CVE List - 2025 / November
Showing 1001 - 1100 of 1779 CVEs for November 2025 (Page 11 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-42890 | 2025-11-11 | Insecure key & Secret Management vulnerability in SQL Anywhere Monitor (Non-Gui) |
| CVE-2025-42892 | 2025-11-11 | OS Command Injection vulnerability in SAP Business Connector |
| CVE-2025-42893 | 2025-11-11 | Open Redirect vulnerability in SAP Business Connector |
| CVE-2025-42894 | 2025-11-11 | Path Traversal vulnerability in SAP Business Connector |
| CVE-2025-42895 | 2025-11-11 | Code Injection vulnerability in SAP HANA JDBC Client |
| CVE-2025-42897 | 2025-11-11 | Information Disclosure vulnerability in SAP Business One (SLD) |
| CVE-2025-42899 | 2025-11-11 | Missing Authorization check in SAP S4CORE (Manage Journal Entries) |
| CVE-2025-42919 | 2025-11-11 | Information Disclosure vulnerability in SAP NetWeaver Application Server Java |
| CVE-2025-42924 | 2025-11-11 | Open Redirect vulnerabilities in SAP S/4HANA landscape (SAP E-Recruiting BSP) |
| CVE-2025-42940 | 2025-11-11 | Memory Corruption vulnerability in SAP CommonCryptoLib |
| CVE-2025-31719 | 2025-11-11 | In TEE EcDSA algorithm, there is a possible memory consistency issue. This could lead to generated incorrect signature results with low probability. |
| CVE-2025-11894 | 2025-11-11 | Shelf Planner <= 2.7.0 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2025-11822 | 2025-11-11 | WP Bootstrap Tabs <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-11891 | 2025-11-11 | Shelf Planner <= 2.7.0 - Unauthenticated Information Exposure via Log Files |
| CVE-2025-11874 | 2025-11-11 | Slippy Slider – Responsive Touch Navigation Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11873 | 2025-11-11 | WP BBCode <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11168 | 2025-11-11 | Mementor Core <= 2.2.5 - Authenticated (Subscriber+) Privilege Escalation |
| CVE-2025-12652 | 2025-11-11 | Ungapped Widgets <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-11829 | 2025-11-11 | Five9 Live Chat <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11988 | 2025-11-11 | Crypto Tool <= 2.22 - Missing Authentication to Unauthenticated Limited File Deletion |
| CVE-2025-11863 | 2025-11-11 | My Geo Posts Free <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11996 | 2025-11-11 | Find Unused Images <= 1.0.7 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion |
| CVE-2025-12880 | 2025-11-11 | Progress Bar Blocks for Gutenberg <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG |
| CVE-2025-12538 | 2025-11-11 | Fleet Manager <= 2.5.1 - Authenticated (Editor+) Stored Cross-Site Scripting |
| CVE-2025-12632 | 2025-11-11 | RandomQuotr <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-11886 | 2025-11-11 | CTL Arcade Lite <= 1.0 - Cross-Site Request Forgery to Plugin Activation and Deactivation |
| CVE-2025-12644 | 2025-11-11 | Nonaki – Drag and Drop Email Template builder and Newsletter plugin for WordPress <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields |
| CVE-2025-11805 | 2025-11-11 | Skip to Timestamp <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-12754 | 2025-11-11 | Geopost <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-12010 | 2025-11-11 | Authors List <= 2.0.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Limited Method Call in Plugin's Shortcode |
| CVE-2025-11451 | 2025-11-11 | Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.3 - Unauthenticated Arbitrary File Read |
| CVE-2025-11997 | 2025-11-11 | Document Pro Elementor – Documentation & Knowledge Base <= 1.0.9 - Unauthenticated Information Exposure |
| CVE-2025-12672 | 2025-11-11 | Flickr Show <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-12589 | 2025-11-11 | WP-Walla <= 0.5.3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12132 | 2025-11-11 | WP Custom Admin Login Page Logo <= 1.4.8.4 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-12020 | 2025-11-11 | Double the Donation <= 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-12588 | 2025-11-11 | USB Qr Code Scanner For Woocommerce <= 1.0.0 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-12021 | 2025-11-11 | WP-OAuth <= 0.4.1 - Reflected Cross-Site Scripting |
| CVE-2025-12590 | 2025-11-11 | YSlider <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-11856 | 2025-11-11 | Eventbee Ticketing Widget <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11457 | 2025-11-11 | EasyCommerce – AI-Powered, Blazing-Fast & Beautiful WordPress Ecommerce Plugin 0.9.0-beta2 - 1.5.0 - Unauthenticated Privilege Escalation |
| CVE-2025-12813 | 2025-11-11 | Holiday class post calendar <= 7.1 - Unauthenticated Remote Code Execution via 'contents' |
| CVE-2025-12711 | 2025-11-11 | Share to Google Classroom <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via share_to_google Shortcode |
| CVE-2025-11170 | 2025-11-11 | WP移行専用プラグイン for CPI <= 1.0.2 - Unauthenticated Arbitrary File Upload |
| CVE-2025-12753 | 2025-11-11 | Chart Expert <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-11828 | 2025-11-11 | Magazine Companion <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-12526 | 2025-11-11 | Private Google Calendars <= 20250811 - Missing Authorization to Authenticated (Subscriber+) Settings Reset |
| CVE-2025-11869 | 2025-11-11 | Precise Columns <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-12671 | 2025-11-11 | WP-Iconics <= 0.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-12665 | 2025-11-11 | Ninja Countdown <= 1.5.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Countdown Deletion |
| CVE-2025-12631 | 2025-11-11 | Squirrels Auto Inventory <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-11532 | 2025-11-11 | Wisly <= 1.0.0 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation |
| CVE-2025-11859 | 2025-11-11 | Paypal Donation Shortcode <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-12658 | 2025-11-11 | Preload Current Images <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-12668 | 2025-11-11 | WP Count Down Timer <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11821 | 2025-11-11 | Woocommerce – Products By Custom Tax <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-11860 | 2025-11-11 | Twitter Feed <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-12663 | 2025-11-11 | Jeba Cute forkit <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-11882 | 2025-11-11 | Simple Donate <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-12637 | 2025-11-11 | Elastic Theme Editor <= 0.0.3 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-12126 | 2025-11-11 | The Total Book Project <= 1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Book Manipulation |
| CVE-2025-11986 | 2025-11-11 | Crypto Tool <= 2.22 - Unauthenticated Information Exposure via Global Authentication State |
| CVE-2025-11129 | 2025-11-11 | Include fussball.de Widgets <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'api' and 'type' |
| CVE-2025-12662 | 2025-11-11 | Coon Google Maps <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-11999 | 2025-11-11 | Add Multiple Marker <= 1.2 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2025-11521 | 2025-11-11 | Astra Security Suite – Firewall & Malware Scan <= 0.2 - Unauthenticated Arbitrary File Upload |
| CVE-2025-12019 | 2025-11-11 | Featured Image <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-12651 | 2025-11-11 | Live Photos on WordPress <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-12667 | 2025-11-11 | GitHub Gist Shortcode Plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-11237 | 2025-11-11 | Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update |
| CVE-2025-11307 | 2025-11-11 | WP Google Maps < 9.0.48 - Unauthenticated Stored XSS |
| CVE-2025-11855 | 2025-11-11 | Age Restriction <= 3.0.2 - Subscriber+ Privilege Escalation |
| CVE-2025-4645 | 2025-11-11 | An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the... |
| CVE-2025-5454 | 2025-11-11 | An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device... |
| CVE-2025-5718 | 2025-11-11 | The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned... |
| CVE-2025-6298 | 2025-11-11 | ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow... |
| CVE-2025-5452 | 2025-11-11 | A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can... |
| CVE-2025-6571 | 2025-11-11 | A 3rd-party component exposed its password in process arguments, allowing for low-privileged users to access it. |
| CVE-2025-6779 | 2025-11-11 | An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured... |
| CVE-2025-8108 | 2025-11-11 | An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured... |
| CVE-2025-10714 | 2025-11-11 | AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the... |
| CVE-2025-9524 | 2025-11-11 | The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer-... |
| CVE-2025-8998 | 2025-11-11 | It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be exploited after... |
| CVE-2025-9055 | 2025-11-11 | The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an... |
| CVE-2025-7429 | 2025-11-11 | Stored XSS |
| CVE-2025-5317 | 2025-11-11 | Improper access restriction to critical folder in Bitdefender Endpoint Security Tools for Mac |
| CVE-2017-20210 | 2025-11-11 | Photo Station |
| CVE-2025-7430 | 2025-11-11 | Stored XSS |
| CVE-2025-7632 | 2025-11-11 | Stored XSS |
| CVE-2025-7633 | 2025-11-11 | Stored XSS |
| CVE-2025-12539 | 2025-11-11 | TNC Toolbox: Web Performance <= 1.4.2 - Unauthenticated Sensitive Information Exposure to Privilege Escalation/cPanel Account Takeover |
| CVE-2025-12787 | 2025-11-11 | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation |
| CVE-2025-12953 | 2025-11-11 | Classified Listing – AI-Powered Classified ads & Business Directory Plugin <= 5.2.0 - Missing Authorization to Authenticated (Subscriber+) Listing Types Tampering |
| CVE-2025-12788 | 2025-11-11 | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings <= 1.1.27 - Missing Payment Verification to Unauthenticated Payment Bypass |
| CVE-2025-12846 | 2025-11-11 | Blocksy Companion <= 2.1.19 - Authenticated (Author+) Arbitrary File Upload via SVG Upload Bypass |
| CVE-2025-11960 | 2025-11-11 | Reflected XSS in Aryom's KVKNET |
| CVE-2025-41101 | 2025-11-11 | Multiple vulnerabilities in Fairsketch's RISE CRM Framework |
| CVE-2025-41102 | 2025-11-11 | Multiple vulnerabilities in Fairsketch's RISE CRM Framework |
| CVE-2025-41103 | 2025-11-11 | Multiple vulnerabilities in Fairsketch's RISE CRM Framework |
| CVE-2025-41104 | 2025-11-11 | Multiple vulnerabilities in Fairsketch's RISE CRM Framework |