CVE-2025-64325 - Emby Server is Vulnerable to Remote Code Execution Through XSS in Admin Dashboard
CVE ID : CVE-2025-64325
Published : Nov. 18, 2025, 11:15 p.m. | 2 hours, 31 minutes ago
Description : Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has been patched in version 4.8.1.0 and Beta version 4.9.0.0-beta.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64325
Published : Nov. 18, 2025, 11:15 p.m. | 2 hours, 31 minutes ago
Description : Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has been patched in version 4.8.1.0 and Beta version 4.9.0.0-beta.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64515 - Open Forms prefill data in read-only components can be tampered
CVE ID : CVE-2025-64515
Published : Nov. 18, 2025, 11:15 p.m. | 2 hours, 31 minutes ago
Description : Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields are marked as readonly and cannot be modified through the user interface. This issue has been patched in versions 3.2.7 and 3.3.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64515
Published : Nov. 18, 2025, 11:15 p.m. | 2 hours, 31 minutes ago
Description : Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields are marked as readonly and cannot be modified through the user interface. This issue has been patched in versions 3.2.7 and 3.3.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65012 - Kirby CMS has cross-site scripting (XSS) in the changes dialog
CVE ID : CVE-2025-65012
Published : Nov. 18, 2025, 11:15 p.m. | 2 hours, 31 minutes ago
Description : Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the "Changes" dialog. If another authenticated user subsequently opened the dialog in their Panel, the malicious code would be executed. This vulnerability affects all Kirby 5 sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update page titles or usernames. The attack requires user interaction by another Panel user and cannot be automated. This issue has been patched in version 5.1.4.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65012
Published : Nov. 18, 2025, 11:15 p.m. | 2 hours, 31 minutes ago
Description : Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the "Changes" dialog. If another authenticated user subsequently opened the dialog in their Panel, the malicious code would be executed. This vulnerability affects all Kirby 5 sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update page titles or usernames. The attack requires user interaction by another Panel user and cannot be automated. This issue has been patched in version 5.1.4.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65013 - LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
CVE ID : CVE-2025-65013
Published : Nov. 18, 2025, 11:15 p.m. | 2 hours, 31 minutes ago
Description : LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting (XSS) vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited by a victim, causes arbitrary JavaScript execution in the victim’s browser. This issue has been patched in version 25.11.0.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65013
Published : Nov. 18, 2025, 11:15 p.m. | 2 hours, 31 minutes ago
Description : LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting (XSS) vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited by a victim, causes arbitrary JavaScript execution in the victim’s browser. This issue has been patched in version 25.11.0.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65014 - LibreNMS has Weak Password Policy
CVE ID : CVE-2025-65014
Published : Nov. 18, 2025, 11:15 p.m. | 2 hours, 31 minutes ago
Description : LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely weak and predictable passwords, such as 12345678. This exposes the platform to brute-force and credential stuffing attacks. This issue has been patched in version 25.11.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65014
Published : Nov. 18, 2025, 11:15 p.m. | 2 hours, 31 minutes ago
Description : LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely weak and predictable passwords, such as 12345678. This exposes the platform to brute-force and credential stuffing attacks. This issue has been patched in version 25.11.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65015 - joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads
CVE ID : CVE-2025-65015
Published : Nov. 18, 2025, 11:15 p.m. | 2 hours, 31 minutes ago
Description : joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python web application, an attacker may be able to send arbitrarily large bearer tokens in the HTTP request headers. When this occurs, Python logging or diagnostic tools (e.g., Sentry) may end up processing extremely large log messages containing the full JWT header during the joserfc.jwt.decode() operation. The same behavior also appears when validating claims and signature payload sizes, as the library raises joserfc.errors.ExceededSizeError() with the full payload embedded in the exception message. Since the payload is already fully loaded into memory at this stage, the library cannot prevent or reject it. This issue has been patched in versions 1.3.5 and 1.4.2.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65015
Published : Nov. 18, 2025, 11:15 p.m. | 2 hours, 31 minutes ago
Description : joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python web application, an attacker may be able to send arbitrarily large bearer tokens in the HTTP request headers. When this occurs, Python logging or diagnostic tools (e.g., Sentry) may end up processing extremely large log messages containing the full JWT header during the joserfc.jwt.decode() operation. The same behavior also appears when validating claims and signature payload sizes, as the library raises joserfc.errors.ExceededSizeError() with the full payload embedded in the exception message. Since the payload is already fully loaded into memory at this stage, the library cannot prevent or reject it. This issue has been patched in versions 1.3.5 and 1.4.2.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65093 - LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint
CVE ID : CVE-2025-65093
Published : Nov. 18, 2025, 11:15 p.m. | 2 hours, 31 minutes ago
Description : LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajax_output.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query logic and infer data from the database through conditional responses. This issue has been patched in version 25.11.0.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65093
Published : Nov. 18, 2025, 11:15 p.m. | 2 hours, 31 minutes ago
Description : LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajax_output.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query logic and infer data from the database through conditional responses. This issue has been patched in version 25.11.0.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12852 - NEC RakurakuMusen Start EX DLL Loading Remote Code Execution
CVE ID : CVE-2025-12852
Published : Nov. 19, 2025, 1:01 a.m. | 45 minutes ago
Description : DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user's device.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12852
Published : Nov. 19, 2025, 1:01 a.m. | 45 minutes ago
Description : DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user's device.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13225 - Tanium addressed an arbitrary file deletion vulnerability in TanOS.
CVE ID : CVE-2025-13225
Published : Nov. 19, 2025, 3:16 a.m. | 2 hours, 31 minutes ago
Description : Tanium addressed an arbitrary file deletion vulnerability in TanOS.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13225
Published : Nov. 19, 2025, 3:16 a.m. | 2 hours, 31 minutes ago
Description : Tanium addressed an arbitrary file deletion vulnerability in TanOS.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12427 - YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename
CVE ID : CVE-2025-12427
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to missing validation on user-controlled keys. This makes it possible for unauthenticated attackers to discover any user's wishlist token ID, and subsequently rename the victim's wishlist without authorization (integrity impact). This can be exploited to target multi-user stores for defacement, social engineering attacks, mass tampering, and profiling at scale.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12427
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.10.0 via the REST API endpoint and AJAX handler due to missing validation on user-controlled keys. This makes it possible for unauthenticated attackers to discover any user's wishlist token ID, and subsequently rename the victim's wishlist without authorization (integrity impact). This can be exploited to target multi-user stores for defacement, social engineering attacks, mass tampering, and profiling at scale.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12770 - New User Approve <= 3.0.9 - Unauthenticated Sensitive Information Disclosure via Type Juggling
CVE ID : CVE-2025-12770
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally identifiable information (PII), including usernames and email addresses of users with various approval statuses via the Zapier REST API endpoints, by exploiting PHP type juggling with the api_key parameter set to "0" on sites where the Zapier API key has not been configured.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12770
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : The New User Approve plugin for WordPress is vulnerable to unauthorized data disclosure in all versions up to, and including, 3.0.9 due to insufficient API key validation using loose equality comparison. This makes it possible for unauthenticated attackers to retrieve personally identifiable information (PII), including usernames and email addresses of users with various approval statuses via the Zapier REST API endpoints, by exploiting PHP type juggling with the api_key parameter set to "0" on sites where the Zapier API key has not been configured.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12777 - YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion
CVE ID : CVE-2025-12777
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint (which uses permission_callback => '__return_true') and the AJAX delete_item handler (which only checks nonce validity without verifying object-level authorization). This makes it possible for unauthenticated attackers to disclose wishlist tokens for any user and subsequently delete wishlist items by chaining the REST API authorization bypass with the exposed delete_item nonce on shared wishlist pages and the AJAX handler's missing object-level authorization check.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12777
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.10.0. This is due to the plugin not properly verifying that a user is authorized to perform actions on the REST API /wp-json/yith/wishlist/v1/lists endpoint (which uses permission_callback => '__return_true') and the AJAX delete_item handler (which only checks nonce validity without verifying object-level authorization). This makes it possible for unauthenticated attackers to disclose wishlist tokens for any user and subsequently delete wishlist items by chaining the REST API authorization bypass with the exposed delete_item nonce on shared wishlist pages and the AJAX handler's missing object-level authorization check.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13051 - Windows service used an uncontrolled search path element will cause unauthorized code execution with localsystem privileges
CVE ID : CVE-2025-13051
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in unauthorized code execution with elevated privileges. This issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13051
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : When the service of ABP and AES is installed in a directory writable by non-administrative users, an attacker can replace or plant a DLL with the same name as one loaded by the service. Upon service restart, the malicious DLL is loaded and executed under the LocalSystem account, resulting in unauthorized code execution with elevated privileges. This issue affects ABP and AES: from ABP 2.0 through 2.0.7.9050, from AES 1.0 through 1.0.6.8290.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65933 - Apache HTTP Server SQL Injection
CVE ID : CVE-2025-65933
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65933
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65934 - Apache HTTP Server SQL Injection
CVE ID : CVE-2025-65934
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65934
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65935 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-65935
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65935
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65936 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-65936
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65936
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65937 - Apache OpenOffice Unvalidated User Input
CVE ID : CVE-2025-65937
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65937
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65938 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-65938
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65938
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65939 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-65939
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65939
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65940 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-65940
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65940
Published : Nov. 19, 2025, 4:16 a.m. | 1 hour, 31 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...