CVE-2025-12108 - Missing Authentication for Critical Function Survision License Plate Recognition Camera
CVE ID : CVE-2025-12108
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12108
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52512 - Samsung Mobile Processor Exynos HTS Driver Race Condition Denial of Service
CVE ID : CVE-2025-52512
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in out-of-bounds memory access, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52512
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in out-of-bounds memory access, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52513 - Samsung Exynos Denial of Service (DoS) Vulnerability
CVE ID : CVE-2025-52513
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in an out-of-bounds write, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52513
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in an out-of-bounds write, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54334 - Samsung Exynos NPU NULL Pointer Dereference
CVE ID : CVE-2025-54334
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500. There is a NULL Pointer Dereference of hdev in the __npu_vertex_bootup function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54334
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500. There is a NULL Pointer Dereference of hdev in the __npu_vertex_bootup function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64318 - Salesforce Mulesoft Anypoint Code Builder Cross-Site Scripting (XSS)
CVE ID : CVE-2025-64318
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64318
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64319 - Salesforce Mulesoft Anypoint Code Builder Permission Bypass
CVE ID : CVE-2025-64319
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64319
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64320 - Salesforce Agentforce Vibes Extension Code Injection Vulnerability
CVE ID : CVE-2025-64320
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64320
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64321 - Salesforce Agentforce Vibes Extension Input Validation Bypass
CVE ID : CVE-2025-64321
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64321
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64322 - Salesforce Agentforce Vibes Extension Permission Confusion
CVE ID : CVE-2025-64322
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64322
Published : Nov. 4, 2025, 7:17 p.m. | 50 minutes ago
Description : Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.2.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-33176 - NVIDIA RunAI Network Communication Restriction Vulnerability
CVE ID : CVE-2025-33176
Published : Nov. 4, 2025, 7:46 p.m. | 20 minutes ago
Description : NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, and information disclosure.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-33176
Published : Nov. 4, 2025, 7:46 p.m. | 20 minutes ago
Description : NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, and information disclosure.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23358 - NVIDIA NVApp Windows Path Injection Vulnerability
CVE ID : CVE-2025-23358
Published : Nov. 4, 2025, 7:47 p.m. | 20 minutes ago
Description : NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. A successful exploit of this vulnerability might lead to code execution and escalation of privileges.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23358
Published : Nov. 4, 2025, 7:47 p.m. | 20 minutes ago
Description : NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. A successful exploit of this vulnerability might lead to code execution and escalation of privileges.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32786 - GLPI Inventory Plugin is Vulnerable to Unauthenticated SQL Injection
CVE ID : CVE-2025-32786
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32786
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : The GLPI Inventory Plugin handles network discovery, inventory, software deployment, and data collection for GLPI agents. Versions 1.5.0 and below are vulnerable to SQL Injection. This issue is fixed in version 1.5.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47776 - MantisBT: Authentication bypass for some passwords due to PHP type juggling
CVE ID : CVE-2025-47776
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : Mantis Bug Tracker (MantisBT) is an open source issue tracker. Due to incorrect use of loose (==) instead of strict (===) comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instances using the MD5 login method allow an attacker who knows the victim's username and has access to an account with a password hash that evaluates to zero to log in without knowing the victim's actual password, by using any other password with a hash that also evaluates to zero This issue is fixed in version 2.27.2.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47776
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : Mantis Bug Tracker (MantisBT) is an open source issue tracker. Due to incorrect use of loose (==) instead of strict (===) comparison in the authentication code in versions 2.27.1 and below.PHP type juggling will cause certain MD5 hashes matching scientific notation to be interpreted as numbers. Instances using the MD5 login method allow an attacker who knows the victim's username and has access to an account with a password hash that evaluates to zero to log in without knowing the victim's actual password, by using any other password with a hash that also evaluates to zero This issue is fixed in version 2.27.2.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48076 - Galette is vulnerable to Cross-site Scripting
CVE ID : CVE-2025-48076
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48076
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : Galette is a membership management web application for non profit organizations. Versions 1.1.5.2 and below allow a user to edit a group name and insert an XSS payload. This issue is fixed in version 1.2.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48884 - Galette is vulnerable to XSS through Document Type
CVE ID : CVE-2025-48884
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette's Document Type is vulnerable to Cross-site Scripting. This issue is fixed in version 1.2.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48884
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : Galette is a membership management web application for non profit organizations. In versions 1.1.5.2 and below, Galette's Document Type is vulnerable to Cross-site Scripting. This issue is fixed in version 1.2.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52910 - Samsung Mobile Processor and Wearable Processor Exynos GPU Use-After-Free Privilege Escalation
CVE ID : CVE-2025-52910
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : An issue was discovered in the GPU in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1330, 1380, 1480, 2400. A Use-After-Free leads to privilege escalation.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52910
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : An issue was discovered in the GPU in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1330, 1380, 1480, 2400. A Use-After-Free leads to privilege escalation.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54335 - Samsung Mobile Processor Exynos GPU Driver Use-After-Free Vulnerability
CVE ID : CVE-2025-54335
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : An issue was discovered in the GPU driver in Samsung Mobile Processor Exynos 1480, 2400, 1580, 2500. There is a use-after-free in the Xclipse GPU Driver.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54335
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : An issue was discovered in the GPU driver in Samsung Mobile Processor Exynos 1480, 2400, 1580, 2500. There is a use-after-free in the Xclipse GPU Driver.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55155 - MantisBT: Authentication bypass for some passwords due to PHP type juggling
CVE ID : CVE-2025-55155
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email address, preventing the user from receiving system notifications. Notifications sent to another person's email address could lead to information disclosure. This issue is fixed in version 2.27.2.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55155
Published : Nov. 4, 2025, 9:15 p.m. | 2 hours, 53 minutes ago
Description : Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email address, preventing the user from receiving system notifications. Notifications sent to another person's email address could lead to information disclosure. This issue is fixed in version 2.27.2.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54496 - Fuji Electric Monitouch V-SFT-6 Heap-based Buffer Overflow
CVE ID : CVE-2025-54496
Published : Nov. 4, 2025, 10:16 p.m. | 1 hour, 53 minutes ago
Description : A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54496
Published : Nov. 4, 2025, 10:16 p.m. | 1 hour, 53 minutes ago
Description : A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54526 - Fuji Electric Monitouch V-SFT-6 Stack-based Buffer Overflow
CVE ID : CVE-2025-54526
Published : Nov. 4, 2025, 10:16 p.m. | 1 hour, 53 minutes ago
Description : Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54526
Published : Nov. 4, 2025, 10:16 p.m. | 1 hour, 53 minutes ago
Description : Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-56230 - Tencent Docs Desktop SSL Certificate Validation Bypass
CVE ID : CVE-2025-56230
Published : Nov. 4, 2025, 10:16 p.m. | 1 hour, 53 minutes ago
Description : Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-56230
Published : Nov. 4, 2025, 10:16 p.m. | 1 hour, 53 minutes ago
Description : Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...