CVE-2025-11918 - Rockwell Automation Arena® Simulation Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-11918
Published : Nov. 14, 2025, 2:15 p.m. | 48 minutes ago
Description : Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability requires opening a malicious DOE file.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11918
Published : Nov. 14, 2025, 2:15 p.m. | 48 minutes ago
Description : Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability requires opening a malicious DOE file.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12149 - Unauthorized access to documents protected by Document-Level Security (DLS), when Signal's watches include a search query involving protected documents
CVE ID : CVE-2025-12149
Published : Nov. 14, 2025, 2:15 p.m. | 48 minutes ago
Description : In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security (DLS) is correctly enforced elsewhere, when the search is trigged from a Signal's watch, the DLS rule is not enforced, allowing access to all documents in the queried indices.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12149
Published : Nov. 14, 2025, 2:15 p.m. | 48 minutes ago
Description : In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security (DLS) is correctly enforced elsewhere, when the search is trigged from a Signal's watch, the DLS rule is not enforced, allowing access to all documents in the queried indices.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9982 - Hard-coded admin credentials in Quick.CMS
CVE ID : CVE-2025-9982
Published : Nov. 14, 2025, 2:15 p.m. | 48 minutes ago
Description : A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege escalation. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9982
Published : Nov. 14, 2025, 2:15 p.m. | 48 minutes ago
Description : A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially leading to privilege escalation. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13170 - code-projects Simple Online Hotel Reservation System edit_account.php sql injection
CVE ID : CVE-2025-13170
Published : Nov. 14, 2025, 4:15 p.m. | 2 hours, 50 minutes ago
Description : A vulnerability was detected in code-projects Simple Online Hotel Reservation System 1.0. This issue affects some unknown processing of the file /admin/edit_account.php. Performing manipulation of the argument admin_id results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13170
Published : Nov. 14, 2025, 4:15 p.m. | 2 hours, 50 minutes ago
Description : A vulnerability was detected in code-projects Simple Online Hotel Reservation System 1.0. This issue affects some unknown processing of the file /admin/edit_account.php. Performing manipulation of the argument admin_id results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64446 - Fortinet FortiWeb Path Traversal Vulnerability
CVE ID : CVE-2025-64446
Published : Nov. 14, 2025, 4:15 p.m. | 2 hours, 50 minutes ago
Description : A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64446
Published : Nov. 14, 2025, 4:15 p.m. | 2 hours, 50 minutes ago
Description : A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8870 - On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.
CVE ID : CVE-2025-8870
Published : Nov. 14, 2025, 4:15 p.m. | 2 hours, 50 minutes ago
Description : On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8870
Published : Nov. 14, 2025, 4:15 p.m. | 2 hours, 50 minutes ago
Description : On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12897 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2025-12897
Published : Nov. 14, 2025, 5:15 p.m. | 1 hour, 50 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12897
Published : Nov. 14, 2025, 5:15 p.m. | 1 hour, 50 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13204 - CVE-2025-13204
CVE ID : CVE-2025-13204
Published : Nov. 14, 2025, 5:16 p.m. | 1 hour, 50 minutes ago
Description : npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13204
Published : Nov. 14, 2025, 5:16 p.m. | 1 hour, 50 minutes ago
Description : npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13171 - ZZCMS wangkan_list.php sql injection
CVE ID : CVE-2025-13171
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A vulnerability was identified in ZZCMS 2023. This impacts an unknown function of the file /admin/wangkan_list.php. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13171
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A vulnerability was identified in ZZCMS 2023. This impacts an unknown function of the file /admin/wangkan_list.php. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13172 - CodeAstro Gym Management System view-member-report.php sql injection
CVE ID : CVE-2025-13172
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/view-member-report.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13172
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/view-member-report.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4616 - Prisma Browser: Insufficient Validation of Untrusted Input Vulnerability in Prisma Browser
CVE ID : CVE-2025-4616
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to revert the browser’s security controls.
Severity: 1.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4616
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An insufficient validation of an untrusted input vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to revert the browser’s security controls.
Severity: 1.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4617 - Prisma Browser: Insufficient Policy Enforcement Vulnerability in Prisma Browser
CVE ID : CVE-2025-4617
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser. Browser self-protection should be enabled to mitigate this issue.
Severity: 1.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4617
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser. Browser self-protection should be enabled to mitigate this issue.
Severity: 1.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4618 - Prisma Browser: Sensitive Information Disclosure Vulnerability in Prisma Browser
CVE ID : CVE-2025-4618
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4618
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54339 - Desktop Alert PingAlert Remote Access Control Bypass
CVE ID : CVE-2025-54339
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54339
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54340 - Desktop Alert PingAlert Weak Cryptography Vulnerability
CVE ID : CVE-2025-54340
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is a Broken or Risky Cryptographic Algorithm.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54340
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is a Broken or Risky Cryptographic Algorithm.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54342 - Desktop Alert PingAlert Exposes Sensitive Information Through Incompatible Policies
CVE ID : CVE-2025-54342
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is Exposure of Sensitive Information because of Incompatible Policies.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54342
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is Exposure of Sensitive Information because of Incompatible Policies.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54343 - Desktop Alert PingAlert Remote Escalation of Privileges Access Control Vulnerability
CVE ID : CVE-2025-54343
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54343
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54345 - Desktop Alert PingAlert Information Exposure Vulnerability
CVE ID : CVE-2025-54345
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. Sensitive Information is exposed to an Unauthorized Actor.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54345
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. Sensitive Information is exposed to an Unauthorized Actor.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54346 - "Desktop Alert PingAlert Reflected Cross Site Scripting (XSS)"
CVE ID : CVE-2025-54346
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54346
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54348 - Desktop Alert PingAlert Stored XSS
CVE ID : CVE-2025-54348
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A Stored Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54348
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A Stored Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54559 - Desktop Alert PingAlert Remote Path Traversal
CVE ID : CVE-2025-54559
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54559
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...