CVE List - 2025 / November
Showing 1401 - 1500 of 1779 CVEs for November 2025 (Page 15 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-40148 | 2025-11-12 | drm/amd/display: Add NULL pointer checks in dc_stream cursor attribute functions |
| CVE-2025-40149 | 2025-11-12 | tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). |
| CVE-2025-40150 | 2025-11-12 | f2fs: fix to avoid migrating empty section |
| CVE-2025-40151 | 2025-11-12 | LoongArch: BPF: No support of struct argument in trampoline programs |
| CVE-2025-40152 | 2025-11-12 | drm/msm: Fix bootup splat with separate_gpu_drm modparam |
| CVE-2025-40153 | 2025-11-12 | mm: hugetlb: avoid soft lockup when mprotect to large memory area |
| CVE-2025-40154 | 2025-11-12 | ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping |
| CVE-2025-40155 | 2025-11-12 | iommu/vt-d: debugfs: Fix legacy mode page table dump logic |
| CVE-2025-40156 | 2025-11-12 | PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() |
| CVE-2025-40157 | 2025-11-12 | EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller |
| CVE-2025-40158 | 2025-11-12 | ipv6: use RCU in ip6_output() |
| CVE-2025-40159 | 2025-11-12 | xsk: Harden userspace-supplied xdp_desc validation |
| CVE-2025-40160 | 2025-11-12 | xen/events: Return -EEXIST for bound VIRQs |
| CVE-2025-40161 | 2025-11-12 | mailbox: zynqmp-ipi: Fix SGI cleanup on unbind |
| CVE-2025-40162 | 2025-11-12 | ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails |
| CVE-2025-40163 | 2025-11-12 | sched/deadline: Stop dl_server before CPU goes offline |
| CVE-2025-40164 | 2025-11-12 | usbnet: Fix using smp_processor_id() in preemptible code warnings |
| CVE-2025-40165 | 2025-11-12 | media: nxp: imx8-isi: m2m: Fix streaming cleanup on release |
| CVE-2025-40166 | 2025-11-12 | drm/xe/guc: Check GuC running state before deregistering exec queue |
| CVE-2025-40167 | 2025-11-12 | ext4: detect invalid INLINE_DATA + EXTENTS flag combination |
| CVE-2025-40168 | 2025-11-12 | smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). |
| CVE-2025-40169 | 2025-11-12 | bpf: Reject negative offsets for ALU ops |
| CVE-2025-40170 | 2025-11-12 | net: use dst_dev_rcu() in sk_setup_caps() |
| CVE-2025-40171 | 2025-11-12 | nvmet-fc: move lsop put work to nvmet_fc_ls_req_op |
| CVE-2025-40172 | 2025-11-12 | accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() |
| CVE-2025-40173 | 2025-11-12 | net/ip6_tunnel: Prevent perpetual tunnel growth |
| CVE-2025-40174 | 2025-11-12 | x86/mm: Fix SMP ordering in switch_mm_irqs_off() |
| CVE-2025-40175 | 2025-11-12 | idpf: cleanup remaining SKBs in PTP flows |
| CVE-2025-40176 | 2025-11-12 | tls: wait for pending async decryptions if tls_strp_msg_hold fails |
| CVE-2025-40177 | 2025-11-12 | accel/qaic: Fix bootlog initialization ordering |
| CVE-2025-11454 | 2025-11-12 | Specific Content For Mobile – Customize the mobile version without redirections <= 0.5.5 - Authenticated (Contributor+) SQL Injection |
| CVE-2025-11994 | 2025-11-12 | Easy Email Subscription <= 1.3 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-12998 | 2025-11-12 | Broken Authentication in extension “Modules” (modules) |
| CVE-2025-62876 | 2025-11-12 | A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affects lightdm-kde-greeter. before 6.0.4. |
| CVE-2025-11565 | 2025-11-12 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers... |
| CVE-2025-11566 | 2025-11-12 | CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitrary number... |
| CVE-2025-11567 | 2025-11-12 | CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured. |
| CVE-2025-9316 | 2025-11-12 | N-central unauthenticated sessionID generation |
| CVE-2025-11700 | 2025-11-12 | N-central importServiceFromFile XXE Injection |
| CVE-2025-11366 | 2025-11-12 | N-central Authentication bypass via path traversal |
| CVE-2025-11367 | 2025-11-12 | N-central windows software probe Remote Code Execution |
| CVE-2025-64293 | 2025-11-12 | WordPress 0 Day Analytics plugin <= 4.0.0 - SQL Injection vulnerability |
| CVE-2025-11795 | 2025-11-12 | JPG File Parsing Out-of-Bounds Write Vulnerability |
| CVE-2025-11797 | 2025-11-12 | DWG File Parsing Use-After-Free Vulnerability |
| CVE-2025-59088 | 2025-11-12 | Python-kdcproxy: unauthenticated ssrf via realm‑controlled dns srv |
| CVE-2025-2843 | 2025-11-12 | Observability-operator: observability operator privilege escalation |
| CVE-2025-59089 | 2025-11-12 | Python-kdcproxy: remote dos via unbounded tcp upstream buffering |
| CVE-2025-13042 | 2025-11-12 | Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-20378 | 2025-11-12 | Open Redirect on Web Login endpoint in Splunk Enterprise |
| CVE-2025-20379 | 2025-11-12 | Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise |
| CVE-2025-25236 | 2025-11-12 | Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate... |
| CVE-2024-45301 | 2025-11-12 | ZDI-CAN-24744: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability |
| CVE-2024-47866 | 2025-11-12 | RGW DoS attack with empty HTTP header in S3 object copy |
| CVE-2025-13057 | 2025-11-12 | Campcodes School Fees Payment Management System ajax.php sql injection |
| CVE-2025-57812 | 2025-11-12 | [BIGSLEEP-434612419] CUPS-Filters has heap-buffer-overflow write in `cfImageLut()` |
| CVE-2025-61667 | 2025-11-12 | Datadog Linux Host Agent affected by local privilege escalation due to insufficient pycache permissions |
| CVE-2025-64099 | 2025-11-12 | OpenAM allows use of arbitrary OIDC requested claims values in id_token and user_info |
| CVE-2025-27368 | 2025-11-12 | IBM OpenPages Information Disclosure |
| CVE-2025-64117 | 2025-11-12 | Tuleap missing CSRF protection in the management of SVN commit rules and immutable tags |
| CVE-2025-8421 | 2025-11-12 | An improper default permission vulnerability was reported in Lenovo Dock Manager that, under certain conditions during installation, could allow an authenticated local user to redirect log files with elevated privileges. |
| CVE-2025-8485 | 2025-11-12 | An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application. |
| CVE-2025-10495 | 2025-11-12 | A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on... |
| CVE-2025-12047 | 2025-11-12 | A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to disclose... |
| CVE-2025-12048 | 2025-11-12 | An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the affected... |
| CVE-2025-13058 | 2025-11-12 | soerennb eXtplorer Filename cross site scripting |
| CVE-2024-48829 | 2025-11-12 | Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code ('Code Injection') vulnerability. A high privileged attacker with local access could potentially exploit this... |
| CVE-2025-46428 | 2025-11-12 | Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could... |
| CVE-2025-46427 | 2025-11-12 | Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could... |
| CVE-2025-13059 | 2025-11-12 | SourceCodester Alumni Management System manage_career.php sql injection |
| CVE-2025-13060 | 2025-11-12 | SourceCodester Survey Application System view_survey.php sql injection |
| CVE-2025-46608 | 2025-11-12 | Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.... |
| CVE-2025-64170 | 2025-11-12 | sudo-rs: Partial password reveal is possible after timeout |
| CVE-2025-13061 | 2025-11-12 | itsourcecode Online Voting System index.php unrestricted upload |
| CVE-2025-64186 | 2025-11-12 | Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves |
| CVE-2025-13063 | 2025-11-12 | DinukaNavaratna Dee Store authorization |
| CVE-2025-36223 | 2025-11-12 | IBM OpenPages Host Header Injection |
| CVE-2025-33119 | 2025-11-12 | IBM QRadar SIEM Information Disclosure |
| CVE-2025-64345 | 2025-11-12 | Wasmtime provides unsound API access to a WebAssembly shared linear memory |
| CVE-2025-64429 | 2025-11-12 | DuckDB Encryption Crypto implementation is vulnerable |
| CVE-2025-64482 | 2025-11-12 | Tuleap missing CSRF protections in the File Release System |
| CVE-2025-64500 | 2025-11-12 | Symfony's incorrect parsing of PATH_INFO can lead to limited authorization bypass |
| CVE-2025-40178 | 2025-11-12 | pid: Add a judgment for ns null in pid_nr_ns |
| CVE-2025-40179 | 2025-11-12 | ext4: verify orphan file size is not too big |
| CVE-2025-40180 | 2025-11-12 | mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop |
| CVE-2025-40181 | 2025-11-12 | x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP |
| CVE-2025-40182 | 2025-11-12 | crypto: skcipher - Fix reqsize handling |
| CVE-2025-40183 | 2025-11-12 | bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} |
| CVE-2025-40184 | 2025-11-12 | KVM: arm64: Fix debug checking for np-guests using huge mappings |
| CVE-2025-40185 | 2025-11-12 | ice: ice_adapter: release xa entry on adapter allocation failure |
| CVE-2025-40186 | 2025-11-12 | tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). |
| CVE-2025-40187 | 2025-11-12 | net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() |
| CVE-2025-40188 | 2025-11-12 | pwm: berlin: Fix wrong register in suspend/resume |
| CVE-2025-40189 | 2025-11-12 | net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom |
| CVE-2025-40190 | 2025-11-12 | ext4: guard against EA inode refcount underflow in xattr update |
| CVE-2025-40191 | 2025-11-12 | drm/amdkfd: Fix kfd process ref leaking when userptr unmapping |
| CVE-2025-40192 | 2025-11-12 | Revert "ipmi: fix msg stack when IPMI is disconnected" |
| CVE-2025-40193 | 2025-11-12 | xtensa: simdisk: add input size check in proc_write_simdisk |
| CVE-2025-40194 | 2025-11-12 | cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() |
| CVE-2025-40195 | 2025-11-12 | mount: handle NULL values in mnt_ns_release() |
| CVE-2025-40196 | 2025-11-12 | fs: quota: create dedicated workqueue for quota_release_work |