CVE-2025-51663 - FileCodeBox IP Rate Limit Bypass Remote Denial of Service
CVE ID : CVE-2025-51663
Published : Nov. 19, 2025, 8:15 p.m. | 4 hours, 8 minutes ago
Description : A vulnerability found in IPRateLimit implementation of FileCodeBox up to 2.2 allows remote attackers to bypass ip-based rate limit protection and failed attempt restrictions by faking X-Real-IP and X-Forwarded-For HTTP headers. This can enable attackers to perform DoS attacks or brute force share codes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51663
Published : Nov. 19, 2025, 8:15 p.m. | 4 hours, 8 minutes ago
Description : A vulnerability found in IPRateLimit implementation of FileCodeBox up to 2.2 allows remote attackers to bypass ip-based rate limit protection and failed attempt restrictions by faking X-Real-IP and X-Forwarded-For HTTP headers. This can enable attackers to perform DoS attacks or brute force share codes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63212 - GatesAir Flexiva-LX Session Hijacking Vulnerability
CVE ID : CVE-2025-63212
Published : Nov. 19, 2025, 8:15 p.m. | 4 hours, 8 minutes ago
Description : GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions without providing any credentials. This attack requires the legitimate user (admin) to have previously closed the browser window without logging out.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63212
Published : Nov. 19, 2025, 8:15 p.m. | 4 hours, 8 minutes ago
Description : GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions without providing any credentials. This attack requires the legitimate user (admin) to have previously closed the browser window without logging out.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63213 - QVidium Opera11 Remote Code Execution (RCE) Vulnerability
CVE ID : CVE-2025-63213
Published : Nov. 19, 2025, 8:15 p.m. | 4 hours, 8 minutes ago
Description : The QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) is vulnerable to Remote Code Execution (RCE) due to improper input validation on the /cgi-bin/net_ping.cgi endpoint. An attacker can exploit this vulnerability by sending a specially crafted GET request with a malicious parameter to inject arbitrary commands. These commands are executed with root privileges, allowing attackers to gain full control over the device. This poses a significant security risk to any device running this software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63213
Published : Nov. 19, 2025, 8:15 p.m. | 4 hours, 8 minutes ago
Description : The QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) is vulnerable to Remote Code Execution (RCE) due to improper input validation on the /cgi-bin/net_ping.cgi endpoint. An attacker can exploit this vulnerability by sending a specially crafted GET request with a malicious parameter to inject arbitrary commands. These commands are executed with root privileges, allowing attackers to gain full control over the device. This poses a significant security risk to any device running this software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63214 - Bridgetech VBC Server & Element Manager Account Creation/Deletion Vulnerability
CVE ID : CVE-2025-63214
Published : Nov. 19, 2025, 8:15 p.m. | 4 hours, 8 minutes ago
Description : An issue was discovered in bridgetech VBC Server & Element Manager, firmware version 6.5.0-10 , 6.5.0-9, allowing unauthorized attackers to delete and create arbitrary accounts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63214
Published : Nov. 19, 2025, 8:15 p.m. | 4 hours, 8 minutes ago
Description : An issue was discovered in bridgetech VBC Server & Element Manager, firmware version 6.5.0-10 , 6.5.0-9, allowing unauthorized attackers to delete and create arbitrary accounts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63932 - D-Link Router DIR-868L Remote Code Execution Vulnerability
CVE ID : CVE-2025-63932
Published : Nov. 19, 2025, 8:15 p.m. | 4 hours, 8 minutes ago
Description : D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63932
Published : Nov. 19, 2025, 8:15 p.m. | 4 hours, 8 minutes ago
Description : D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13147 - External Service Interaction (DNS)
CVE ID : CVE-2025-13147
Published : Nov. 19, 2025, 9:15 p.m. | 3 hours, 8 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13147
Published : Nov. 19, 2025, 9:15 p.m. | 3 hours, 8 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before 2024.1.8, from 2025.0.0 before 2025.0.4.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13410 - Campcodes Retro Basketball Shoes Online Store receipt.php sql injection
CVE ID : CVE-2025-13410
Published : Nov. 19, 2025, 9:15 p.m. | 3 hours, 8 minutes ago
Description : A vulnerability has been found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected is an unknown function of the file /admin/receipt.php. Such manipulation of the argument tid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13410
Published : Nov. 19, 2025, 9:15 p.m. | 3 hours, 8 minutes ago
Description : A vulnerability has been found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected is an unknown function of the file /admin/receipt.php. Such manipulation of the argument tid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13411 - Campcodes Retro Basketball Shoes Online Store admin_football.php unrestricted upload
CVE ID : CVE-2025-13411
Published : Nov. 19, 2025, 9:15 p.m. | 3 hours, 8 minutes ago
Description : A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_football.php. Performing manipulation of the argument product_image results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13411
Published : Nov. 19, 2025, 9:15 p.m. | 3 hours, 8 minutes ago
Description : A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_football.php. Performing manipulation of the argument product_image results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13412 - Campcodes Retro Basketball Shoes Online Store admin_running.php cross site scripting
CVE ID : CVE-2025-13412
Published : Nov. 19, 2025, 9:15 p.m. | 3 hours, 8 minutes ago
Description : A vulnerability was determined in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_running.php. Executing manipulation of the argument product_name can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13412
Published : Nov. 19, 2025, 9:15 p.m. | 3 hours, 8 minutes ago
Description : A vulnerability was determined in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_running.php. Executing manipulation of the argument product_name can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47914 - CVE-2025-47914 in golang.org/x/crypto/ssh/agent
CVE ID : CVE-2025-47914
Published : Nov. 19, 2025, 9:15 p.m. | 3 hours, 8 minutes ago
Description : SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47914
Published : Nov. 19, 2025, 9:15 p.m. | 3 hours, 8 minutes ago
Description : SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58181 - CVE-2025-58181 in golang.org/x/crypto/ssh
CVE ID : CVE-2025-58181
Published : Nov. 19, 2025, 9:15 p.m. | 3 hours, 8 minutes ago
Description : SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58181
Published : Nov. 19, 2025, 9:15 p.m. | 3 hours, 8 minutes ago
Description : SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63371 - OneCommander Directory Traversal Vulnerability
CVE ID : CVE-2025-63371
Published : Nov. 19, 2025, 9:15 p.m. | 3 hours, 8 minutes ago
Description : Milos Paripovic OneCommander 3.102.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63371
Published : Nov. 19, 2025, 9:15 p.m. | 3 hours, 8 minutes ago
Description : Milos Paripovic OneCommander 3.102.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and handling ZIP archive contents.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63719 - Campcodes Online Hospital Management System SQL Injection Vulnerability
CVE ID : CVE-2025-63719
Published : Nov. 19, 2025, 9:15 p.m. | 3 hours, 8 minutes ago
Description : Campcodes Online Hospital Management System 1.0 is vulnerable to SQL Injection in /admin/index.php via the parameter username.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63719
Published : Nov. 19, 2025, 9:15 p.m. | 3 hours, 8 minutes ago
Description : Campcodes Online Hospital Management System 1.0 is vulnerable to SQL Injection in /admin/index.php via the parameter username.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11001 - 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability
CVE ID : CVE-2025-11001
Published : Nov. 19, 2025, 10:16 p.m. | 2 hours, 8 minutes ago
Description : 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11001
Published : Nov. 19, 2025, 10:16 p.m. | 2 hours, 8 minutes ago
Description : 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11884 - Cross-site Scripting vulnerability discovered in OpenText™ Universal Discovery and CMDB
CVE ID : CVE-2025-11884
Published : Nov. 19, 2025, 10:16 p.m. | 2 hours, 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow an attacker has high level access to UCMDB to create or update data with malicious scripts This issue affects uCMDB: 24.4.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11884
Published : Nov. 19, 2025, 10:16 p.m. | 2 hours, 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow an attacker has high level access to UCMDB to create or update data with malicious scripts This issue affects uCMDB: 24.4.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13415 - icret EasyImages SVG Image upload.php cross site scripting
CVE ID : CVE-2025-13415
Published : Nov. 19, 2025, 10:16 p.m. | 2 hours, 8 minutes ago
Description : A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13415
Published : Nov. 19, 2025, 10:16 p.m. | 2 hours, 8 minutes ago
Description : A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13420 - itsourcecode Human Resource Management System EventStore.php sql injection
CVE ID : CVE-2025-13420
Published : Nov. 19, 2025, 11:15 p.m. | 1 hour, 8 minutes ago
Description : A weakness has been identified in itsourcecode Human Resource Management System 1.0. This issue affects some unknown processing of the file /src/store/EventStore.php. This manipulation of the argument eventSubject causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13420
Published : Nov. 19, 2025, 11:15 p.m. | 1 hour, 8 minutes ago
Description : A weakness has been identified in itsourcecode Human Resource Management System 1.0. This issue affects some unknown processing of the file /src/store/EventStore.php. This manipulation of the argument eventSubject causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13421 - itsourcecode Human Resource Management System NoticeStore.php sql injection
CVE ID : CVE-2025-13421
Published : Nov. 19, 2025, 11:15 p.m. | 1 hour, 8 minutes ago
Description : A security vulnerability has been detected in itsourcecode Human Resource Management System 1.0. Impacted is an unknown function of the file /src/store/NoticeStore.php. Such manipulation of the argument noticeDesc leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13421
Published : Nov. 19, 2025, 11:15 p.m. | 1 hour, 8 minutes ago
Description : A security vulnerability has been detected in itsourcecode Human Resource Management System 1.0. Impacted is an unknown function of the file /src/store/NoticeStore.php. Such manipulation of the argument noticeDesc leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4042 - Here is a potential title: Apache Struts Remote Code Execution Vulnerability
CVE ID : CVE-2025-4042
Published : Nov. 19, 2025, 11:15 p.m. | 1 hour, 8 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4042
Published : Nov. 19, 2025, 11:15 p.m. | 1 hour, 8 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13422 - freeprojectscodes Sports Club Management System change_s_pwd.php sql injection
CVE ID : CVE-2025-13422
Published : Nov. 19, 2025, 11:32 p.m. | 52 minutes ago
Description : A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/change_s_pwd.php. Performing manipulation of the argument login_id results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13422
Published : Nov. 19, 2025, 11:32 p.m. | 52 minutes ago
Description : A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/change_s_pwd.php. Performing manipulation of the argument login_id results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13423 - Campcodes Retro Basketball Shoes Online Store admin_product.php unrestricted upload
CVE ID : CVE-2025-13423
Published : Nov. 19, 2025, 11:32 p.m. | 52 minutes ago
Description : A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_product.php. Executing manipulation of the argument product_image can lead to unrestricted upload. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13423
Published : Nov. 19, 2025, 11:32 p.m. | 52 minutes ago
Description : A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_product.php. Executing manipulation of the argument product_image can lead to unrestricted upload. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...