CVE List - 2025 / November
Showing 1301 - 1400 of 1779 CVEs for November 2025 (Page 14 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-32010 | 2025-11-11 | A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to extraction of database credentials via a world-readable credential... |
| CVE-2024-32011 | 2025-11-11 | A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run arbitrary commands via the user interface. This... |
| CVE-2024-32014 | 2025-11-11 | A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to alter the local database which contains the application... |
| CVE-2025-40744 | 2025-11-11 | A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected applications do not properly validate client certificates to connect to License Service endpoint. This... |
| CVE-2025-40760 | 2025-11-11 | A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly handle error messages and discloses sensitive password hash information when processing user... |
| CVE-2025-40763 | 2025-11-11 | A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly validate environment variables when loading shared libraries, allowing path hijacking through malicious... |
| CVE-2025-40815 | 2025-11-11 | A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All... |
| CVE-2025-40816 | 2025-11-11 | A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All... |
| CVE-2025-40817 | 2025-11-11 | A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All... |
| CVE-2025-40827 | 2025-11-11 | A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All versions < V225.0 Update 10). The affected application is vulnerable to DLL hijacking.... |
| CVE-2025-61834 | 2025-11-11 | Substance3D - Stager | Use After Free (CWE-416) |
| CVE-2025-64531 | 2025-11-11 | Substance3D - Stager | Use After Free (CWE-416) |
| CVE-2025-61833 | 2025-11-11 | Substance3D - Stager | Out-of-bounds Read (CWE-125) |
| CVE-2025-61835 | 2025-11-11 | Substance3D - Stager | Integer Underflow (Wrap or Wraparound) (CWE-191) |
| CVE-2025-52331 | 2025-11-12 | Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address.... |
| CVE-2025-56385 | 2025-11-12 | A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being... |
| CVE-2025-57310 | 2025-11-12 | A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code. |
| CVE-2025-59491 | 2025-11-12 | Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields. |
| CVE-2025-60645 | 2025-11-12 | A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request. |
| CVE-2025-60646 | 2025-11-12 | A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name... |
| CVE-2025-63289 | 2025-11-12 | Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryption_helper.dart file |
| CVE-2025-63353 | 2025-11-12 | A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwords using... |
| CVE-2025-63396 | 2025-11-12 | An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS). |
| CVE-2025-63419 | 2025-11-12 | Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no... |
| CVE-2025-63645 | 2025-11-12 | A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Unsanitized message content submitted by one user is persisted by the server and later... |
| CVE-2025-63666 | 2025-11-12 | Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network... |
| CVE-2025-63667 | 2025-11-12 | Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725 allows attackers to access sensitive API endpoints without authentication. |
| CVE-2025-63679 | 2025-11-12 | free5gc v4.1.0 and before is vulnerable to Buffer Overflow. When AMF receives an UplinkRANConfigurationTransfer NGAP message from a gNB, the AMF process crashes. |
| CVE-2025-63811 | 2025-11-12 | An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token with an exceptionally high compression... |
| CVE-2025-63927 | 2025-11-12 | A heap-use-after-free vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). During multi-threaded client execution, the function Iec10x_Scheduled can access memory that has already been freed, potentially causing program crashes... |
| CVE-2025-63929 | 2025-11-12 | A null pointer dereference vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). When multiple threads enqueue elements concurrently via IEC10X_PrioEnQueue, the function may dereference a null or freed queue... |
| CVE-2025-64280 | 2025-11-12 | A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field. |
| CVE-2025-64281 | 2025-11-12 | An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials. |
| CVE-2025-65001 | 2025-11-12 | Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to potentially affect system confidentiality, integrity, and availability. |
| CVE-2025-65002 | 2025-11-12 | Fujitsu / Fsas Technologies iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is exactly 16 characters. |
| CVE-2025-43205 | 2025-11-12 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in watchOS 11.4, tvOS 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be... |
| CVE-2025-40110 | 2025-11-12 | drm/vmwgfx: Fix a null-ptr access in the cursor snooper |
| CVE-2025-40111 | 2025-11-12 | drm/vmwgfx: Fix Use-after-free in validation |
| CVE-2025-54983 | 2025-11-12 | Health check port on ZCC allows tunnel bypass |
| CVE-2025-12087 | 2025-11-12 | Wishlist and Save for later for Woocommerce <= 1.1.22 - Insecure Direct Object Reference to Authenticated (Subscriber+) Wishlist Item Deletion |
| CVE-2025-12833 | 2025-11-12 | GeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.139 - Missing Authorization to Authenticated (Author+) Arbitrary Image Attachment |
| CVE-2025-12901 | 2025-11-12 | Asgaros Forum <= 3.2.1 - Cross-Site Request Forgery to Subscription Settings Update |
| CVE-2025-11560 | 2025-11-12 | Team Members Showcase < 3.5.0 - Reflected XSS |
| CVE-2025-12633 | 2025-11-12 | Booking Calendar | Appointment Booking | Bookit <= 2.5.0 - Missing Authorization to Unauthenticated Stripe Connection |
| CVE-2025-12113 | 2025-11-12 | Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images <= 1.8.3 - Missing Authorization to Authenticated (Subscriber+) API Key Deletion |
| CVE-2025-12018 | 2025-11-12 | MembershipWorks <= 6.14 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-12869 | 2025-11-12 | aEnrich|eHRD - Stored Cross-Site Scripting |
| CVE-2025-12870 | 2025-11-12 | aEnrich|eHRD - Authentication Abuse |
| CVE-2025-12871 | 2025-11-12 | aEnrich|a+HRD - Authentication Abuse |
| CVE-2025-12872 | 2025-11-12 | aEnrich|eHRD - Stored Cross-Site Scripting |
| CVE-2025-13046 | 2025-11-12 | ViewLead Technology|Bacteriology Laboratory Reporting System - SQL Injection |
| CVE-2025-13047 | 2025-11-12 | ViewLead Technology|Bacteriology Laboratory Reporting System |
| CVE-2025-12732 | 2025-11-12 | WP Import – Ultimate CSV XML Importer for WordPress <= 7.33 - Missing Authorization to Authenticated (Author+) Sensitive Information Exposure |
| CVE-2025-12903 | 2025-11-12 | Payment Plugins Braintree For WooCommerce <= 3.2.78 - Missing Authorization to Payment Token Exposure and Transaction Fraud |
| CVE-2025-64401 | 2025-11-12 | Apache OpenOffice: Remote documents loaded without prompt via IFrame |
| CVE-2025-64402 | 2025-11-12 | Apache OpenOffice: Remote documents loaded without prompt via OLE objects |
| CVE-2025-64403 | 2025-11-12 | Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc |
| CVE-2025-64404 | 2025-11-12 | Apache OpenOffice: Remote documents loaded without prompt via background and bullet images |
| CVE-2025-64405 | 2025-11-12 | Apache OpenOffice: Remote documents loaded without prompt via DDE function |
| CVE-2025-64406 | 2025-11-12 | Apache OpenOffice: Possible memory corruption during CSV import |
| CVE-2025-64407 | 2025-11-12 | Apache OpenOffice: URL fetching can be used to exfiltrate arbitrary INI file values and environment variables |
| CVE-2025-11962 | 2025-11-12 | Stored XSS in DivvyDrive Information Technologies' Digital Corporate Warehouse |
| CVE-2025-59118 | 2025-11-12 | Apache OFBiz: Critical Remote Command Execution via Unrestricted File Upload |
| CVE-2025-61623 | 2025-11-12 | Apache OFBiz: Reflected Cross-site Scripting |
| CVE-2025-12382 | 2025-11-12 | Path Traversal Allows Remote Code Execution in AlgoSec Firewall Analyzer |
| CVE-2025-37734 | 2025-11-12 | Kibana Origin Validation Error |
| CVE-2025-40112 | 2025-11-12 | sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara |
| CVE-2025-40113 | 2025-11-12 | remoteproc: qcom: pas: Shutdown lite ADSP DTB on X1E |
| CVE-2025-40115 | 2025-11-12 | scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() |
| CVE-2025-40116 | 2025-11-12 | usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup |
| CVE-2025-40117 | 2025-11-12 | misc: pci_endpoint_test: Fix array underflow in pci_endpoint_test_ioctl() |
| CVE-2025-40118 | 2025-11-12 | scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod |
| CVE-2025-40119 | 2025-11-12 | ext4: fix potential null deref in ext4_mb_init() |
| CVE-2025-40120 | 2025-11-12 | net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock |
| CVE-2025-40121 | 2025-11-12 | ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping |
| CVE-2025-40122 | 2025-11-12 | perf/x86/intel: Fix IA32_PMC_x_CFG_B MSRs access error |
| CVE-2025-40123 | 2025-11-12 | bpf: Enforce expected_attach_type for tailcall compatibility |
| CVE-2025-40124 | 2025-11-12 | sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III |
| CVE-2025-40125 | 2025-11-12 | blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx |
| CVE-2025-40126 | 2025-11-12 | sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC |
| CVE-2025-40127 | 2025-11-12 | hwrng: ks-sa - fix division by zero in ks_sa_rng_init |
| CVE-2025-40129 | 2025-11-12 | sunrpc: fix null pointer dereference on zero-length checksum |
| CVE-2025-40130 | 2025-11-12 | scsi: ufs: core: Fix data race in CPU latency PM QoS request handling |
| CVE-2025-40131 | 2025-11-12 | wifi: ath12k: Fix peer lookup in ath12k_dp_mon_rx_deliver_msdu() |
| CVE-2025-40132 | 2025-11-12 | ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback |
| CVE-2025-40133 | 2025-11-12 | mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). |
| CVE-2025-40134 | 2025-11-12 | dm: fix NULL pointer dereference in __dm_suspend() |
| CVE-2025-40135 | 2025-11-12 | ipv6: use RCU in ip6_xmit() |
| CVE-2025-40136 | 2025-11-12 | crypto: hisilicon/qm - request reserved interrupt for virtual function |
| CVE-2025-40137 | 2025-11-12 | f2fs: fix to truncate first page in error path of f2fs_truncate() |
| CVE-2025-40138 | 2025-11-12 | f2fs: fix to avoid NULL pointer dereference in f2fs_check_quota_consistency() |
| CVE-2025-40139 | 2025-11-12 | smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set(). |
| CVE-2025-40140 | 2025-11-12 | net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast |
| CVE-2025-40141 | 2025-11-12 | Bluetooth: ISO: Fix possible UAF on iso_conn_free |
| CVE-2025-40142 | 2025-11-12 | ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT |
| CVE-2025-40143 | 2025-11-12 | bpf: dont report verifier bug for missing bpf_scc_visit on speculative path |
| CVE-2025-40144 | 2025-11-12 | nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() |
| CVE-2025-40145 | 2025-11-12 | PCI/pwrctrl: Fix double cleanup on devm_add_action_or_reset() failure |
| CVE-2025-40146 | 2025-11-12 | blk-mq: fix potential deadlock while nr_requests grown |
| CVE-2025-40147 | 2025-11-12 | blk-throttle: fix access race during throttle policy activation |