CVE-2025-47361 - Improper Validation of Array Index in Automotive Software platform based on QNX
CVE ID : CVE-2025-47361
Published : Nov. 4, 2025, 3:19 a.m. | 40 minutes ago
Description : Memory corruption when triggering a subsystem crash with an out-of-range identifier.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47361
Published : Nov. 4, 2025, 3:19 a.m. | 40 minutes ago
Description : Memory corruption when triggering a subsystem crash with an out-of-range identifier.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47362 - Buffer Over-read in Automotive Software platform based on QNX
CVE ID : CVE-2025-47362
Published : Nov. 4, 2025, 3:19 a.m. | 40 minutes ago
Description : Information disclosure while processing message from client with invalid payload.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47362
Published : Nov. 4, 2025, 3:19 a.m. | 40 minutes ago
Description : Information disclosure while processing message from client with invalid payload.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47365 - Integer Overflow or Wraparound in Automotive Platform
CVE ID : CVE-2025-47365
Published : Nov. 4, 2025, 3:19 a.m. | 40 minutes ago
Description : Memory corruption while processing large input data from a remote source via a communication interface.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47365
Published : Nov. 4, 2025, 3:19 a.m. | 40 minutes ago
Description : Memory corruption while processing large input data from a remote source via a communication interface.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47367 - Out-of-bounds Write in WinBlast Driver
CVE ID : CVE-2025-47367
Published : Nov. 4, 2025, 3:19 a.m. | 40 minutes ago
Description : Memory corruption while accessing a buffer during IOCTL processing.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47367
Published : Nov. 4, 2025, 3:19 a.m. | 40 minutes ago
Description : Memory corruption while accessing a buffer during IOCTL processing.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47368 - Buffer Over-read in DSP Service
CVE ID : CVE-2025-47368
Published : Nov. 4, 2025, 3:19 a.m. | 40 minutes ago
Description : Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47368
Published : Nov. 4, 2025, 3:19 a.m. | 40 minutes ago
Description : Memory corruption when dereferencing an invalid userspace address in a user buffer during MCDM IOCTL processing.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47370 - Reachable Assertion in BT Controller
CVE ID : CVE-2025-47370
Published : Nov. 4, 2025, 3:19 a.m. | 40 minutes ago
Description : Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47370
Published : Nov. 4, 2025, 3:19 a.m. | 40 minutes ago
Description : Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12070 - ViaAds <= 2.1.1 - Cross-Site Request Forgery to API Key Update
CVE ID : CVE-2025-12070
Published : Nov. 4, 2025, 3:26 a.m. | 33 minutes ago
Description : The ViaAds plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing nonce validation on the `ViaAds_pluginHandler` function. This makes it possible for unauthenticated attackers to modify the plugin's API key and cookie consent settings via a forged request granted they can trick an administrator into performing an action such as clicking on a link.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12070
Published : Nov. 4, 2025, 3:26 a.m. | 33 minutes ago
Description : The ViaAds plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing nonce validation on the `ViaAds_pluginHandler` function. This makes it possible for unauthenticated attackers to modify the plugin's API key and cookie consent settings via a forged request granted they can trick an administrator into performing an action such as clicking on a link.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11007 - CE21 Suite 2.2.1 - 2.3.1 - Missing Authorization to Unauthenticated Privilege Escalation via Plugin Settings Update
CVE ID : CVE-2025-11007
Published : Nov. 4, 2025, 3:26 a.m. | 33 minutes ago
Description : The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wp_ajax_nopriv_ce21_single_sign_on_save_api_settings AJAX action in versions 2.2.1 to 2.3.1. This makes it possible for unauthenticated attackers to update the plugin's API settings including a secret key used for authentication. This allows unauthenticated attackers to create new admin accounts on an affected site.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11007
Published : Nov. 4, 2025, 3:26 a.m. | 33 minutes ago
Description : The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wp_ajax_nopriv_ce21_single_sign_on_save_api_settings AJAX action in versions 2.2.1 to 2.3.1. This makes it possible for unauthenticated attackers to update the plugin's API settings including a secret key used for authentication. This allows unauthenticated attackers to create new admin accounts on an affected site.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12401 - Label Plugins <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
CVE ID : CVE-2025-12401
Published : Nov. 4, 2025, 3:26 a.m. | 33 minutes ago
Description : The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the label_plugins_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12401
Published : Nov. 4, 2025, 3:26 a.m. | 33 minutes ago
Description : The Label Plugins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on the label_plugins_options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11008 - CE21 Suite <= 2.3.1 - Unauthenticated Sensitive Information Exposure to Privilege Escalation
CVE ID : CVE-2025-11008
Published : Nov. 4, 2025, 3:26 a.m. | 33 minutes ago
Description : The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This makes it possible for unauthenticated attackers to extract sensitive data including authentication credentials, which can be used to log in as other users as long as they have used the plugin's custom authentication feature before. This may include administrators, which makes a complete site takeover possible.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11008
Published : Nov. 4, 2025, 3:26 a.m. | 33 minutes ago
Description : The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This makes it possible for unauthenticated attackers to extract sensitive data including authentication credentials, which can be used to log in as other users as long as they have used the plugin's custom authentication feature before. This may include administrators, which makes a complete site takeover possible.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12069 - WP Global Screen Options <= 0.2 - Cross-Site Request Forgery to Screen Options Update
CVE ID : CVE-2025-12069
Published : Nov. 4, 2025, 3:26 a.m. | 33 minutes ago
Description : The WP Global Screen Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing nonce validation on the `updatewpglobalscreenoptions` action handler. This makes it possible for unauthenticated attackers to modify global screen options for all users via a forged request granted they can trick an administrator into performing an action such as clicking on a link.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12069
Published : Nov. 4, 2025, 3:26 a.m. | 33 minutes ago
Description : The WP Global Screen Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing nonce validation on the `updatewpglobalscreenoptions` action handler. This makes it possible for unauthenticated attackers to modify global screen options for all users via a forged request granted they can trick an administrator into performing an action such as clicking on a link.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20725 - Huawei IMS Out-of-Bounds Write Remote Privilege Escalation
CVE ID : CVE-2025-20725
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01671924; Issue ID: MSV-4620.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20725
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01671924; Issue ID: MSV-4620.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20726 - Huawei Modem Out-of-Bounds Write Remote Privilege Escalation Vulnerability
CVE ID : CVE-2025-20726
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20726
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20727 - Huawei Modem Heap Buffer Overflow (Privilege Escalation)
CVE ID : CVE-2025-20727
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20727
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20728 - "Qualcomm Wlan STA Driver Out-of-Bounds Write Vulnerability"
CVE ID : CVE-2025-20728
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In wlan STA driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00447115; Issue ID: MSV-4276.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20728
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In wlan STA driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00447115; Issue ID: MSV-4276.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20729 - Cisco Wireless Lan AP Driver Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-20729
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00441512; Issue ID: MSV-4153.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20729
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00441512; Issue ID: MSV-4153.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20730 - Apache Logback Local Privilege Escalation
CVE ID : CVE-2025-20730
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10068463; Issue ID: MSV-4141.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20730
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10068463; Issue ID: MSV-4141.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20731 - Cisco Wireless Lan AP Driver Out-of-Bounds Write Privilege Escalation Vulnerability
CVE ID : CVE-2025-20731
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege (when OceReducedNeighborReport is disabled). User interaction is not needed for exploitation. Patch ID: WCNCR00441511; Issue ID: MSV-4140.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20731
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege (when OceReducedNeighborReport is disabled). User interaction is not needed for exploitation. Patch ID: WCNCR00441511; Issue ID: MSV-4140.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20732 - Linksys Wireless Network Controller Driver Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-20732
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege (when OceReducedNeighborReport is disabled). User interaction is not needed for exploitation. Patch ID: WCNCR00441510; Issue ID: MSV-4139.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20732
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege (when OceReducedNeighborReport is disabled). User interaction is not needed for exploitation. Patch ID: WCNCR00441510; Issue ID: MSV-4139.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20733 - Aruba WLAN AP Driver Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-20733
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00441509; Issue ID: MSV-4138.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20733
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00441509; Issue ID: MSV-4138.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20734 - "Aruba Wlan AP Driver Out-of-Bounds Write Vulnerability"
CVE ID : CVE-2025-20734
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00441507; Issue ID: MSV-4112.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20734
Published : Nov. 4, 2025, 7:15 a.m. | 46 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00441507; Issue ID: MSV-4112.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...