CVE-2025-61945 - Missing Authentication for Critical Function in Radiometrics VizAir
CVE ID : CVE-2025-61945
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weather forecasting and flight safety. This unauthorized access could result in the disabling of vital alerts, causing hazardous conditions for aircraft, and manipulating runway assignments, which could result in mid-air conflicts or runway incursions.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61945
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weather forecasting and flight safety. This unauthorized access could result in the disabling of vital alerts, causing hazardous conditions for aircraft, and manipulating runway assignments, which could result in mid-air conflicts or runway incursions.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61956 - Missing Authentication for Critical Function in Radiometrics VizAir
CVE ID : CVE-2025-61956
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61956
Published : Nov. 4, 2025, 5:16 p.m. | 2 hours, 51 minutes ago
Description : Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54325 - Samsung VTS Exynos Out-of-Bounds Read Information Leak
CVE ID : CVE-2025-54325
Published : Nov. 4, 2025, 6:16 p.m. | 1 hour, 50 minutes ago
Description : An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1080, 1280, 2200, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000. A race condition in the VTS driver results in an out-of-bounds read, leading to an information leak.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54325
Published : Nov. 4, 2025, 6:16 p.m. | 1 hour, 50 minutes ago
Description : An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1080, 1280, 2200, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000. A race condition in the VTS driver results in an out-of-bounds read, leading to an information leak.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54333 - Samsung Exynos NPU Invalid Pointer Dereference Vulnerability
CVE ID : CVE-2025-54333
Published : Nov. 4, 2025, 6:16 p.m. | 1 hour, 50 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Invalid Pointer Dereference of node in the get_vs4l_profiler_node function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54333
Published : Nov. 4, 2025, 6:16 p.m. | 1 hour, 50 minutes ago
Description : An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Invalid Pointer Dereference of node in the get_vs4l_profiler_node function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10875 - Salesforce Mulesoft Anypoint Code Builder LLM Prompting Code Injection Vulnerability
CVE ID : CVE-2025-10875
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10875
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Code Injection.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12108 - Missing Authentication for Critical Function Survision License Plate Recognition Camera
CVE ID : CVE-2025-12108
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12108
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52512 - Samsung Mobile Processor Exynos HTS Driver Race Condition Denial of Service
CVE ID : CVE-2025-52512
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in out-of-bounds memory access, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52512
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in out-of-bounds memory access, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52513 - Samsung Exynos Denial of Service (DoS) Vulnerability
CVE ID : CVE-2025-52513
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in an out-of-bounds write, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52513
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in an out-of-bounds write, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54334 - Samsung Exynos NPU NULL Pointer Dereference
CVE ID : CVE-2025-54334
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500. There is a NULL Pointer Dereference of hdev in the __npu_vertex_bootup function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54334
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500. There is a NULL Pointer Dereference of hdev in the __npu_vertex_bootup function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64318 - Salesforce Mulesoft Anypoint Code Builder Cross-Site Scripting (XSS)
CVE ID : CVE-2025-64318
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64318
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64319 - Salesforce Mulesoft Anypoint Code Builder Permission Bypass
CVE ID : CVE-2025-64319
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64319
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64320 - Salesforce Agentforce Vibes Extension Code Injection Vulnerability
CVE ID : CVE-2025-64320
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64320
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64321 - Salesforce Agentforce Vibes Extension Input Validation Bypass
CVE ID : CVE-2025-64321
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64321
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64322 - Salesforce Agentforce Vibes Extension Permission Confusion
CVE ID : CVE-2025-64322
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64322
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-33176 - NVIDIA RunAI Network Communication Restriction Vulnerability
CVE ID : CVE-2025-33176
Published : Nov. 4, 2025, 7:46 p.m. | 20 minutes ago
Description : NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, and information disclosure.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-33176
Published : Nov. 4, 2025, 7:46 p.m. | 20 minutes ago
Description : NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, and information disclosure.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23358 - NVIDIA NVApp Windows Path Injection Vulnerability
CVE ID : CVE-2025-23358
Published : Nov. 4, 2025, 7:47 p.m. | 20 minutes ago
Description : NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. A successful exploit of this vulnerability might lead to code execution and escalation of privileges.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23358
Published : Nov. 4, 2025, 7:47 p.m. | 20 minutes ago
Description : NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. A successful exploit of this vulnerability might lead to code execution and escalation of privileges.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32786 - GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection
CVE ID : CVE-2025-32786
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32786
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47776 - MantisBT: Authentication bypass for some passwords due to PHP type juggling
CVE ID : CVE-2025-47776
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : Mantis Bug Tracker (MantisBT) is an open source issue tracker. Due to incorrect use of loose (==) instead of strict (===) comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instances using the MD5 login method allow an attacker who knows the victim's username and has access to an account with a password hash that evaluates to zero to log in without knowing the victim's actual password, by using any other password with a hash that also evaluates to zero This issue is fixed in version 2.27.2.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47776
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : Mantis Bug Tracker (MantisBT) is an open source issue tracker. Due to incorrect use of loose (==) instead of strict (===) comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instances using the MD5 login method allow an attacker who knows the victim's username and has access to an account with a password hash that evaluates to zero to log in without knowing the victim's actual password, by using any other password with a hash that also evaluates to zero This issue is fixed in version 2.27.2.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48076 - Galette is vulnerable to Cross-site Scripting
CVE ID : CVE-2025-48076
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48076
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48884 - Galette is vulnerable to XSS through Document Type
CVE ID : CVE-2025-48884
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette's Document Type is vulnerable to Cross-site Scripting. This issue is fixed in version 1.2.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48884
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette's Document Type is vulnerable to Cross-site Scripting. This issue is fixed in version 1.2.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52910 - Samsung Mobile Processor and Wearable Processor Exynos GPU Use-After-Free Privilege Escalation
CVE ID : CVE-2025-52910
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : An issue was discovered in the GPU in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1330, 1380, 1480, 2400. A Use-After-Free leads to privilege escalation.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52910
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : An issue was discovered in the GPU in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1330, 1380, 1480, 2400. A Use-After-Free leads to privilege escalation.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...