CVE-2025-36093 - security vulnerabilities are addressed with IBM Business Automation Insights iFixes for October 2025.
CVE ID : CVE-2025-36093
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36093
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60503 - UltimatePOS Arbitrary JavaScript Injection
CVE ID : CVE-2025-60503
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60503
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60785 - IceScrum Postgres Drivers Remote Code Execution Vulnerability
CVE ID : CVE-2025-60785
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60785
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63446 - "Water Management System Cross Site Scripting Vulnerability"
CVE ID : CVE-2025-63446
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63446
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_vendor.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63447 - "Water Management System XSS Vulnerability"
CVE ID : CVE-2025-63447
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63447
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63448 - "Water Management System XSS Vulnerability"
CVE ID : CVE-2025-63448
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63448
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63449 - Water Management System XSS
CVE ID : CVE-2025-63449
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63449
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63450 - CarLux Car Booking System XSS Vulnerability
CVE ID : CVE-2025-63450
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63450
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63451 - Carlux Car Booking System SQL Injection
CVE ID : CVE-2025-63451
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63451
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63452 - CarLux SQL Injection Vulnerability
CVE ID : CVE-2025-63452
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63452
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63453 - CarLux SQL Injection Vulnerability
CVE ID : CVE-2025-63453
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63453
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10280 - Incorrect Content Type Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-10280
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p6, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a requesting browser to interpret content not properly escaped to prevent Cross-Site Scripting (XSS).
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10280
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p6, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a requesting browser to interpret content not properly escaped to prevent Cross-Site Scripting (XSS).
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11953 - Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests
CVE ID : CVE-2025-11953
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11953
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12463 - Unauthenticated SQL Injection in Guetebruck G-Cam Series Cameras
CVE ID : CVE-2025-12463
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras through the `Group` parameter in the `/uapi-cgi/viewer/Param.cgi` script. This has been confirmed on the EFD-2130 camera running firmware version 1.12.0.19.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12463
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras through the `Group` parameter in the `/uapi-cgi/viewer/Param.cgi` script. This has been confirmed on the EFD-2130 camera running firmware version 1.12.0.19.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50363 - "PhpGurukul Maid Hiring Management System XSS"
CVE ID : CVE-2025-50363
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in /maid-hiring.php va the name field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50363
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in /maid-hiring.php va the name field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63441 - OSSN Cross Site Scripting Vulnerability
CVE ID : CVE-2025-63441
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63441
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45959 - No vulnerability title.
CVE ID : CVE-2025-45959
Published : Nov. 3, 2025, 6:16 p.m. | 1 hour, 42 minutes ago
Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45959
Published : Nov. 3, 2025, 6:16 p.m. | 1 hour, 42 minutes ago
Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8558 - "ITM Server Authentication Bypass"
CVE ID : CVE-2025-8558
Published : Nov. 3, 2025, 7:16 p.m. | 42 minutes ago
Description : Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents the server from receiving new events from affected agents, resulting in a partial loss of integrity and availability with no impact to confidentiality.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8558
Published : Nov. 3, 2025, 7:16 p.m. | 42 minutes ago
Description : Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents the server from receiving new events from affected agents, resulting in a partial loss of integrity and availability with no impact to confidentiality.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12642 - HTTP Header Smuggling via Trailer Merge
CVE ID : CVE-2025-12642
Published : Nov. 3, 2025, 7:36 p.m. | 22 minutes ago
Description : lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: * Bypass access control rules * Inject unsafe input into backend logic that trusts request headers * Execute HTTP Request Smuggling attacks under some conditions This issue affects lighttpd1.4.80
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12642
Published : Nov. 3, 2025, 7:36 p.m. | 22 minutes ago
Description : lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: * Bypass access control rules * Inject unsafe input into backend logic that trusts request headers * Execute HTTP Request Smuggling attacks under some conditions This issue affects lighttpd1.4.80
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12531 - IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability
CVE ID : CVE-2025-12531
Published : Nov. 3, 2025, 8:17 p.m. | 3 hours, 42 minutes ago
Description : IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12531
Published : Nov. 3, 2025, 8:17 p.m. | 3 hours, 42 minutes ago
Description : IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50735 - NextChat WebDAV Directory Traversal Vulnerability
CVE ID : CVE-2025-50735
Published : Nov. 3, 2025, 8:19 p.m. | 3 hours, 40 minutes ago
Description : Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50735
Published : Nov. 3, 2025, 8:19 p.m. | 3 hours, 40 minutes ago
Description : Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...