Lista CVE - 2025 / Novembre
Visualizzazione 1701 - 1779 di 1779 CVE per Novembre 2025 (Pagina 18 di 18)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-63680 | 2025-11-14 | Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when... |
| CVE-2025-63701 | 2025-11-14 | A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUI_x64_ADVANTECH.dll (v0.3.9200.20789) when DocumentPropertiesW() is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly... |
| CVE-2025-63724 | 2025-11-14 | SQL injection (SQL-i) vulnerability in SVX Portal 2.7A via crafted POST request to admin/update_setings.php. |
| CVE-2025-63725 | 2025-11-14 | Reflected Cross-Site Scripting (XSS) vulnerability in SVX Portal 2.7A via the id parameter to Recivers.php. |
| CVE-2025-63744 | 2025-11-14 | A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load() function of bin_dyldcache.c. Processing a crafted file can cause a segmentation fault and crash the... |
| CVE-2025-63745 | 2025-11-14 | A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info() function of bin_ne.c. A crafted binary input can trigger a segmentation fault, leading to a... |
| CVE-2025-63830 | 2025-11-14 | CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content. |
| CVE-2025-63891 | 2025-11-14 | Information Disclosure in web-accessible backup file in SourceCodester Simple Online Book Store System allows a remote unauthenticated attacker to disclose full database contents (including schema and credential hashes) via an... |
| CVE-2025-64084 | 2025-11-14 | An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5 and earlier. The vucc_details_ajax function in application/controllers/Awards.php does not properly sanitize the user-supplied Gridsquare POST parameter. This allows a remote, authenticated... |
| CVE-2025-12904 | 2025-11-14 | SNORDIAN's H5PxAPIkatchu <= 0.4.17 - Unauthenticated Stored Cross-Site Scripting via insert_data |
| CVE-2025-13097 | 2025-11-14 | Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2025-9479 | 2025-11-14 | Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2024-13983 | 2025-11-14 | Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity: Low) |
| CVE-2024-11920 | 2025-11-14 | Inappropriate implementation in Dawn in Google Chrome on Mac prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security... |
| CVE-2024-11919 | 2025-11-14 | Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2025-13102 | 2025-11-14 | Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2024-9126 | 2025-11-14 | Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit... |
| CVE-2024-7017 | 2025-11-14 | Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-13178 | 2025-11-14 | Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2024-7021 | 2025-11-14 | Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2025-13107 | 2025-11-14 | Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2025-13160 | 2025-11-14 | IQ Service International|IQ-Support - Exposure of Sensitive Information |
| CVE-2025-13161 | 2025-11-14 | IQ Service International|IQ-Support - Arbitrary File Read |
| CVE-2025-64444 | 2025-11-14 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained the authentication... |
| CVE-2025-10686 | 2025-11-14 | Creta Testimonial Showcase < 1.2.4 - Editor+ Local File Inclusion |
| CVE-2025-11776 | 2025-11-14 | Guest user can discover archived public channels |
| CVE-2025-41436 | 2025-11-14 | Unauthorized access to archived channel content via threads interface |
| CVE-2025-55070 | 2025-11-14 | Lack of MFA enforcement in WebSocket connections |
| CVE-2025-55073 | 2025-11-14 | MS Teams plugin OAuth allows editing arbitrary posts |
| CVE-2025-11794 | 2025-11-14 | Password hash and MFA secret returned in user email verification endpoint |
| CVE-2025-11981 | 2025-11-14 | School Management System – WPSchoolPress <= 2.2.23 - Authenticated (Administrator+) SQL Injection |
| CVE-2025-8855 | 2025-11-14 | 2FA Expiry Bypass in Optimus Software's Brokerage Automation |
| CVE-2025-9982 | 2025-11-14 | Hard-coded admin credentials in Quick.CMS |
| CVE-2025-10018 | 2025-11-14 | Multiple Stored XSS in QuickCMS |
| CVE-2025-11918 | 2025-11-14 | Rockwell Automation Arena® Simulation Stack-Based Buffer Overflow Vulnerability |
| CVE-2025-12149 | 2025-11-14 | Unauthorized access to documents protected by Document-Level Security (DLS), when Signals watches include a search query involving protected documents |
| CVE-2024-21635 | 2025-11-14 | Memos Access Tokens Stay Valid after User Password Change |
| CVE-2025-13168 | 2025-11-14 | ury-erp ury pos_extend.py overrided_past_order_list sql injection |
| CVE-2025-13169 | 2025-11-14 | code-projects Simple Online Hotel Reservation System add_query_reserve.php sql injection |
| CVE-2025-64446 | 2025-11-14 | A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an... |
| CVE-2025-8870 | 2025-11-14 | On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device. |
| CVE-2025-13170 | 2025-11-14 | code-projects Simple Online Hotel Reservation System edit_account.php sql injection |
| CVE-2025-13204 | 2025-11-14 | CVE-2025-13204 |
| CVE-2025-13171 | 2025-11-14 | ZZCMS wangkan_list.php sql injection |
| CVE-2025-4616 | 2025-11-14 | Prisma Browser: Insufficient Validation of Untrusted Input Vulnerability in Prisma Browser |
| CVE-2025-4617 | 2025-11-14 | Prisma Browser: Insufficient Policy Enforcement Vulnerability in Prisma Browser |
| CVE-2025-4618 | 2025-11-14 | Prisma Browser: Sensitive Information Disclosure Vulnerability in Prisma Browser |
| CVE-2025-13172 | 2025-11-14 | CodeAstro Gym Management System view-member-report.php sql injection |
| CVE-2025-13174 | 2025-11-14 | rachelos WeRSS we-mp-rss Webhook mps.py do_job server-side request forgery |
| CVE-2025-13177 | 2025-11-14 | Bdtask/CodeCanyon SalesERP cross-site request forgery |
| CVE-2025-13178 | 2025-11-14 | Bdtask/CodeCanyon SalesERP User Profile edit_profile cross site scripting |
| CVE-2025-13179 | 2025-11-14 | Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System cross-site request forgery |
| CVE-2025-13180 | 2025-11-14 | Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System edit_profile cross site scripting |
| CVE-2025-13033 | 2025-11-14 | Nodemailer: nodemailer: email to an unintended domain can occur due to interpretation conflict |
| CVE-2025-13181 | 2025-11-14 | pojoin h3blog add cross site scripting |
| CVE-2025-13182 | 2025-11-14 | pojoin h3blog addtitle cross site scripting |
| CVE-2025-13185 | 2025-11-14 | Bdtask/CodeCanyon News365 profile unrestricted upload |
| CVE-2025-13186 | 2025-11-14 | Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution manage_customer cross site scripting |
| CVE-2025-13187 | 2025-11-14 | Intelbras ICIP acessodeusuario.xml credentials storage |
| CVE-2025-13188 | 2025-11-14 | D-Link DIR-816L authentication.cgi authenticationcgi_main stack-based overflow |
| CVE-2022-4985 | 2025-11-14 | Vodafone H500s WiFi Password Disclosure via activation.json |
| CVE-2016-15056 | 2025-11-14 | Ubee EVW3226 Unauthenticated Backup File Disclosure |
| CVE-2021-4471 | 2025-11-14 | TG8 Firewall Unauthenticated User Password Disclosure |
| CVE-2021-4470 | 2025-11-14 | TG8 Firewall Unauthenticated RCE via runphpcmd.php |
| CVE-2023-7328 | 2025-11-14 | Screen SFT DAB 600/C <= 1.9.3 Unauthenticated Information Disclosure |
| CVE-2021-4465 | 2025-11-14 | ReQuest Serious Play F3 Media Server <= 7.0.3 Remote DoS |
| CVE-2021-4467 | 2025-11-14 | Positive Technologies MaxPatrol 8 & XSpider Remote DoS |
| CVE-2021-4468 | 2025-11-14 | PLANEX CS-QP50F-ING2 Smart Camera Remote Configuration Disclosure |
| CVE-2018-25125 | 2025-11-14 | Netis DL4322D RTK 2.1.1 FTP Service DoS |
| CVE-2021-4466 | 2025-11-14 | IPCop <= 2.1.9 Authenticated RCE |
| CVE-2021-4469 | 2025-11-14 | Denver SHO-110 IP Camera Unauthenticated Snapshot Access |
| CVE-2025-55034 | 2025-11-14 | General Industrial Controls Lynx+ Gateway Weak Password Requirements |
| CVE-2025-58083 | 2025-11-14 | General Industrial Controls Lynx+ Gateway Missing Authentication for Critical Function |
| CVE-2025-59780 | 2025-11-14 | General Industrial Controls Lynx+ Gateway Missing Authentication for Critical Function |
| CVE-2025-62765 | 2025-11-14 | General Industrial Controls Lynx+ Gateway Cleartext Transmission of Sensitive Information |
| CVE-2025-64307 | 2025-11-14 | Brightpick Mission Control / Internal Logic Control Missing Authentication for Critical Function |
| CVE-2025-64308 | 2025-11-14 | Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials |
| CVE-2025-64309 | 2025-11-14 | Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials |