CVE-2025-60892 - Raspberry Pi Imager Public Key Authentication Bypass Vulnerability
CVE ID : CVE-2025-60892
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. The imager's 'public-key authentication' setting unintentionally re-adds a user's id_rsa.pub key from their local Windows machine to the authorized_keys file on the Raspberry Pi, even after the user explicitly deletes the key from the user interface. This creates an unintended attack surface, as it could allow an attacker to use a different key than the intended one to login to the device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60892
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. The imager's 'public-key authentication' setting unintentionally re-adds a user's id_rsa.pub key from their local Windows machine to the authorized_keys file on the Raspberry Pi, even after the user explicitly deletes the key from the user interface. This creates an unintended attack surface, as it could allow an attacker to use a different key than the intended one to login to the device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63442 - Apache Simple User Management System with PHP-MySQL XSS
CVE ID : CVE-2025-63442
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63442
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63443 - Apache School Management System XSS Vulnerability
CVE ID : CVE-2025-63443
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63443
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8900 - Doccure Core < 1.5.4 - Unauthenticated Privilege Escalation
CVE ID : CVE-2025-8900
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_type' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8900
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_type' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36092 - IBM Business Automation Insights improper input validation
CVE ID : CVE-2025-36092
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36092
Published : Nov. 3, 2025, 3:15 p.m. | 43 minutes ago
Description : IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36093 - security vulnerabilities are addressed with IBM Business Automation Insights iFixes for October 2025.
CVE ID : CVE-2025-36093
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36093
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60503 - UltimatePOS Arbitrary JavaScript Injection
CVE ID : CVE-2025-60503
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60503
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60785 - IceScrum Postgres Drivers Remote Code Execution Vulnerability
CVE ID : CVE-2025-60785
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60785
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63446 - "Water Management System Cross Site Scripting Vulnerability"
CVE ID : CVE-2025-63446
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63446
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63447 - "Water Management System XSS Vulnerability"
CVE ID : CVE-2025-63447
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63447
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63448 - "Water Management System XSS Vulnerability"
CVE ID : CVE-2025-63448
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63448
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63449 - Water Management System XSS
CVE ID : CVE-2025-63449
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63449
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63450 - CarLux Car Booking System XSS Vulnerability
CVE ID : CVE-2025-63450
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63450
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63451 - Carlux Car Booking System SQL Injection
CVE ID : CVE-2025-63451
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63451
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63452 - CarLux SQL Injection Vulnerability
CVE ID : CVE-2025-63452
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63452
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63453 - CarLux SQL Injection Vulnerability
CVE ID : CVE-2025-63453
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63453
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10280 - Incorrect Content Type Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-10280
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p6, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a requesting browser to interpret content not properly escaped to prevent Cross-Site Scripting (XSS).
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10280
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p6, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a requesting browser to interpret content not properly escaped to prevent Cross-Site Scripting (XSS).
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11953 - Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests
CVE ID : CVE-2025-11953
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11953
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12463 - Unauthenticated SQL Injection in Guetebruck G-Cam Series Cameras
CVE ID : CVE-2025-12463
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras through the `Group` parameter in the `/uapi-cgi/viewer/Param.cgi` script. This has been confirmed on the EFD-2130 camera running firmware version 1.12.0.19.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12463
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras through the `Group` parameter in the `/uapi-cgi/viewer/Param.cgi` script. This has been confirmed on the EFD-2130 camera running firmware version 1.12.0.19.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50363 - "PhpGurukul Maid Hiring Management System XSS"
CVE ID : CVE-2025-50363
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in /maid-hiring.php va the name field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50363
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in /maid-hiring.php va the name field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63441 - OSSN Cross Site Scripting Vulnerability
CVE ID : CVE-2025-63441
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63441
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...