | 2025-11-10 | CyberTutor|New Site Server - Use of Client-Side Authentication |
| CVE-2025-12929 | 2025-11-10 | SourceCodester Survey Application System LoginRegistration.php update_user sql injection |
| CVE-2025-12930 | 2025-11-10 | SourceCodester Food Ordering System view-ticket.php sql injection |
| CVE-2025-59777 | 2025-11-10 | NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2... |
| CVE-2025-62689 | 2025-11-10 | NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2... |
| CVE-2025-12931 | 2025-11-10 | SourceCodester Food Ordering System edit-orders.php sql injection |
| CVE-2025-12613 | 2025-11-10 | Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters.... |
| CVE-2025-12932 | 2025-11-10 | SourceCodester Baby Care System admin.php sql injection |
| CVE-2025-12933 | 2025-11-10 | SourceCodester Baby Care System updatewelcome.php sql injection |
| CVE-2025-41731 | 2025-11-10 | Jumo: Insufficient entropy in PRNG may lead to root access |
| CVE-2025-12155 | 2025-11-10 | Command Injection in Looker |
| CVE-2025-12397 | 2025-11-10 | SQL Injection in Looker Studio |
| CVE-2025-12409 | 2025-11-10 | SQL Injection in Looker Studio |
| CVE-2025-41107 | 2025-11-10 | Stored XSS in Smart School |
| CVE-2025-12405 | 2025-11-10 | Unauthorized access through stored credentials in Looker Studio |
| CVE-2025-41001 | 2025-11-10 | Cross-Site Scripting (XSS) in SOPlanning |
| CVE-2025-12938 | 2025-11-10 | projectworlds Online Admission System process_login.php sql injection |
| CVE-2025-12939 | 2025-11-10 | SourceCodester Interview Management System addCandidate.php sql injection |
| CVE-2025-64681 | 2025-11-10 | In JetBrains Hub before 2025.3.104992 a race condition allowed bypass of the user limit via invitations |
| CVE-2025-64682 | 2025-11-10 | In JetBrains Hub before 2025.3.104432 a race condition allowed bypass of the Agent-user limit |
| CVE-2025-64683 | 2025-11-10 | In JetBrains Hub before 2025.3.104432 information disclosure was possible via the Users API |
| CVE-2025-64684 | 2025-11-10 | In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form |
| CVE-2025-64685 | 2025-11-10 | In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure |
| CVE-2025-64686 | 2025-11-10 | In JetBrains YouTrack before 2025.3.104432 missing user principal cleanup led to reuse of incorrect authorization context |
| CVE-2025-64687 | 2025-11-10 | In JetBrains YouTrack before 2025.3.104432 improper access control allowed modify MCP tool logic |
| CVE-2025-64688 | 2025-11-10 | In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation allowed delegation to unauthorized repositories from the Junie widget |
| CVE-2025-64689 | 2025-11-10 | In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure of the global Junie token |
| CVE-2025-64690 | 2025-11-10 | In JetBrains YouTrack before 2025.3.104432 insecure Junie configuration could lead to data exposure and unauthorized changes |
| CVE-2025-64456 | 2025-11-10 | In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation |
| CVE-2025-12480 | 2025-11-10 | Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete. |
| CVE-2025-46430 | 2025-11-10 | Dell Display and Peripheral Manager, versions prior to 2.1.2.12, contains an Execution with Unnecessary Privileges vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this... |
| CVE-2025-43079 | 2025-11-10 | Local Privilege Escalation via qagent_uninstall.sh Qualys Cloud Agents |
| CVE-2025-12967 | 2025-11-10 | An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be... |
| CVE-2025-47286 | 2025-11-10 | Combodo iTop vulnerable to Remote Code Execution in the backup creation functionality |
| CVE-2025-43723 | 2025-11-10 | Dell PowerScale OneFS, versions prior to 9.10.1.3 and versions 9.11.0.0 through 9.12.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated attacker with remote access could... |
| CVE-2025-47773 | 2025-11-10 | Combodo iTop has XSS vulnerability in /pages/ajax.render.php |
| CVE-2025-47932 | 2025-11-10 | Combodo iTop vulnerable to reflected XSS in ajax.render.php render_dashboard |
| CVE-2025-33150 | 2025-11-10 | IBM Cognos Analytics Certified Containers information disclosure |
| CVE-2025-12428 | 2025-11-10 | Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-12429 | 2025-11-10 | Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-12430 | 2025-11-10 | Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-12431 | 2025-11-10 | Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome... |
| CVE-2025-12432 | 2025-11-10 | Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-12433 | 2025-11-10 | Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-12434 | 2025-11-10 | Race in Storage in Google Chrome on Windows prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via... |
| CVE-2025-12435 | 2025-11-10 | Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2025-12436 | 2025-11-10 | Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory... |
| CVE-2025-12437 | 2025-11-10 | Use after free in PageInfo in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption... |
| CVE-2025-12438 | 2025-11-10 | Use after free in Ozone in Google Chrome on Linux and ChromeOS prior to 142.0.7444.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium... |
| CVE-2025-12439 | 2025-11-10 | Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium... |
| CVE-2025-12440 | 2025-11-10 | Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from... |
| CVE-2025-12441 | 2025-11-10 | Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium... |
| CVE-2025-12443 | 2025-11-10 | Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium... |
| CVE-2025-12444 | 2025-11-10 | Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing... |
| CVE-2025-12445 | 2025-11-10 | Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome... |
| CVE-2025-12446 | 2025-11-10 | Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via... |
| CVE-2025-12447 | 2025-11-10 | Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI... |
| CVE-2025-12725 | 2025-11-10 | Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML... |
| CVE-2025-12726 | 2025-11-10 | Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML... |
| CVE-2025-12727 | 2025-11-10 | Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-12728 | 2025-11-10 | Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing... |
| CVE-2025-12729 | 2025-11-10 | Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing... |
| CVE-2025-48055 | 2025-11-10 | Combodo iTop has stored XSS in user portal's browse brick |
| CVE-2025-48065 | 2025-11-10 | Combodo iTop vulnerable to reflected XSS via objection edition form error |
| CVE-2025-48878 | 2025-11-10 | Combodo iTop vulnerable to IDOR with ModuleInstallation object |
| CVE-2025-49145 | 2025-11-10 | iTop admin can drop iTop database using webhooks |
| CVE-2025-64167 | 2025-11-10 | Combodo iTop vulnerable to reflected XSS in webservices/export.php |
| CVE-2025-62780 | 2025-11-10 | changedetection.io vulnerable to stored XSS in Watch update via API |
| CVE-2025-64181 | 2025-11-10 | OpenEXR Makes Use of Uninitialized Memory |
| CVE-2025-64182 | 2025-11-10 | OpenEXR has buffer overflow in PyOpenEXR_old's channels() and channel() |
| CVE-2025-64183 | 2025-11-10 | OpenEXR has use after free in PyObject_StealAttrString |
| CVE-2025-64484 | 2025-11-10 | OAuth2-Proxy vulnerable to header smuggling via underscore, leading to potential privilege escalation |
| CVE-2025-64501 | 2025-11-10 | ProsemirrorToHtml: Cross-Site Scripting vulnerability through unescaped HTML attribute values |
| CVE-2025-64502 | 2025-11-10 | Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details |
| CVE-2025-64508 | 2025-11-10 | Bugsink vulnerable to unauthenticated remote DoS via crafted Brotli input |
| CVE-2025-64509 | 2025-11-10 | Bugsink vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU) |
| CVE-2025-64504 | 2025-11-10 | Langfuse vulnerable to cross‑organization enumeration of member & invitation lists via project membership APIs |
| CVE-2025-64507 | 2025-11-10 | Incus vulnerable to local privilege escalation through custom storage volumes |
| CVE-2025-64512 | 2025-11-10 | pdfminer.six vulnerable to Arbitrary Code Execution via Crafted PDF Input |
| CVE-2025-64513 | 2025-11-10 | Milvus Proxy has Critical Authentication Bypass Vulnerability |
| CVE-2025-64518 | 2025-11-10 | CycloneDX Core (Java): BOM validation is vulnerable to XML External Entity injection |
| CVE-2025-64522 | 2025-11-10 | Soft Serve is vulnerable to SSRF through its Webhooks |
| CVE-2025-64519 | 2025-11-10 | TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter |
| CVE-2025-64529 | 2025-11-10 | SpiceDB's WriteRelationships fails silently if payload is too big |
| CVE-2018-25124 | 2025-11-10 | PacsOne Server 6.6.2 DICOM Web Viewer Directory Traversal LFI |
| CVE-2021-4462 | 2025-11-10 | Employee Records System v1.0 Arbitrary File Upload RCE |
| CVE-2025-11892 | 2025-11-10 | DOM-based Cross-Site Scripting was identified in GitHub Enterprise Server Issues search allows privilege escalation and unauthorized workflow triggers |
| CVE-2025-11578 | 2025-11-10 | Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation |
| CVE-2024-57695 | 2025-11-11 | An issue in Agnitum Outpost Security Suite 7.5.3 (3942.608.1810) and 7.6 (3984.693.1842) allows a local attacker to execute arbitrary code via the lock function. The manufacturer fixed the vulnerability in... |
| CVE-2025-42882 | 2025-11-11 | Missing Authorization check in SAP NetWeaver Application Server for ABAP |
| CVE-2025-42883 | 2025-11-11 | Insecure File Operations vulnerability in SAP NetWeaver Application Server for ABAP (Migration Workbench) |
| CVE-2025-42884 | 2025-11-11 | JNDI Injection vulnerability in SAP NetWeaver Enterprise Portal |
| CVE-2025-42885 | 2025-11-11 | Missing authentication in SAP HANA 2.0 (hdbrss) |
| CVE-2025-42886 | 2025-11-11 | Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector |
| CVE-2025-42887 | 2025-11-11 | Code Injection vulnerability in SAP Solution Manager |
| CVE-2025-42888 | 2025-11-11 | Information Disclosure vulnerability in SAP GUI for Windows |
| CVE-2025-42889 | 2025-11-11 | SQL Injection vulnerability in SAP Starter Solution (PL SAFT) |