CVE List - 2025 / November
Showing 601 - 700 of 1779 CVEs for November 2025 (Page 7 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-62032 | 2025-11-06 | WordPress tagDiv Cloud Library plugin < 3.9.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62033 | 2025-11-06 | WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability |
| CVE-2025-62034 | 2025-11-06 | WordPress Togo theme < 1.0.4 - Privilege Escalation vulnerability |
| CVE-2025-62035 | 2025-11-06 | WordPress Togo theme < 1.0.4 - PHP Object Injection vulnerability |
| CVE-2025-62036 | 2025-11-06 | WordPress Togo theme < 1.0.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62037 | 2025-11-06 | WordPress Togo theme < 1.0.4 - Broken Access Control vulnerability |
| CVE-2025-62038 | 2025-11-06 | WordPress MeetingHub plugin <= 1.23.9 - Sensitive Data Exposure vulnerability |
| CVE-2025-62039 | 2025-11-06 | WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.6.6 - Sensitive Data Exposure vulnerability |
| CVE-2025-62040 | 2025-11-06 | WordPress YOP Poll plugin <= 6.5.37 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62041 | 2025-11-06 | WordPress TheGem (Elementor) theme <= 5.10.5.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62044 | 2025-11-06 | WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.10.5.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62045 | 2025-11-06 | WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.10.5.1 - Local File Inclusion vulnerability |
| CVE-2025-62046 | 2025-11-06 | WordPress TheGem Demo Import (for WPBakery) plugin <= 5.10.5 - Arbitrary Content Deletion vulnerability |
| CVE-2025-62047 | 2025-11-06 | WordPress Case Addons plugin < 1.3.0 - Arbitrary File Upload vulnerability |
| CVE-2025-62049 | 2025-11-06 | WordPress Cost Calculator Builder plugin <= 3.5.32 - Broken Access Control vulnerability |
| CVE-2025-62051 | 2025-11-06 | WordPress UDesign Core plugin <= 4.14.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62053 | 2025-11-06 | WordPress Houzez theme < 4.2.0 - Local File Inclusion vulnerability |
| CVE-2025-62055 | 2025-11-06 | WordPress Academist theme < 1.3 - Local File Inclusion vulnerability |
| CVE-2025-62057 | 2025-11-06 | WordPress Houzez Theme - Functionality plugin < 4.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62059 | 2025-11-06 | WordPress SureRank plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62064 | 2025-11-06 | WordPress Search & Go theme <= 2.7 - Broken Authentication vulnerability |
| CVE-2025-62065 | 2025-11-06 | WordPress RTMKit plugin <= 1.6.5 - Arbitrary File Upload vulnerability |
| CVE-2025-62066 | 2025-11-06 | WordPress Revolution theme < 2.5.8 - Local File Inclusion vulnerability |
| CVE-2025-62067 | 2025-11-06 | WordPress Savory theme <= 2.5 - Local File Inclusion vulnerability |
| CVE-2025-62074 | 2025-11-06 | WordPress WPMobile.App plugin <= 11.71 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62075 | 2025-11-06 | WordPress Simple Payment plugin <= 2.4.6 - Local File Inclusion vulnerability |
| CVE-2025-62076 | 2025-11-06 | WordPress Simple Payment plugin <= 2.4.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-62914 | 2025-11-06 | WordPress Effect Maker plugin <= 1.2.1 - Broken Access Control vulnerability |
| CVE-2025-62950 | 2025-11-06 | WordPress Contest Gallery plugin <= 28.0.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-6325 | 2025-11-06 | WordPress King Addons for Elementor plugin <= 51.1.36 - Privilege Escalation vulnerability |
| CVE-2025-6327 | 2025-11-06 | WordPress King Addons for Elementor plugin <= 51.1.36 - Arbitrary File Upload vulnerability |
| CVE-2025-64196 | 2025-11-06 | WordPress Booster for WooCommerce plugin <= 7.2.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64198 | 2025-11-06 | WordPress Easy Social Share Buttons plugin < 10.7.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64224 | 2025-11-06 | WordPress Grand Conference Theme Custom Post Type plugin < 2.6.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64232 | 2025-11-06 | WordPress Import from YML plugin <= 3.1.17 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64287 | 2025-11-06 | WordPress Alloggio - Hotel Booking Theme theme <= 1.8 - Local File Inclusion vulnerability |
| CVE-2025-12808 | 2025-11-06 | Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the following... |
| CVE-2025-12485 | 2025-11-06 | Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the target account... |
| CVE-2025-10885 | 2025-11-06 | Privilege Escalation Vulnerability |
| CVE-2025-12815 | 2025-11-06 | An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view... |
| CVE-2024-25621 | 2025-11-06 | containerd affected by a local privilege escalation via wide permissions on CRI directory |
| CVE-2025-22397 | 2025-11-06 | Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior... |
| CVE-2025-31133 | 2025-11-06 | runc container escape via "masked path" abuse due to mount race conditions |
| CVE-2025-34236 | 2025-11-06 | Advantech WebAccess/VPN < 1.1.5 Stored XSS via NetworksController.addNetworkAction() |
| CVE-2025-34237 | 2025-11-06 | Advantech WebAccess/VPN < 1.1.5 Stored XSS via StandaloneVpnClientsController.addStandaloneVpnClientAction() |
| CVE-2025-34238 | 2025-11-06 | Advantech WebAccess/VPN < 1.1.5 Path Traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction() |
| CVE-2025-34239 | 2025-11-06 | Advantech WebAccess/VPN < 1.1.5 Command Injection in AppManagementController.appUpgradeAction() |
| CVE-2025-34240 | 2025-11-06 | Advantech WebAccess/VPN < 1.1.5 SQL Injection via AppManagementController.appUpgradeAction() |
| CVE-2025-34241 | 2025-11-06 | Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxDeviceController.ajaxDeviceAction() |
| CVE-2025-34242 | 2025-11-06 | Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxNetworkController.ajaxAction() |
| CVE-2025-34243 | 2025-11-06 | Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxNetworkFwRulesAction() |
| CVE-2025-34244 | 2025-11-06 | Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxDeviceFwRulesAction() |
| CVE-2025-34245 | 2025-11-06 | Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxStandaloneVpnClientsController.ajaxAction() |
| CVE-2025-34246 | 2025-11-06 | Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxPrevalidationController.ajaxAction() |
| CVE-2025-34247 | 2025-11-06 | Advantech WebAccess/VPN < 1.1.5 SQL Injection via NetworksController.addNetworkAction() |
| CVE-2022-50594 | 2025-11-06 | Advantech iView < v5.7.04 Build 6425 data Parameter SQL Injection Information Disclosure |
| CVE-2022-50592 | 2025-11-06 | Advantech iView < v5.7.04 Build 6425 getInventoryReportData Parameter SQL Injection RCE |
| CVE-2022-50593 | 2025-11-06 | Advantech iView < v5.7.04 Build 6425 search_term Parameter SQL Injection RCE |
| CVE-2022-50591 | 2025-11-06 | Advantech iView < v5.7.04 Build 6425 ztp_config_id Parameter SQL Injection Information Disclosure |
| CVE-2022-50595 | 2025-11-06 | Advantech iView < v5.7.04 Build 6425 ztp_search_value Parameter SQL Injection RCE |
| CVE-2022-50596 | 2025-11-06 | D-Link DIR-1260 <= v1.20B05 GetDeviceSettings Unauthenticated Command Injection |
| CVE-2022-50589 | 2025-11-06 | SuiteCRM < 7.12.6 SQL Injection via 'export' Functionality |
| CVE-2022-50590 | 2025-11-06 | SuiteCRM < 7.12.6 Type Confusion via 'deleteAttachment' Functionality |
| CVE-2025-52565 | 2025-11-06 | container escape due to /dev/console mount and related races |
| CVE-2025-12490 | 2025-11-06 | Netgate pfSense CE Suricata Path Traversal Remote Code Execution Vulnerability |
| CVE-2025-12489 | 2025-11-06 | evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability |
| CVE-2025-12488 | 2025-11-06 | oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability |
| CVE-2025-12487 | 2025-11-06 | oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability |
| CVE-2025-12486 | 2025-11-06 | Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability |
| CVE-2025-52881 | 2025-11-06 | runc: LSM labels can be bypassed with malicious config using dummy procfs files |
| CVE-2025-64173 | 2025-11-06 | Apollo Router Core: Access Control Bypass on Polymorphic Types |
| CVE-2025-33110 | 2025-11-06 | IBM OpenPages Vulnerable to HTML Injection |
| CVE-2025-64174 | 2025-11-06 | OpenMage is vulnerable to XSS in Admin Notifications |
| CVE-2025-64326 | 2025-11-06 | Weblate leaks the IP of project members inviting users to assume reviewer roles in Audit log |
| CVE-2025-64327 | 2025-11-06 | ThinkDashboard: Blind Server-Side Request Forgery (SSRF) vulnerability in /api/ping Endpoint |
| CVE-2025-12790 | 2025-11-06 | Rubygem-mqtt: rubygem-mqtt hostname validation |
| CVE-2025-64176 | 2025-11-06 | ThinkDashboard: Arbitrary File Upload vulnerability in the Backup Import Feature |
| CVE-2025-64177 | 2025-11-06 | ThinkDashboard: Stored XSS in Dashboard via Malicious Bookmark |
| CVE-2025-64178 | 2025-11-06 | Jellysweep uses uncontrolled data in image cache API endpoint |
| CVE-2024-12125 | 2025-11-06 | 3scale-porta: readonly fields not validated server-side |
| CVE-2025-64179 | 2025-11-06 | lakeFS: Unauthenticated access to API usage metrics |
| CVE-2025-11205 | 2025-11-06 | Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2025-11206 | 2025-11-06 | Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-11207 | 2025-11-06 | Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2025-11208 | 2025-11-06 | Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a... |
| CVE-2025-11209 | 2025-11-06 | Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.... |
| CVE-2025-11210 | 2025-11-06 | Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via... |
| CVE-2025-11211 | 2025-11-06 | Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium... |
| CVE-2025-11212 | 2025-11-06 | Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing... |
| CVE-2025-11213 | 2025-11-06 | Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing... |
| CVE-2025-11215 | 2025-11-06 | Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium... |
| CVE-2025-11216 | 2025-11-06 | Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. (Chromium security severity: Low) |
| CVE-2025-11219 | 2025-11-06 | Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security... |
| CVE-2025-12636 | 2025-11-06 | Ubia Ubox |
| CVE-2025-64302 | 2025-11-06 | Advantech DeviceOn/iEdge Cross-site Scripting |
| CVE-2025-12036 | 2025-11-06 | Out of bounds memory access in V8 in Google Chrome prior to 141.0.7390.122 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium... |
| CVE-2025-11756 | 2025-11-06 | Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process to potentially perform out of bounds memory access... |
| CVE-2025-11458 | 2025-11-06 | Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security... |
| CVE-2025-11460 | 2025-11-06 | Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security severity: High) |
| CVE-2025-62630 | 2025-11-06 | Advantech DeviceOn/iEdge Path Traversal |