CVE-2025-52670 - Revive Adserver Unauthenticated Remote Code Execution
CVE ID : CVE-2025-52670
Published : Nov. 20, 2025, 7:10 p.m. | 1 hour, 19 minutes ago
Description : Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52670
Published : Nov. 20, 2025, 7:10 p.m. | 1 hour, 19 minutes ago
Description : Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55124 - Revive Adserver Reflected Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-55124
Published : Nov. 20, 2025, 7:10 p.m. | 1 hour, 19 minutes ago
Description : Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55124
Published : Nov. 20, 2025, 7:10 p.m. | 1 hour, 19 minutes ago
Description : Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52669 - Revive Adserver User Information Disclosure Vulnerability
CVE ID : CVE-2025-52669
Published : Nov. 20, 2025, 7:10 p.m. | 1 hour, 19 minutes ago
Description : Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52669
Published : Nov. 20, 2025, 7:10 p.m. | 1 hour, 19 minutes ago
Description : Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52666 - Revive Adserver Format String Vulnerability
CVE ID : CVE-2025-52666
Published : Nov. 20, 2025, 7:10 p.m. | 1 hour, 19 minutes ago
Description : Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52666
Published : Nov. 20, 2025, 7:10 p.m. | 1 hour, 19 minutes ago
Description : Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP error.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52671 - Revive Adserver SQL Error Message Debug Information Disclosure
CVE ID : CVE-2025-52671
Published : Nov. 20, 2025, 7:10 p.m. | 1 hour, 19 minutes ago
Description : Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52671
Published : Nov. 20, 2025, 7:10 p.m. | 1 hour, 19 minutes ago
Description : Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55123 - Revive Adserver Cross-Site Scripting (XSS)
CVE ID : CVE-2025-55123
Published : Nov. 20, 2025, 7:10 p.m. | 1 hour, 19 minutes ago
Description : Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55123
Published : Nov. 20, 2025, 7:10 p.m. | 1 hour, 19 minutes ago
Description : Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48987 - Revive Adserver Reflected Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-48987
Published : Nov. 20, 2025, 7:11 p.m. | 1 hour, 17 minutes ago
Description : Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48987
Published : Nov. 20, 2025, 7:11 p.m. | 1 hour, 17 minutes ago
Description : Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48986 - Revive Adserver Authorization Bypass Vulnerability
CVE ID : CVE-2025-48986
Published : Nov. 20, 2025, 7:11 p.m. | 1 hour, 17 minutes ago
Description : Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48986
Published : Nov. 20, 2025, 7:11 p.m. | 1 hour, 17 minutes ago
Description : Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts using the forgot password functionality.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52668 - Revive Adserver Stored XSS
CVE ID : CVE-2025-52668
Published : Nov. 20, 2025, 7:11 p.m. | 1 hour, 17 minutes ago
Description : Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52668
Published : Nov. 20, 2025, 7:11 p.m. | 1 hour, 17 minutes ago
Description : Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10571 - ABB Ability Edgenius Authentication Bypass
CVE ID : CVE-2025-10571
Published : Nov. 20, 2025, 7:16 p.m. | 1 hour, 13 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10571
Published : Nov. 20, 2025, 7:16 p.m. | 1 hour, 13 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55126 - "Adobe Stored Cross-Site Scripting Vulnerability"
CVE ID : CVE-2025-55126
Published : Nov. 20, 2025, 7:16 p.m. | 1 hour, 13 minutes ago
Description : HackerOne community member Dang Hung Vi (vidang04) has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55126
Published : Nov. 20, 2025, 7:16 p.m. | 1 hour, 13 minutes ago
Description : HackerOne community member Dang Hung Vi (vidang04) has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55127 - Apache Struts Whitelist Injection
CVE ID : CVE-2025-55127
Published : Nov. 20, 2025, 7:16 p.m. | 1 hour, 13 minutes ago
Description : HackerOne community member Dao Hoang Anh (yoyomiski) has reported an improper neutralization of whitespace in the username when adding new users. A username with leading or trailing whitespace could be virtually indistinguishable from its legitimate counterpart when the username is displayed in the UI, potentially leading to confusion.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55127
Published : Nov. 20, 2025, 7:16 p.m. | 1 hour, 13 minutes ago
Description : HackerOne community member Dao Hoang Anh (yoyomiski) has reported an improper neutralization of whitespace in the username when adding new users. A username with leading or trailing whitespace could be virtually indistinguishable from its legitimate counterpart when the username is displayed in the UI, potentially leading to confusion.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55128 - Apache Userlog Index Uncontrolled Resource Consumption Denial of Service
CVE ID : CVE-2025-55128
Published : Nov. 20, 2025, 7:16 p.m. | 1 hour, 13 minutes ago
Description : HackerOne community member Dao Hoang Anh (yoyomiski) has reported an uncontrolled resource consumption vulnerability in the “userlog-index.php”. An attacker with access to the admin interface could request an arbitrarily large number of items per page, potentially leading to a denial of service
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55128
Published : Nov. 20, 2025, 7:16 p.m. | 1 hour, 13 minutes ago
Description : HackerOne community member Dao Hoang Anh (yoyomiski) has reported an uncontrolled resource consumption vulnerability in the “userlog-index.php”. An attacker with access to the admin interface could request an arbitrarily large number of items per page, potentially leading to a denial of service
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63700 - Clerk-js OAuth Authentication Bypass Vulnerability
CVE ID : CVE-2025-63700
Published : Nov. 20, 2025, 7:16 p.m. | 1 hour, 13 minutes ago
Description : An issue was discovered in Clerk-js 5.88.0 allowing attackers to bypass the OAuth authentication flow by manipulating the request at the OTP verification stage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63700
Published : Nov. 20, 2025, 7:16 p.m. | 1 hour, 13 minutes ago
Description : An issue was discovered in Clerk-js 5.88.0 allowing attackers to bypass the OAuth authentication flow by manipulating the request at the OTP verification stage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-35029 - Medical Informatics Engineering Enterprise Health stored cross site scripting via Demographic Information page
CVE ID : CVE-2025-35029
Published : Nov. 20, 2025, 7:34 p.m. | 55 minutes ago
Description : Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the 'Demographic Information' page. This content will be rendered and executed when a victim accesses it. This issue is fixed as of 2025-03-14.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-35029
Published : Nov. 20, 2025, 7:34 p.m. | 55 minutes ago
Description : Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the 'Demographic Information' page. This content will be rendered and executed when a victim accesses it. This issue is fixed as of 2025-03-14.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25613 - FS Inc S3150-8T2F Cleartext Cookie Disclosure
CVE ID : CVE-2025-25613
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext using simple base64 encoding during every POST request made to the server.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25613
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext using simple base64 encoding during every POST request made to the server.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62674 - Missing Authentication for RTSP in iCam Cameras
CVE ID : CVE-2025-62674
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : The affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP) services, which may allow an attacker unauthorized access to camera configuration information.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62674
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : The affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP) services, which may allow an attacker unauthorized access to camera configuration information.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63685 - Quark Cloud Drive DLL Hijacking
CVE ID : CVE-2025-63685
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of [regsvr32.exe] it loads. An attacker can place a crafted malicious DLL in the application's startup directory, which will be loaded and executed when the user launches the program.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63685
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of [regsvr32.exe] it loads. An attacker can place a crafted malicious DLL in the application's startup directory, which will be loaded and executed when the user launches the program.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63807 - "Blogin Weak Verification Code Brute-Force Authentication Bypass"
CVE ID : CVE-2025-63807
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without authentication. Successful exploitation may result in account takeover via password reset or other authentication bypass methods.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63807
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without authentication. Successful exploitation may result in account takeover via password reset or other authentication bypass methods.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64770 - Missing Authentication for ONVIF in iCam Cameras
CVE ID : CVE-2025-64770
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64770
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13087 - Command Injection in Opto22 Groov REST API
CVE ID : CVE-2025-13087
Published : Nov. 20, 2025, 10:15 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13087
Published : Nov. 20, 2025, 10:15 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...