CVE-2025-11085 - FactoryTalk® DataMosaix™ Private Cloud – Persistent XSS
CVE ID : CVE-2025-11085
Published : Nov. 11, 2025, 2:15 p.m. | 35 minutes ago
Description : A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. This vulnerability can result in the execution of malicious JavaScript, allowing for account takeover, credential theft, or redirection to a malicious website.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11085
Published : Nov. 11, 2025, 2:15 p.m. | 35 minutes ago
Description : A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. This vulnerability can result in the execution of malicious JavaScript, allowing for account takeover, credential theft, or redirection to a malicious website.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11696 - Studio 5000 ® Simulation Interface SSRF
CVE ID : CVE-2025-11696
Published : Nov. 11, 2025, 2:15 p.m. | 35 minutes ago
Description : A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes.
Severity: 8.9 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11696
Published : Nov. 11, 2025, 2:15 p.m. | 35 minutes ago
Description : A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger outbound SMB requests, enabling the capture of NTLM hashes.
Severity: 8.9 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11697 - Studio 5000 ® Simulation Interface Local Code Execution
CVE ID : CVE-2025-11697
Published : Nov. 11, 2025, 2:15 p.m. | 35 minutes ago
Description : A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot.
Severity: 8.9 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11697
Published : Nov. 11, 2025, 2:15 p.m. | 35 minutes ago
Description : A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot.
Severity: 8.9 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11862 - Verve Asset Manager Access Control Vulnerability
CVE ID : CVE-2025-11862
Published : Nov. 11, 2025, 2:15 p.m. | 35 minutes ago
Description : A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11862
Published : Nov. 11, 2025, 2:15 p.m. | 35 minutes ago
Description : A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12101 - Cross-Site Scripting (XSS)
CVE ID : CVE-2025-12101
Published : Nov. 11, 2025, 2:15 p.m. | 35 minutes ago
Description : Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12101
Published : Nov. 11, 2025, 2:15 p.m. | 35 minutes ago
Description : Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9223 - Command Injection
CVE ID : CVE-2025-9223
Published : Nov. 11, 2025, 2:15 p.m. | 35 minutes ago
Description : Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9223
Published : Nov. 11, 2025, 2:15 p.m. | 35 minutes ago
Description : Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9227 - Stored XSS
CVE ID : CVE-2025-9227
Published : Nov. 11, 2025, 2:15 p.m. | 35 minutes ago
Description : Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9227
Published : Nov. 11, 2025, 2:15 p.m. | 35 minutes ago
Description : Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62199 - Microsoft Office Remote Code Execution Vulnerability
CVE ID : CVE-2025-62199
Published : Nov. 11, 2025, 6:15 p.m. | 37 minutes ago
Description : Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62199
Published : Nov. 11, 2025, 6:15 p.m. | 37 minutes ago
Description : Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62200 - Microsoft Excel Remote Code Execution Vulnerability
CVE ID : CVE-2025-62200
Published : Nov. 11, 2025, 6:15 p.m. | 37 minutes ago
Description : Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62200
Published : Nov. 11, 2025, 6:15 p.m. | 37 minutes ago
Description : Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62201 - Microsoft Excel Remote Code Execution Vulnerability
CVE ID : CVE-2025-62201
Published : Nov. 11, 2025, 6:15 p.m. | 37 minutes ago
Description : Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62201
Published : Nov. 11, 2025, 6:15 p.m. | 37 minutes ago
Description : Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62202 - Microsoft Excel Information Disclosure Vulnerability
CVE ID : CVE-2025-62202
Published : Nov. 11, 2025, 6:15 p.m. | 37 minutes ago
Description : Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62202
Published : Nov. 11, 2025, 6:15 p.m. | 37 minutes ago
Description : Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62203 - Microsoft Excel Remote Code Execution Vulnerability
CVE ID : CVE-2025-62203
Published : Nov. 11, 2025, 6:15 p.m. | 37 minutes ago
Description : Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62203
Published : Nov. 11, 2025, 6:15 p.m. | 37 minutes ago
Description : Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62204 - Microsoft SharePoint Remote Code Execution Vulnerability
CVE ID : CVE-2025-62204
Published : Nov. 11, 2025, 6:15 p.m. | 37 minutes ago
Description : Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62204
Published : Nov. 11, 2025, 6:15 p.m. | 37 minutes ago
Description : Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62205 - Microsoft Office Remote Code Execution Vulnerability
CVE ID : CVE-2025-62205
Published : Nov. 11, 2025, 6:15 p.m. | 37 minutes ago
Description : Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62205
Published : Nov. 11, 2025, 6:15 p.m. | 37 minutes ago
Description : Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62206 - Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVE ID : CVE-2025-62206
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62206
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62208 - Windows License Manager Information Disclosure Vulnerability
CVE ID : CVE-2025-62208
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62208
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62209 - Windows License Manager Information Disclosure Vulnerability
CVE ID : CVE-2025-62209
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62209
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62210 - Dynamics 365 Field Service (online) Spoofing Vulnerability
CVE ID : CVE-2025-62210
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62210
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62211 - Dynamics 365 Field Service (online) Spoofing Vulnerability
CVE ID : CVE-2025-62211
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62211
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62213 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE ID : CVE-2025-62213
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62213
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62214 - Visual Studio Remote Code Execution Vulnerability
CVE ID : CVE-2025-62214
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62214
Published : Nov. 11, 2025, 6:15 p.m. | 36 minutes ago
Description : Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...