CVE-2025-11761 - HP Client Management Script Library – Security Update
CVE ID : CVE-2025-11761
Published : Nov. 3, 2025, 3:13 p.m. | 45 minutes ago
Description : A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11761
Published : Nov. 3, 2025, 3:13 p.m. | 45 minutes ago
Description : A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing software updates to mitigate the potential vulnerability.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36091 - IBM Business Automation Insights unverified ownership
CVE ID : CVE-2025-36091
Published : Nov. 3, 2025, 3:14 p.m. | 44 minutes ago
Description : IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36091
Published : Nov. 3, 2025, 3:14 p.m. | 44 minutes ago
Description : IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-51317 - NetSurf DOM Node Normalization Code Execution Vulnerability
CVE ID : CVE-2024-51317
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the dom_node_normalize function
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-51317
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the dom_node_normalize function
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29699 - NetSurf Use After Free Vulnerability
CVE ID : CVE-2025-29699
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_content function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29699
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_content function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45663 - NetSurf Uninitialized Heap Memory Read Vulnerability
CVE ID : CVE-2025-45663
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45663
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60892 - Raspberry Pi Imager Public Key Authentication Bypass Vulnerability
CVE ID : CVE-2025-60892
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. The imager's 'public-key authentication' setting unintentionally re-adds a user's id_rsa.pub key from their local Windows machine to the authorized_keys file on the Raspberry Pi, even after the user explicitly deletes the key from the user interface. This creates an unintended attack surface, as it could allow an attacker to use a different key than the intended one to login to the device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60892
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. The imager's 'public-key authentication' setting unintentionally re-adds a user's id_rsa.pub key from their local Windows machine to the authorized_keys file on the Raspberry Pi, even after the user explicitly deletes the key from the user interface. This creates an unintended attack surface, as it could allow an attacker to use a different key than the intended one to login to the device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63442 - Apache Simple User Management System with PHP-MySQL XSS
CVE ID : CVE-2025-63442
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63442
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63443 - Apache School Management System XSS Vulnerability
CVE ID : CVE-2025-63443
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63443
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8900 - Doccure Core < 1.5.4 - Unauthenticated Privilege Escalation
CVE ID : CVE-2025-8900
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_type' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8900
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_type' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36092 - IBM Business Automation Insights improper input validation
CVE ID : CVE-2025-36092
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36092
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36093 - security vulnerabilities are addressed with IBM Business Automation Insights iFixes for October 2025.
CVE ID : CVE-2025-36093
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36093
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60503 - UltimatePOS Arbitrary JavaScript Injection
CVE ID : CVE-2025-60503
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60503
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60785 - IceScrum Postgres Drivers Remote Code Execution Vulnerability
CVE ID : CVE-2025-60785
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60785
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63446 - "Water Management System Cross Site Scripting Vulnerability"
CVE ID : CVE-2025-63446
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63446
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63447 - "Water Management System XSS Vulnerability"
CVE ID : CVE-2025-63447
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63447
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63448 - "Water Management System XSS Vulnerability"
CVE ID : CVE-2025-63448
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63448
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63449 - Water Management System XSS
CVE ID : CVE-2025-63449
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63449
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63450 - CarLux Car Booking System XSS Vulnerability
CVE ID : CVE-2025-63450
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63450
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63451 - Carlux Car Booking System SQL Injection
CVE ID : CVE-2025-63451
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63451
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63452 - CarLux SQL Injection Vulnerability
CVE ID : CVE-2025-63452
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63452
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63453 - CarLux SQL Injection Vulnerability
CVE ID : CVE-2025-63453
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63453
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...