CVE-2025-62642 - RBI Assistant Unauthenticated Account Creation Vulnerability
CVE ID : CVE-2025-62642
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62642
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62643 - RBI Assistant Cleartext Password Transmission
CVE ID : CVE-2025-62643
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages.
Severity: 3.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62643
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages.
Severity: 3.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62644 - RBI Global Store Directory Information Disclosure Vulnerability
CVE ID : CVE-2025-62644
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62644
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62645 - RBI Assistant Platform Privilege Escalation Vulnerability
CVE ID : CVE-2025-62645
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62645
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62646 - RBI Drive Thru Audio Storage Information Disclosure Vulnerability
CVE ID : CVE-2025-62646
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62646
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62647 - RBI Restaurant Assistant JWT Authentication Bypass
CVE ID : CVE-2025-62647
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62647
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62648 - TimsDotCom Drive Thru Audio Volume Tampering Vulnerability
CVE ID : CVE-2025-62648
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62648
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62649 - RBI Restaurant Brands International Client-Side Authentication Bypass
CVE ID : CVE-2025-62649
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62649
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62650 - RBI Restaurant Brands International Client-Side Authentication Bypass
CVE ID : CVE-2025-62650
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62650
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62651 - RBI Assistant Platform Bathroom Rating Interface Unauthenticated Access Vulnerability
CVE ID : CVE-2025-62651
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62651
Published : Oct. 17, 2025, 9:15 p.m. | 44 minutes ago
Description : The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62652 - Stored XSS in WebAuthn key name
CVE ID : CVE-2025-62652
Published : Oct. 17, 2025, 11:15 p.m. | 1 hour, 10 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62652
Published : Oct. 17, 2025, 11:15 p.m. | 1 hour, 10 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki WebAuthn extension allows Stored XSS.This issue affects MediaWiki WebAuthn extension: 1.39, 1.43, 1.44.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62653 - Stored XSS through system messages in PollNY
CVE ID : CVE-2025-62653
Published : Oct. 17, 2025, 11:15 p.m. | 1 hour, 10 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects MediaWiki PollNY extension: 1.39, 1.43, 1.44.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62653
Published : Oct. 17, 2025, 11:15 p.m. | 1 hour, 10 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PollNY extension allows Stored XSS.This issue affects MediaWiki PollNY extension: 1.39, 1.43, 1.44.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62654 - Stored XSS through system messages in QuizGame
CVE ID : CVE-2025-62654
Published : Oct. 17, 2025, 11:15 p.m. | 1 hour, 10 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki QuizGame extension allows Stored XSS.This issue affects MediaWiki QuizGame extension: 1.39, 1.43, 1.44.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62654
Published : Oct. 17, 2025, 11:15 p.m. | 1 hour, 10 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki QuizGame extension allows Stored XSS.This issue affects MediaWiki QuizGame extension: 1.39, 1.43, 1.44.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62655 - SQL injection in Cargo via Special:CargoExport
CVE ID : CVE-2025-62655
Published : Oct. 17, 2025, 11:15 p.m. | 1 hour, 10 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62655
Published : Oct. 17, 2025, 11:15 p.m. | 1 hour, 10 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki Cargo extension allows SQL Injection.This issue affects MediaWiki Cargo extension: 1.39, 1.43, 1.44.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62632 - Apache HTTP Server Information Disclosure
CVE ID : CVE-2025-62632
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62632
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62633 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-62633
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62633
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62634 - Apache HTTP Server Information Disclosure
CVE ID : CVE-2025-62634
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62634
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62635 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-62635
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62635
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62636 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-62636
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62636
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62637 - Apache HTTP Server Denial of Service
CVE ID : CVE-2025-62637
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62637
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62638 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-62638
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62638
Published : Oct. 18, 2025, 3:15 a.m. | 1 hour, 10 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...