CVE-2025-63448 - "Water Management System XSS Vulnerability"
CVE ID : CVE-2025-63448
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63448
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit_product.php?id=1.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63449 - Water Management System XSS
CVE ID : CVE-2025-63449
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63449
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63450 - CarLux Car Booking System XSS Vulnerability
CVE ID : CVE-2025-63450
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63450
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63451 - Carlux Car Booking System SQL Injection
CVE ID : CVE-2025-63451
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63451
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63452 - CarLux SQL Injection Vulnerability
CVE ID : CVE-2025-63452
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63452
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63453 - CarLux SQL Injection Vulnerability
CVE ID : CVE-2025-63453
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63453
Published : Nov. 3, 2025, 4:15 p.m. | 3 hours, 43 minutes ago
Description : Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10280 - Incorrect Content Type Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-10280
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p6, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a requesting browser to interpret content not properly escaped to prevent Cross-Site Scripting (XSS).
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10280
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p6, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a requesting browser to interpret content not properly escaped to prevent Cross-Site Scripting (XSS).
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11953 - Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests
CVE ID : CVE-2025-11953
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11953
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12463 - Unauthenticated SQL Injection in Guetebruck G-Cam Series Cameras
CVE ID : CVE-2025-12463
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras through the `Group` parameter in the `/uapi-cgi/viewer/Param.cgi` script. This has been confirmed on the EFD-2130 camera running firmware version 1.12.0.19.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12463
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras through the `Group` parameter in the `/uapi-cgi/viewer/Param.cgi` script. This has been confirmed on the EFD-2130 camera running firmware version 1.12.0.19.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50363 - "PhpGurukul Maid Hiring Management System XSS"
CVE ID : CVE-2025-50363
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in /maid-hiring.php va the name field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50363
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in /maid-hiring.php va the name field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63441 - OSSN Cross Site Scripting Vulnerability
CVE ID : CVE-2025-63441
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63441
Published : Nov. 3, 2025, 5:15 p.m. | 2 hours, 43 minutes ago
Description : Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45959 - No vulnerability title.
CVE ID : CVE-2025-45959
Published : Nov. 3, 2025, 6:16 p.m. | 1 hour, 42 minutes ago
Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45959
Published : Nov. 3, 2025, 6:16 p.m. | 1 hour, 42 minutes ago
Description : Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8558 - "ITM Server Authentication Bypass"
CVE ID : CVE-2025-8558
Published : Nov. 3, 2025, 7:16 p.m. | 42 minutes ago
Description : Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents the server from receiving new events from affected agents, resulting in a partial loss of integrity and availability with no impact to confidentiality.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8558
Published : Nov. 3, 2025, 7:16 p.m. | 42 minutes ago
Description : Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents the server from receiving new events from affected agents, resulting in a partial loss of integrity and availability with no impact to confidentiality.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12642 - HTTP Header Smuggling via Trailer Merge
CVE ID : CVE-2025-12642
Published : Nov. 3, 2025, 7:36 p.m. | 22 minutes ago
Description : lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: * Bypass access control rules * Inject unsafe input into backend logic that trusts request headers * Execute HTTP Request Smuggling attacks under some conditions This issue affects lighttpd1.4.80
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12642
Published : Nov. 3, 2025, 7:36 p.m. | 22 minutes ago
Description : lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: * Bypass access control rules * Inject unsafe input into backend logic that trusts request headers * Execute HTTP Request Smuggling attacks under some conditions This issue affects lighttpd1.4.80
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12531 - IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability
CVE ID : CVE-2025-12531
Published : Nov. 3, 2025, 8:17 p.m. | 3 hours, 42 minutes ago
Description : IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12531
Published : Nov. 3, 2025, 8:17 p.m. | 3 hours, 42 minutes ago
Description : IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50735 - NextChat WebDAV Directory Traversal Vulnerability
CVE ID : CVE-2025-50735
Published : Nov. 3, 2025, 8:19 p.m. | 3 hours, 40 minutes ago
Description : Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50735
Published : Nov. 3, 2025, 8:19 p.m. | 3 hours, 40 minutes ago
Description : Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63593 - Grav CMS Cross Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-63593
Published : Nov. 3, 2025, 8:19 p.m. | 3 hours, 40 minutes ago
Description : Grav CMS1.7.49.5 is vulnerable to Cross Site Scripting (XSS).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63593
Published : Nov. 3, 2025, 8:19 p.m. | 3 hours, 40 minutes ago
Description : Grav CMS1.7.49.5 is vulnerable to Cross Site Scripting (XSS).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12657 - Malformed KMIP response may result in access violation
CVE ID : CVE-2025-12657
Published : Nov. 3, 2025, 9:18 p.m. | 2 hours, 41 minutes ago
Description : The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12657
Published : Nov. 3, 2025, 9:18 p.m. | 2 hours, 41 minutes ago
Description : The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63293 - FairSketch Rise Ultimate Project Manager & CRM Information Disclosure/Privilege Escalation
CVE ID : CVE-2025-63293
Published : Nov. 3, 2025, 9:19 p.m. | 2 hours, 40 minutes ago
Description : FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63293
Published : Nov. 3, 2025, 9:19 p.m. | 2 hours, 40 minutes ago
Description : FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2016-15054 - Nagios XI < 5.4.0 XSS via jQuery Migrate Library
CVE ID : CVE-2016-15054
Published : Nov. 3, 2025, 10:15 p.m. | 1 hour, 44 minutes ago
Description : Nagios XI versions prior to 5.4.0 are vulnerable to cross-site scripting (XSS) via the jQuery Migrate library. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2016-15054
Published : Nov. 3, 2025, 10:15 p.m. | 1 hour, 44 minutes ago
Description : Nagios XI versions prior to 5.4.0 are vulnerable to cross-site scripting (XSS) via the jQuery Migrate library. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47698 - Nagios XI < 5.8.7 XSS in Core UI Views URL handling
CVE ID : CVE-2021-47698
Published : Nov. 3, 2025, 10:15 p.m. | 1 hour, 44 minutes ago
Description : Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting (XSS) via the Core UI’s Views URL handling. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47698
Published : Nov. 3, 2025, 10:15 p.m. | 1 hour, 44 minutes ago
Description : Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting (XSS) via the Core UI’s Views URL handling. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...