Lista CVE - 2025 / Novembre
Visualizzazione 201 - 300 di 1779 CVE per Novembre 2025 (Pagina 3 di 18)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-43338 | 2025-11-04 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.2, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may... |
| CVE-2025-43504 | 2025-11-04 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service. |
| CVE-2025-43441 | 2025-11-04 | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash. |
| CVE-2025-43457 | 2025-11-04 | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content... |
| CVE-2025-43379 | 2025-11-04 | This issue was addressed with improved validation of symlinks. This issue is fixed in visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS... |
| CVE-2025-43396 | 2025-11-04 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. A sandboxed app may be able to access sensitive user data. |
| CVE-2025-43364 | 2025-11-04 | A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to break out of its sandbox. |
| CVE-2025-43348 | 2025-11-04 | A logic issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may bypass Gatekeeper checks. |
| CVE-2025-43431 | 2025-11-04 | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to memory corruption. |
| CVE-2025-43427 | 2025-11-04 | This issue was addressed through improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, tvOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may... |
| CVE-2025-43309 | 2025-11-04 | A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an iOS device may be able... |
| CVE-2025-43407 | 2025-11-04 | This issue was addressed with improved entitlements. This issue is fixed in visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1, tvOS 26.1. An app may... |
| CVE-2025-43391 | 2025-11-04 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may... |
| CVE-2025-43450 | 2025-11-04 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to learn information about the current camera... |
| CVE-2025-43503 | 2025-11-04 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Visiting a malicious website may lead to user interface... |
| CVE-2025-43446 | 2025-11-04 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to modify protected parts of... |
| CVE-2025-43411 | 2025-11-04 | This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access user-sensitive data. |
| CVE-2025-43387 | 2025-11-04 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2. A malicious app may be able to gain root privileges. |
| CVE-2025-43493 | 2025-11-04 | The issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Visiting a malicious website may lead to address bar spoofing. |
| CVE-2025-43345 | 2025-11-04 | A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7, visionOS 26,... |
| CVE-2025-43386 | 2025-11-04 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing a maliciously crafted media file may lead to unexpected... |
| CVE-2025-43502 | 2025-11-04 | A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. An app may be able to bypass... |
| CVE-2025-43447 | 2025-11-04 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to cause unexpected... |
| CVE-2025-43390 | 2025-11-04 | A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.2. An app may be able to access user-sensitive data. |
| CVE-2025-43426 | 2025-11-04 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to access sensitive user data. |
| CVE-2025-43430 | 2025-11-04 | This issue was addressed through improved state management. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web... |
| CVE-2025-43365 | 2025-11-04 | A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An unprivileged process may be able to terminate a root processes. |
| CVE-2025-43373 | 2025-11-04 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to cause unexpected system termination or... |
| CVE-2025-11841 | 2025-11-04 | Greenshift – animation and page builder blocks <= 12.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Data Attributes |
| CVE-2025-12324 | 2025-11-04 | TablePress – Tables in WordPress made easy <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes |
| CVE-2025-27064 | 2025-11-04 | Buffer Over-read in Core Services |
| CVE-2025-27070 | 2025-11-04 | Out-of-bounds Write in Windows Compute |
| CVE-2025-27074 | 2025-11-04 | Incorrect Calculation of Buffer Size in SCE-Mink |
| CVE-2025-47352 | 2025-11-04 | Improper Validation of Array Index in Audio |
| CVE-2025-47353 | 2025-11-04 | Exposed Dangerous Method or Function in Automotive Software platform based on QNX |
| CVE-2025-47357 | 2025-11-04 | Missing Authentication for Critical Function in SMSS |
| CVE-2025-47360 | 2025-11-04 | Stack-based Buffer Overflow in Automotive Software platform based on QNX |
| CVE-2025-47361 | 2025-11-04 | Improper Validation of Array Index in Automotive Software platform based on QNX |
| CVE-2025-47362 | 2025-11-04 | Buffer Over-read in Automotive Software platform based on QNX |
| CVE-2025-47365 | 2025-11-04 | Integer Overflow or Wraparound in Automotive Platform |
| CVE-2025-47367 | 2025-11-04 | Out-of-bounds Write in WinBlast Driver |
| CVE-2025-47368 | 2025-11-04 | Buffer Over-read in DSP Service |
| CVE-2025-47370 | 2025-11-04 | Reachable Assertion in BT Controller |
| CVE-2025-12070 | 2025-11-04 | ViaAds <= 2.1.1 - Cross-Site Request Forgery to API Key Update |
| CVE-2025-11007 | 2025-11-04 | CE21 Suite 2.2.1 - 2.3.1 - Missing Authorization to Unauthenticated Privilege Escalation via Plugin Settings Update |
| CVE-2025-12401 | 2025-11-04 | Label Plugins <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-11008 | 2025-11-04 | CE21 Suite <= 2.3.1 - Unauthenticated Sensitive Information Exposure to Privilege Escalation |
| CVE-2025-12069 | 2025-11-04 | WP Global Screen Options <= 0.2 - Cross-Site Request Forgery to Screen Options Update |
| CVE-2025-12683 | 2025-11-04 | NULL DACL assigned to Named Pipe communicating with SYSTEM Service |
| CVE-2025-12188 | 2025-11-04 | Posts Navigation Links for Sections and Headings - Free by WP Masters <= 1.0.1 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-12412 | 2025-11-04 | Top Bar Notification <= 1.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-10896 | 2025-11-04 | Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload |
| CVE-2025-12416 | 2025-11-04 | Pagerank Tools <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12393 | 2025-11-04 | Free Quotation <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-12350 | 2025-11-04 | DominoKit <= 1.1.0 - Missing Authorization to Unauthenticated Settings Update |
| CVE-2025-12413 | 2025-11-04 | Social Media WPCF7 Stop Words <= 1.1.3 - Cross-Site Request Forgery to Settings Update |
| CVE-2025-11758 | 2025-11-04 | All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0.3 - Missing Authorization to Page Creation and Information Exposure |
| CVE-2025-12410 | 2025-11-04 | SH Contextual Help <= 3.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12157 | 2025-11-04 | Simple User Capabilities <= 1.0 - Missing Authorization to Unauthenticated Capability Reset |
| CVE-2025-11890 | 2025-11-04 | Crypto Payment Gateway with Payeer for WooCommerce <= 1.0.3 - Unauthenticated Payment Bypass |
| CVE-2025-12369 | 2025-11-04 | Extensions for Leaflet Map <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-12400 | 2025-11-04 | LMB^Box Smileys <= 3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12456 | 2025-11-04 | Centangle Team Showcase <= 1.0.0 - Cross-Site Request Forgery To Plugin's Settings Modification And Stored Cross-Site Scripting |
| CVE-2025-11724 | 2025-11-04 | EM Beer Manager <= 3.2.3 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-12156 | 2025-11-04 | Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One 2.0.7 - 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation |
| CVE-2025-12415 | 2025-11-04 | MapMap <= 1.1 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting |
| CVE-2025-12402 | 2025-11-04 | LinkedIn Resume <= 2.00 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-11704 | 2025-11-04 | Elegance Menu <= 1.9 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2025-12389 | 2025-11-04 | Import Export For WooCommerce <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2025-12371 | 2025-11-04 | Nari Accountant <= 1.0.12 - Authenticated (Editor+) Stored Cross-Site Scripting |
| CVE-2025-12065 | 2025-11-04 | WP Carticon <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-11733 | 2025-11-04 | Footnotes Made Easy <= 3.0.7 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-12452 | 2025-11-04 | Visit Counter 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-12158 | 2025-11-04 | Simple User Capabilities <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2025-11753 | 2025-11-04 | Multi-language Responsive Portfolio WordPress <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-12403 | 2025-11-04 | Associados Amazon Plugin <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2025-11812 | 2025-11-04 | Reuse Builder <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-12396 | 2025-11-04 | Clubmember <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2025-20727 | 2025-11-04 | In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to... |
| CVE-2025-20726 | 2025-11-04 | In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to... |
| CVE-2025-20725 | 2025-11-04 | In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected... |
| CVE-2025-20728 | 2025-11-04 | In wlan STA driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges... |
| CVE-2025-20730 | 2025-11-04 | In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has already obtained... |
| CVE-2025-20733 | 2025-11-04 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges... |
| CVE-2025-20735 | 2025-11-04 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges... |
| CVE-2025-20737 | 2025-11-04 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges... |
| CVE-2025-20740 | 2025-11-04 | In wlan STA driver, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with User execution privileges needed. User... |
| CVE-2025-20742 | 2025-11-04 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional... |
| CVE-2025-20743 | 2025-11-04 | In clkdbg, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the... |
| CVE-2025-20744 | 2025-11-04 | In pda, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the... |
| CVE-2025-20745 | 2025-11-04 | In apusys, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System... |
| CVE-2025-20729 | 2025-11-04 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor... |
| CVE-2025-20731 | 2025-11-04 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor... |
| CVE-2025-20732 | 2025-11-04 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor... |
| CVE-2025-20734 | 2025-11-04 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor... |
| CVE-2025-20736 | 2025-11-04 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor... |
| CVE-2025-20738 | 2025-11-04 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor... |
| CVE-2025-20739 | 2025-11-04 | In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor... |
| CVE-2025-20746 | 2025-11-04 | In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has... |
| CVE-2025-20747 | 2025-11-04 | In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has... |