CVE-2025-41342 - Missing Authorization vulnerability in CanalDenuncia.app
CVE ID : CVE-2025-41342
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_user' in '/backend/api/buscarUsuarioId.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41342
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_user' in '/backend/api/buscarUsuarioId.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41343 - Missing Authorization vulnerability in CanalDenuncia.app
CVE ID : CVE-2025-41343
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41343
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41344 - Missing Authorization vulnerability in CanalDenuncia.app
CVE ID : CVE-2025-41344
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_archivo' in '/backend/api/verArchivo.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41344
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_archivo' in '/backend/api/verArchivo.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41345 - Missing Authorization vulnerability in CanalDenuncia.app
CVE ID : CVE-2025-41345
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDenunciasById.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41345
Published : Nov. 4, 2025, 2:15 p.m. | 1 hour, 51 minutes ago
Description : A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDenunciasById.php'.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12184 - MeetingList <= 0.11 - Authenticated (Admin+) Stored Cross-Site Scripting
CVE ID : CVE-2025-12184
Published : Nov. 4, 2025, 3:15 p.m. | 51 minutes ago
Description : The MeetingList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12184
Published : Nov. 4, 2025, 3:15 p.m. | 51 minutes ago
Description : The MeetingList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63294 - WorkDo HRM SaaS HR and Payroll Tool Permission Bypass Vulnerability
CVE ID : CVE-2025-63294
Published : Nov. 4, 2025, 4:16 p.m. | 3 hours, 51 minutes ago
Description : WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63294
Published : Nov. 4, 2025, 4:16 p.m. | 3 hours, 51 minutes ago
Description : WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54323 - Samsung Mobile Processor Exynos Information Leakage
CVE ID : CVE-2025-54323
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, and 1580. Improper debug printing leads to information leakage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54323
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, and 1580. Improper debug printing leads to information leakage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54329 - Samsung Exynos Heap Overflow Vulnerability
CVE ID : CVE-2025-54329
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to send a multiple-payloads message (including an SMS message) lacks bounds checking, which can lead to a heap overflow.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54329
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to send a multiple-payloads message (including an SMS message) lacks bounds checking, which can lead to a heap overflow.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54330 - Samsung Exynos Out-of-bounds Read Vulnerability
CVE ID : CVE-2025-54330
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Out-of-bounds Read of q->bufs[] in the __is_done_for_me function.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54330
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Out-of-bounds Read of q->bufs[] in the __is_done_for_me function.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54331 - Samsung Exynos NPU Untrusted Pointer Dereference
CVE ID : CVE-2025-54331
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Untrusted Pointer Dereference of src_hdr in the copy_ncp_header function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54331
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Untrusted Pointer Dereference of src_hdr in the copy_ncp_header function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54332 - Samsung Exynos NPU NULL Pointer Dereference Vulnerability
CVE ID : CVE-2025-54332
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is a NULL Pointer Dereference of profiler.node in the npu_vertex_profileoff function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54332
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is a NULL Pointer Dereference of profiler.node in the npu_vertex_profileoff function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54863 - Insufficiently Protected Credentials in Radiometrics VizAir
CVE ID : CVE-2025-54863
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could potentially compromise airport operations. Additionally, attackers could flood the system with false alerts, leading to a denial-of-service condition and significant disruption to airport operations. Unauthorized remote control over aviation weather monitoring and data manipulation could result in incorrect flight planning and hazardous takeoff and landing conditions.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54863
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could potentially compromise airport operations. Additionally, attackers could flood the system with false alerts, leading to a denial-of-service condition and significant disruption to airport operations. Unauthorized remote control over aviation weather monitoring and data manipulation could result in incorrect flight planning and hazardous takeoff and landing conditions.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60925 - Codeshare Information Leaks
CVE ID : CVE-2025-60925
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : codeshare v1.0.0 was discovered to contain an information leakage vulnerability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60925
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : codeshare v1.0.0 was discovered to contain an information leakage vulnerability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61945 - Missing Authentication for Critical Function in Radiometrics VizAir
CVE ID : CVE-2025-61945
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weather forecasting and flight safety. This unauthorized access could result in the disabling of vital alerts, causing hazardous conditions for aircraft, and manipulating runway assignments, which could result in mid-air conflicts or runway incursions.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61945
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weather forecasting and flight safety. This unauthorized access could result in the disabling of vital alerts, causing hazardous conditions for aircraft, and manipulating runway assignments, which could result in mid-air conflicts or runway incursions.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61956 - Missing Authentication for Critical Function in Radiometrics VizAir
CVE ID : CVE-2025-61956
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61956
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54325 - Samsung VTS Exynos Out-of-Bounds Read Information Leak
CVE ID : CVE-2025-54325
Published : Nov. 4, 2025, 6:16 p.m. | 1 hour, 50 minutes ago
Description : An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1080, 1280, 2200, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000. A race condition in the VTS driver results in an out-of-bounds read, leading to an information leak.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54325
Published : Nov. 4, 2025, 6:16 p.m. | 1 hour, 50 minutes ago
Description : An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1080, 1280, 2200, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000. A race condition in the VTS driver results in an out-of-bounds read, leading to an information leak.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54333 - Samsung Exynos NPU Invalid Pointer Dereference Vulnerability
CVE ID : CVE-2025-54333
Published : Nov. 4, 2025, 6:16 p.m. | 1 hour, 50 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Invalid Pointer Dereference of node in the get_vs4l_profiler_node function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54333
Published : Nov. 4, 2025, 6:16 p.m. | 1 hour, 50 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Invalid Pointer Dereference of node in the get_vs4l_profiler_node function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10875 - Salesforce Mulesoft Anypoint Code Builder LLM Prompting Code Injection Vulnerability
CVE ID : CVE-2025-10875
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10875
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12108 - Missing Authentication for Critical Function Survision License Plate Recognition Camera
CVE ID : CVE-2025-12108
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12108
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52512 - Samsung Mobile Processor Exynos HTS Driver Race Condition Denial of Service
CVE ID : CVE-2025-52512
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in out-of-bounds memory access, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52512
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in out-of-bounds memory access, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52513 - Samsung Exynos Denial of Service (DoS) Vulnerability
CVE ID : CVE-2025-52513
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in an out-of-bounds write, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52513
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in an out-of-bounds write, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...