CVE-2025-55126 - "Adobe Stored Cross-Site Scripting Vulnerability"
CVE ID : CVE-2025-55126
Published : Nov. 20, 2025, 7:16 p.m. | 1 hour, 13 minutes ago
Description : HackerOne community member Dang Hung Vi (vidang04) has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55126
Published : Nov. 20, 2025, 7:16 p.m. | 1 hour, 13 minutes ago
Description : HackerOne community member Dang Hung Vi (vidang04) has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55127 - Apache Struts Whitelist Injection
CVE ID : CVE-2025-55127
Published : Nov. 20, 2025, 7:16 p.m. | 1 hour, 13 minutes ago
Description : HackerOne community member Dao Hoang Anh (yoyomiski) has reported an improper neutralization of whitespace in the username when adding new users. A username with leading or trailing whitespace could be virtually indistinguishable from its legitimate counterpart when the username is displayed in the UI, potentially leading to confusion.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55127
Published : Nov. 20, 2025, 7:16 p.m. | 1 hour, 13 minutes ago
Description : HackerOne community member Dao Hoang Anh (yoyomiski) has reported an improper neutralization of whitespace in the username when adding new users. A username with leading or trailing whitespace could be virtually indistinguishable from its legitimate counterpart when the username is displayed in the UI, potentially leading to confusion.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55128 - Apache Userlog Index Uncontrolled Resource Consumption Denial of Service
CVE ID : CVE-2025-55128
Published : Nov. 20, 2025, 7:16 p.m. | 1 hour, 13 minutes ago
Description : HackerOne community member Dao Hoang Anh (yoyomiski) has reported an uncontrolled resource consumption vulnerability in the “userlog-index.php”. An attacker with access to the admin interface could request an arbitrarily large number of items per page, potentially leading to a denial of service
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55128
Published : Nov. 20, 2025, 7:16 p.m. | 1 hour, 13 minutes ago
Description : HackerOne community member Dao Hoang Anh (yoyomiski) has reported an uncontrolled resource consumption vulnerability in the “userlog-index.php”. An attacker with access to the admin interface could request an arbitrarily large number of items per page, potentially leading to a denial of service
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63700 - Clerk-js OAuth Authentication Bypass Vulnerability
CVE ID : CVE-2025-63700
Published : Nov. 20, 2025, 7:16 p.m. | 1 hour, 13 minutes ago
Description : An issue was discovered in Clerk-js 5.88.0 allowing attackers to bypass the OAuth authentication flow by manipulating the request at the OTP verification stage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63700
Published : Nov. 20, 2025, 7:16 p.m. | 1 hour, 13 minutes ago
Description : An issue was discovered in Clerk-js 5.88.0 allowing attackers to bypass the OAuth authentication flow by manipulating the request at the OTP verification stage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-35029 - Medical Informatics Engineering Enterprise Health stored cross site scripting via Demographic Information page
CVE ID : CVE-2025-35029
Published : Nov. 20, 2025, 7:34 p.m. | 55 minutes ago
Description : Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the 'Demographic Information' page. This content will be rendered and executed when a victim accesses it. This issue is fixed as of 2025-03-14.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-35029
Published : Nov. 20, 2025, 7:34 p.m. | 55 minutes ago
Description : Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the 'Demographic Information' page. This content will be rendered and executed when a victim accesses it. This issue is fixed as of 2025-03-14.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25613 - FS Inc S3150-8T2F Cleartext Cookie Disclosure
CVE ID : CVE-2025-25613
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext using simple base64 encoding during every POST request made to the server.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25613
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative application containing usernames and passwords. These were transmitted in cleartext using simple base64 encoding during every POST request made to the server.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62674 - Missing Authentication for RTSP in iCam Cameras
CVE ID : CVE-2025-62674
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : The affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP) services, which may allow an attacker unauthorized access to camera configuration information.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62674
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : The affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP) services, which may allow an attacker unauthorized access to camera configuration information.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63685 - Quark Cloud Drive DLL Hijacking
CVE ID : CVE-2025-63685
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of [regsvr32.exe] it loads. An attacker can place a crafted malicious DLL in the application's startup directory, which will be loaded and executed when the user launches the program.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63685
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of [regsvr32.exe] it loads. An attacker can place a crafted malicious DLL in the application's startup directory, which will be loaded and executed when the user launches the program.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63807 - "Blogin Weak Verification Code Brute-Force Authentication Bypass"
CVE ID : CVE-2025-63807
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without authentication. Successful exploitation may result in account takeover via password reset or other authentication bypass methods.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63807
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without authentication. Successful exploitation may result in account takeover via password reset or other authentication bypass methods.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64770 - Missing Authentication for ONVIF in iCam Cameras
CVE ID : CVE-2025-64770
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64770
Published : Nov. 20, 2025, 9:16 p.m. | 3 hours, 13 minutes ago
Description : The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13087 - Command Injection in Opto22 Groov REST API
CVE ID : CVE-2025-13087
Published : Nov. 20, 2025, 10:15 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13087
Published : Nov. 20, 2025, 10:15 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36153 - IBM Concert Cross-Site Scripting
CVE ID : CVE-2025-36153
Published : Nov. 20, 2025, 10:15 p.m. | 2 hours, 13 minutes ago
Description : IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36153
Published : Nov. 20, 2025, 10:15 p.m. | 2 hours, 13 minutes ago
Description : IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36158 - IBM Concert Information Disclosure
CVE ID : CVE-2025-36158
Published : Nov. 20, 2025, 10:15 p.m. | 2 hours, 13 minutes ago
Description : IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36158
Published : Nov. 20, 2025, 10:15 p.m. | 2 hours, 13 minutes ago
Description : IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36159 - IBM Concert Improper Log Neutralization
CVE ID : CVE-2025-36159
Published : Nov. 20, 2025, 10:15 p.m. | 2 hours, 13 minutes ago
Description : IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36159
Published : Nov. 20, 2025, 10:15 p.m. | 2 hours, 13 minutes ago
Description : IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36160 - IBM Concert Information Disclosure
CVE ID : CVE-2025-36160
Published : Nov. 20, 2025, 10:15 p.m. | 2 hours, 13 minutes ago
Description : IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36160
Published : Nov. 20, 2025, 10:15 p.m. | 2 hours, 13 minutes ago
Description : IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61138 - Qlik Sense Enterprise Unauthenticated Directory Information Disclosure
CVE ID : CVE-2025-61138
Published : Nov. 20, 2025, 10:16 p.m. | 2 hours, 13 minutes ago
Description : Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61138
Published : Nov. 20, 2025, 10:16 p.m. | 2 hours, 13 minutes ago
Description : Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13484 - Campcodes Complete Online Beauty Parlor Management System customer-list.php cross site scripting
CVE ID : CVE-2025-13484
Published : Nov. 20, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/customer-list.php. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13484
Published : Nov. 20, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/customer-list.php. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36072 - IBM webMethods Integration Deserialization
CVE ID : CVE-2025-36072
Published : Nov. 20, 2025, 11:15 p.m. | 1 hour, 13 minutes ago
Description : IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36072
Published : Nov. 20, 2025, 11:15 p.m. | 1 hour, 13 minutes ago
Description : IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49752 - Azure Bastion Elevation of Privilege Vulnerability
CVE ID : CVE-2025-49752
Published : Nov. 20, 2025, 11:15 p.m. | 1 hour, 13 minutes ago
Description : Azure Bastion Elevation of Privilege Vulnerability
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49752
Published : Nov. 20, 2025, 11:15 p.m. | 1 hour, 13 minutes ago
Description : Azure Bastion Elevation of Privilege Vulnerability
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59245 - Microsoft SharePoint Online Elevation of Privilege Vulnerability
CVE ID : CVE-2025-59245
Published : Nov. 20, 2025, 11:15 p.m. | 1 hour, 13 minutes ago
Description : Microsoft SharePoint Online Elevation of Privilege Vulnerability
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59245
Published : Nov. 20, 2025, 11:15 p.m. | 1 hour, 13 minutes ago
Description : Microsoft SharePoint Online Elevation of Privilege Vulnerability
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62207 - Azure Monitor Elevation of Privilege Vulnerability
CVE ID : CVE-2025-62207
Published : Nov. 20, 2025, 11:15 p.m. | 1 hour, 13 minutes ago
Description : Azure Monitor Elevation of Privilege Vulnerability
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62207
Published : Nov. 20, 2025, 11:15 p.m. | 1 hour, 13 minutes ago
Description : Azure Monitor Elevation of Privilege Vulnerability
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...