CVE-2025-40107 - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled
CVE ID : CVE-2025-40107
Published : Nov. 3, 2025, 1:15 p.m. | 2 hours, 43 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the `mcp251x` driver, which was fixed in commit 03c427147b2d ("can: mcp251x: fix resume from sleep before interface was brought up"). In the `hi311x` driver, when the device resumes from sleep, the driver schedules `priv->restart_work`. However, if the network interface was not previously enabled, the `priv->wq` (workqueue) is not allocated and initialized, leading to a null pointer dereference. To fix this, we move the allocation and initialization of the workqueue from the `hi3110_open` function to the `hi3110_can_probe` function. This ensures that the workqueue is properly initialized before it is used during device resume. And added logic to destroy the workqueue in the error handling paths of `hi3110_can_probe` and in the `hi3110_can_remove` function to prevent resource leaks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40107
Published : Nov. 3, 2025, 1:15 p.m. | 2 hours, 43 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the `mcp251x` driver, which was fixed in commit 03c427147b2d ("can: mcp251x: fix resume from sleep before interface was brought up"). In the `hi311x` driver, when the device resumes from sleep, the driver schedules `priv->restart_work`. However, if the network interface was not previously enabled, the `priv->wq` (workqueue) is not allocated and initialized, leading to a null pointer dereference. To fix this, we move the allocation and initialization of the workqueue from the `hi3110_open` function to the `hi3110_can_probe` function. This ensures that the workqueue is properly initialized before it is used during device resume. And added logic to destroy the workqueue in the error handling paths of `hi3110_can_probe` and in the `hi3110_can_remove` function to prevent resource leaks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64294 - WordPress WP Snow Effect plugin <= 1.1.15 - Broken Access Control to Notice Dismissal vulnerability
CVE ID : CVE-2025-64294
Published : Nov. 3, 2025, 2:15 p.m. | 1 hour, 43 minutes ago
Description : Missing Authorization vulnerability in d3wp WP Snow Effect allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Snow Effect: from n/a through 1.1.15.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64294
Published : Nov. 3, 2025, 2:15 p.m. | 1 hour, 43 minutes ago
Description : Missing Authorization vulnerability in d3wp WP Snow Effect allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Snow Effect: from n/a through 1.1.15.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11761 - HP Client Management Script Library – Security Update
CVE ID : CVE-2025-11761
Published : Nov. 3, 2025, 3:13 p.m. | 45 minutes ago
Description : A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11761
Published : Nov. 3, 2025, 3:13 p.m. | 45 minutes ago
Description : A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36091 - IBM Business Automation Insights unverified ownership
CVE ID : CVE-2025-36091
Published : Nov. 3, 2025, 3:14 p.m. | 44 minutes ago
Description : IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36091
Published : Nov. 3, 2025, 3:14 p.m. | 44 minutes ago
Description : IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-51317 - NetSurf DOM Node Normalization Code Execution Vulnerability
CVE ID : CVE-2024-51317
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the dom_node_normalize function
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-51317
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the dom_node_normalize function
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29699 - NetSurf Use After Free Vulnerability
CVE ID : CVE-2025-29699
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_content function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29699
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_content function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45663 - NetSurf Uninitialized Heap Memory Read Vulnerability
CVE ID : CVE-2025-45663
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45663
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60892 - Raspberry Pi Imager Public Key Authentication Bypass Vulnerability
CVE ID : CVE-2025-60892
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. The imager's 'public-key authentication' setting unintentionally re-adds a user's id_rsa.pub key from their local Windows machine to the authorized_keys file on the Raspberry Pi, even after the user explicitly deletes the key from the user interface. This creates an unintended attack surface, as it could allow an attacker to use a different key than the intended one to login to the device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60892
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. The imager's 'public-key authentication' setting unintentionally re-adds a user's id_rsa.pub key from their local Windows machine to the authorized_keys file on the Raspberry Pi, even after the user explicitly deletes the key from the user interface. This creates an unintended attack surface, as it could allow an attacker to use a different key than the intended one to login to the device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63442 - Apache Simple User Management System with PHP-MySQL XSS
CVE ID : CVE-2025-63442
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63442
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63443 - Apache School Management System XSS Vulnerability
CVE ID : CVE-2025-63443
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63443
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8900 - Doccure Core < 1.5.4 - Unauthenticated Privilege Escalation
CVE ID : CVE-2025-8900
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_type' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8900
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_type' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36092 - IBM Business Automation Insights improper input validation
CVE ID : CVE-2025-36092
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36092
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36093 - security vulnerabilities are addressed with IBM Business Automation Insights iFixes for October 2025.
CVE ID : CVE-2025-36093
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36093
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60503 - UltimatePOS Arbitrary JavaScript Injection
CVE ID : CVE-2025-60503
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60503
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60785 - IceScrum Postgres Drivers Remote Code Execution Vulnerability
CVE ID : CVE-2025-60785
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60785
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63446 - "Water Management System Cross Site Scripting Vulnerability"
CVE ID : CVE-2025-63446
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63446
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63447 - "Water Management System XSS Vulnerability"
CVE ID : CVE-2025-63447
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63447
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63448 - "Water Management System XSS Vulnerability"
CVE ID : CVE-2025-63448
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63448
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63449 - Water Management System XSS
CVE ID : CVE-2025-63449
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63449
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63450 - CarLux Car Booking System XSS Vulnerability
CVE ID : CVE-2025-63450
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63450
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63451 - Carlux Car Booking System SQL Injection
CVE ID : CVE-2025-63451
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63451
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...