CVE-2025-4617 - Prisma Browser: Insufficient Policy Enforcement Vulnerability in Prisma Browser
CVE ID : CVE-2025-4617
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser. Browser self-protection should be enabled to mitigate this issue.
Severity: 1.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4617
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser. Browser self-protection should be enabled to mitigate this issue.
Severity: 1.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4618 - Prisma Browser: Sensitive Information Disclosure Vulnerability in Prisma Browser
CVE ID : CVE-2025-4618
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4618
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54339 - Desktop Alert PingAlert Remote Access Control Bypass
CVE ID : CVE-2025-54339
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54339
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54340 - Desktop Alert PingAlert Weak Cryptography Vulnerability
CVE ID : CVE-2025-54340
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is a Broken or Risky Cryptographic Algorithm.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54340
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is a Broken or Risky Cryptographic Algorithm.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54342 - Desktop Alert PingAlert Exposes Sensitive Information Through Incompatible Policies
CVE ID : CVE-2025-54342
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is Exposure of Sensitive Information because of Incompatible Policies.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54342
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is Exposure of Sensitive Information because of Incompatible Policies.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54343 - Desktop Alert PingAlert Remote Escalation of Privileges Access Control Vulnerability
CVE ID : CVE-2025-54343
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54343
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54345 - Desktop Alert PingAlert Information Exposure Vulnerability
CVE ID : CVE-2025-54345
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. Sensitive Information is exposed to an Unauthorized Actor.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54345
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. Sensitive Information is exposed to an Unauthorized Actor.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54346 - "Desktop Alert PingAlert Reflected Cross Site Scripting (XSS)"
CVE ID : CVE-2025-54346
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54346
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54348 - Desktop Alert PingAlert Stored XSS
CVE ID : CVE-2025-54348
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A Stored Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54348
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A Stored Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54559 - Desktop Alert PingAlert Remote Path Traversal
CVE ID : CVE-2025-54559
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54559
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54560 - Desktop Alert PingAlert SSRF
CVE ID : CVE-2025-54560
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54560
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54561 - Desktop Alert PingAlert Incorrect Access Control Vulnerability
CVE ID : CVE-2025-54561
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote access to content despite lack of the correct permission through a Broken Authorization Schema.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54561
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote access to content despite lack of the correct permission through a Broken Authorization Schema.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54562 - Desktop Alert PingAlert Information Disclosure
CVE ID : CVE-2025-54562
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Technical Information to be Disclosed through stack trace.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54562
Published : Nov. 14, 2025, 6:15 p.m. | 51 minutes ago
Description : A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Technical Information to be Disclosed through stack trace.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63724 - SVX Portal SQL Injection Vulnerability
CVE ID : CVE-2025-63724
Published : Nov. 14, 2025, 6:15 p.m. | 50 minutes ago
Description : SQL injection (SQL-i) vulnerability in SVX Portal 2.7A via crafted POST request to admin/update_setings.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63724
Published : Nov. 14, 2025, 6:15 p.m. | 50 minutes ago
Description : SQL injection (SQL-i) vulnerability in SVX Portal 2.7A via crafted POST request to admin/update_setings.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63725 - SVX Portal Reflected Cross-Site Scripting (XSS)
CVE ID : CVE-2025-63725
Published : Nov. 14, 2025, 6:15 p.m. | 50 minutes ago
Description : Reflected Cross-Site Scripting (XSS) vulnerability in SVX Portal 2.7A via the id parameter to Recivers.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63725
Published : Nov. 14, 2025, 6:15 p.m. | 50 minutes ago
Description : Reflected Cross-Site Scripting (XSS) vulnerability in SVX Portal 2.7A via the id parameter to Recivers.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63830 - CKFinder SVG XSS
CVE ID : CVE-2025-63830
Published : Nov. 14, 2025, 6:15 p.m. | 50 minutes ago
Description : CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63830
Published : Nov. 14, 2025, 6:15 p.m. | 50 minutes ago
Description : CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13174 - rachelos WeRSS we-mp-rss Webhook mps.py do_job server-side request forgery
CVE ID : CVE-2025-13174
Published : Nov. 14, 2025, 6:32 p.m. | 34 minutes ago
Description : A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function do_job of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument web_hook_url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13174
Published : Nov. 14, 2025, 6:32 p.m. | 34 minutes ago
Description : A weakness has been identified in rachelos WeRSS we-mp-rss up to 1.4.7. Affected by this vulnerability is the function do_job of the file /rachelos/we-mp-rss/blob/main/jobs/mps.py of the component Webhook Module. Executing manipulation of the argument web_hook_url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12187 - Apache HTTP Server Remote Code Execution Vulnerability
CVE ID : CVE-2025-12187
Published : 2025年11月14日19:15 | 3時間, 53分 ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12187
Published : 2025年11月14日19:15 | 3時間, 53分 ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13177 - Bdtask/CodeCanyon SalesERP cross-site request forgery
CVE ID : CVE-2025-13177
Published : 2025年11月14日19:15 | 3時間, 53分 ago
Description : A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13177
Published : 2025年11月14日19:15 | 3時間, 53分 ago
Description : A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13178 - Bdtask/CodeCanyon SalesERP User Profile edit_profile cross site scripting
CVE ID : CVE-2025-13178
Published : 2025年11月14日19:15 | 3時間, 53分 ago
Description : A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile Handler. This manipulation of the argument first_name/last_name causes basic cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13178
Published : 2025年11月14日19:15 | 3時間, 53分 ago
Description : A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile Handler. This manipulation of the argument first_name/last_name causes basic cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63291 - Alteryx MongoDB Object ID Authorization Bypass
CVE ID : CVE-2025-63291
Published : 2025年11月14日19:16 | 3時間, 53分 ago
Description : When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object ID. By specifying particlar MongoDB object IDs, callers could obtain records for other users without proper authorization. Records retrievable using this attack included administrative API keys and private studio api keys.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63291
Published : 2025年11月14日19:16 | 3時間, 53分 ago
Description : When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did not check whether the authenticated user had permission to access the specified MongoDB object ID. By specifying particlar MongoDB object IDs, callers could obtain records for other users without proper authorization. Records retrievable using this attack included administrative API keys and private studio api keys.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...