CVE-2025-54331 - Samsung Exynos NPU Untrusted Pointer Dereference
CVE ID : CVE-2025-54331
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Untrusted Pointer Dereference of src_hdr in the copy_ncp_header function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54331
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Untrusted Pointer Dereference of src_hdr in the copy_ncp_header function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54332 - Samsung Exynos NPU NULL Pointer Dereference Vulnerability
CVE ID : CVE-2025-54332
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is a NULL Pointer Dereference of profiler.node in the npu_vertex_profileoff function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54332
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is a NULL Pointer Dereference of profiler.node in the npu_vertex_profileoff function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54863 - Insufficiently Protected Credentials in Radiometrics VizAir
CVE ID : CVE-2025-54863
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could potentially compromise airport operations. Additionally, attackers could flood the system with false alerts, leading to a denial-of-service condition and significant disruption to airport operations. Unauthorized remote control over aviation weather monitoring and data manipulation could result in incorrect flight planning and hazardous takeoff and landing conditions.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54863
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could potentially compromise airport operations. Additionally, attackers could flood the system with false alerts, leading to a denial-of-service condition and significant disruption to airport operations. Unauthorized remote control over aviation weather monitoring and data manipulation could result in incorrect flight planning and hazardous takeoff and landing conditions.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60925 - Codeshare Information Leaks
CVE ID : CVE-2025-60925
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : codeshare v1.0.0 was discovered to contain an information leakage vulnerability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60925
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : codeshare v1.0.0 was discovered to contain an information leakage vulnerability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61945 - Missing Authentication for Critical Function in Radiometrics VizAir
CVE ID : CVE-2025-61945
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weather forecasting and flight safety. This unauthorized access could result in the disabling of vital alerts, causing hazardous conditions for aircraft, and manipulating runway assignments, which could result in mid-air conflicts or runway incursions.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61945
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weather forecasting and flight safety. This unauthorized access could result in the disabling of vital alerts, causing hazardous conditions for aircraft, and manipulating runway assignments, which could result in mid-air conflicts or runway incursions.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61956 - Missing Authentication for Critical Function in Radiometrics VizAir
CVE ID : CVE-2025-61956
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61956
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54325 - Samsung VTS Exynos Out-of-Bounds Read Information Leak
CVE ID : CVE-2025-54325
Published : Nov. 4, 2025, 6:16 p.m. | 1 hour, 50 minutes ago
Description : An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1080, 1280, 2200, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000. A race condition in the VTS driver results in an out-of-bounds read, leading to an information leak.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54325
Published : Nov. 4, 2025, 6:16 p.m. | 1 hour, 50 minutes ago
Description : An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1080, 1280, 2200, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000. A race condition in the VTS driver results in an out-of-bounds read, leading to an information leak.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54333 - Samsung Exynos NPU Invalid Pointer Dereference Vulnerability
CVE ID : CVE-2025-54333
Published : Nov. 4, 2025, 6:16 p.m. | 1 hour, 50 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Invalid Pointer Dereference of node in the get_vs4l_profiler_node function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54333
Published : Nov. 4, 2025, 6:16 p.m. | 1 hour, 50 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Invalid Pointer Dereference of node in the get_vs4l_profiler_node function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10875 - Salesforce Mulesoft Anypoint Code Builder LLM Prompting Code Injection Vulnerability
CVE ID : CVE-2025-10875
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10875
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12108 - Missing Authentication for Critical Function Survision License Plate Recognition Camera
CVE ID : CVE-2025-12108
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12108
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52512 - Samsung Mobile Processor Exynos HTS Driver Race Condition Denial of Service
CVE ID : CVE-2025-52512
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in out-of-bounds memory access, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52512
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in out-of-bounds memory access, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52513 - Samsung Exynos Denial of Service (DoS) Vulnerability
CVE ID : CVE-2025-52513
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in an out-of-bounds write, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52513
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in an out-of-bounds write, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54334 - Samsung Exynos NPU NULL Pointer Dereference
CVE ID : CVE-2025-54334
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500. There is a NULL Pointer Dereference of hdev in the __npu_vertex_bootup function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54334
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500. There is a NULL Pointer Dereference of hdev in the __npu_vertex_bootup function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64318 - Salesforce Mulesoft Anypoint Code Builder Cross-Site Scripting (XSS)
CVE ID : CVE-2025-64318
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64318
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64319 - Salesforce Mulesoft Anypoint Code Builder Permission Bypass
CVE ID : CVE-2025-64319
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64319
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64320 - Salesforce Agentforce Vibes Extension Code Injection Vulnerability
CVE ID : CVE-2025-64320
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64320
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64321 - Salesforce Agentforce Vibes Extension Input Validation Bypass
CVE ID : CVE-2025-64321
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64321
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64322 - Salesforce Agentforce Vibes Extension Permission Confusion
CVE ID : CVE-2025-64322
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64322
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-33176 - NVIDIA RunAI Network Communication Restriction Vulnerability
CVE ID : CVE-2025-33176
Published : Nov. 4, 2025, 7:46 p.m. | 20 minutes ago
Description : NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, and information disclosure.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-33176
Published : Nov. 4, 2025, 7:46 p.m. | 20 minutes ago
Description : NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, and information disclosure.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23358 - NVIDIA NVApp Windows Path Injection Vulnerability
CVE ID : CVE-2025-23358
Published : Nov. 4, 2025, 7:47 p.m. | 20 minutes ago
Description : NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. A successful exploit of this vulnerability might lead to code execution and escalation of privileges.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23358
Published : Nov. 4, 2025, 7:47 p.m. | 20 minutes ago
Description : NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. A successful exploit of this vulnerability might lead to code execution and escalation of privileges.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32786 - GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection
CVE ID : CVE-2025-32786
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32786
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...