CVE-2025-41113 - Missing Authorization vulnerability in CanalDenuncia.app
CVE ID : CVE-2025-41113
Published : Nov. 4, 2025, 1:15 p.m. | 2 hours, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in '/backend/api/buscarDenunciaByPin.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41113
Published : Nov. 4, 2025, 1:15 p.m. | 2 hours, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in '/backend/api/buscarDenunciaByPin.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41114 - Missing Authorization vulnerability in CanalDenuncia.app
CVE ID : CVE-2025-41114
Published : Nov. 4, 2025, 1:15 p.m. | 2 hours, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDocumentosByIdDenunciaUsuario.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41114
Published : Nov. 4, 2025, 1:15 p.m. | 2 hours, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDocumentosByIdDenunciaUsuario.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12682 - Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload
CVE ID : CVE-2025-12682
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload arbitrary JavaScript files on the affected site's server which may make remote code execution possible.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12682
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload arbitrary JavaScript files on the affected site's server which may make remote code execution possible.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12695 - Insecure configuration in DSPy lead to arbitrary file read when running untrusted code inside the sandbox
CVE ID : CVE-2025-12695
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12695
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41335 - Missing Authorization vulnerability in CanalDenuncia.app
CVE ID : CVE-2025-41335
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id' and ' 'id_sociedad' in '/api/buscarEmpresaById.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41335
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id' and ' 'id_sociedad' in '/api/buscarEmpresaById.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41336 - Missing Authorization vulnerability in CanalDenuncia.app
CVE ID : CVE-2025-41336
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41336
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41337 - Missing Authorization vulnerability in CanalDenuncia.app
CVE ID : CVE-2025-41337
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41337
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41338 - Missing Authorization vulnerability in CanalDenuncia.app
CVE ID : CVE-2025-41338
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarTestigoByIdDenunciaUsuario.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41338
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarTestigoByIdDenunciaUsuario.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41339 - Missing Authorization vulnerability in CanalDenuncia.app
CVE ID : CVE-2025-41339
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_sociedad' in '/backend/api/buscarTipoDenuncia.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41339
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_sociedad' in '/backend/api/buscarTipoDenuncia.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41340 - Missing Authorization vulnerability in CanalDenuncia.app
CVE ID : CVE-2025-41340
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_tp_denuncia' and 'id_sociedad' in '/backend/api/buscarTipoDenunciabyId.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41340
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_tp_denuncia' and 'id_sociedad' in '/backend/api/buscarTipoDenunciabyId.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41341 - Missing Authorization vulnerability in CanalDenuncia.app
CVE ID : CVE-2025-41341
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'seguro' in '/backend/api/buscarUsuarioByDenuncia.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41341
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'seguro' in '/backend/api/buscarUsuarioByDenuncia.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41342 - Missing Authorization vulnerability in CanalDenuncia.app
CVE ID : CVE-2025-41342
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_user' in '/backend/api/buscarUsuarioId.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41342
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_user' in '/backend/api/buscarUsuarioId.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41343 - Missing Authorization vulnerability in CanalDenuncia.app
CVE ID : CVE-2025-41343
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41343
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41344 - Missing Authorization vulnerability in CanalDenuncia.app
CVE ID : CVE-2025-41344
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_archivo' in '/backend/api/verArchivo.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41344
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_archivo' in '/backend/api/verArchivo.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41345 - Missing Authorization vulnerability in CanalDenuncia.app
CVE ID : CVE-2025-41345
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDenunciasById.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41345
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDenunciasById.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12184 - MeetingList <= 0.11 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE ID : CVE-2025-12184
Published : Nov. 4, 2025, 3:15 p.m. | 51 minutes ago
Description : The MeetingList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12184
Published : Nov. 4, 2025, 3:15 p.m. | 51 minutes ago
Description : The MeetingList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63294 - WorkDo HRM SaaS HR and Payroll Tool Permission Bypass Vulnerability
CVE ID : CVE-2025-63294
Published : Nov. 4, 2025, 4:16 p.m. | 3 hours, 51 minutes ago
Description : WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63294
Published : Nov. 4, 2025, 4:16 p.m. | 3 hours, 51 minutes ago
Description : WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54323 - Samsung Mobile Processor Exynos Information Leakage
CVE ID : CVE-2025-54323
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, and 1580. Improper debug printing leads to information leakage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54323
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, and 1580. Improper debug printing leads to information leakage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54329 - Samsung Exynos Heap Overflow Vulnerability
CVE ID : CVE-2025-54329
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to send a multiple-payloads message (including an SMS message) lacks bounds checking, which can lead to a heap overflow.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54329
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to send a multiple-payloads message (including an SMS message) lacks bounds checking, which can lead to a heap overflow.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54330 - Samsung Exynos Out-of-bounds Read Vulnerability
CVE ID : CVE-2025-54330
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Out-of-bounds Read of q->bufs[] in the __is_done_for_me function.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54330
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Out-of-bounds Read of q->bufs[] in the __is_done_for_me function.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54331 - Samsung Exynos NPU Untrusted Pointer Dereference
CVE ID : CVE-2025-54331
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Untrusted Pointer Dereference of src_hdr in the copy_ncp_header function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54331
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Untrusted Pointer Dereference of src_hdr in the copy_ncp_header function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...