CVE-2025-60632 - Free5GC Denial of Service (DoS) Vulnerability
CVE ID : CVE-2025-60632
Published : Nov. 24, 2025, 4:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60632
Published : Nov. 24, 2025, 4:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60633 - Free5GC Denial of Service (DoS) via Nudm_SubscriberDataManagement API
CVE ID : CVE-2025-60633
Published : Nov. 24, 2025, 4:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60633
Published : Nov. 24, 2025, 4:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60638 - Free5GC Denial of Service (DoS) Vulnerability
CVE ID : CVE-2025-60638
Published : Nov. 24, 2025, 4:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60638
Published : Nov. 24, 2025, 4:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60914 - Austrian Archaeological Institute Openatlas Unauthenticated Information Disclosure
CVE ID : CVE-2025-60914
Published : Nov. 24, 2025, 4:15 p.m. | 2 hours, 35 minutes ago
Description : Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /display_logo endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60914
Published : Nov. 24, 2025, 4:15 p.m. | 2 hours, 35 minutes ago
Description : Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /display_logo endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60915 - Austrian Archaeological Institute Openatlas Path Traversal Vulnerability
CVE ID : CVE-2025-60915
Published : Nov. 24, 2025, 4:15 p.m. | 2 hours, 35 minutes ago
Description : An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60915
Published : Nov. 24, 2025, 4:15 p.m. | 2 hours, 35 minutes ago
Description : An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60916 - Austrian Archaeological Institute Openatlas Reflected Cross-Site Scripting (XSS)
CVE ID : CVE-2025-60916
Published : Nov. 24, 2025, 4:15 p.m. | 2 hours, 35 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60916
Published : Nov. 24, 2025, 4:15 p.m. | 2 hours, 35 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the charge parameter.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60917 - Austrian Archaeological Institute Openatlas Reflected Cross-Site Scripting (XSS)
CVE ID : CVE-2025-60917
Published : Nov. 24, 2025, 4:15 p.m. | 2 hours, 35 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60917
Published : Nov. 24, 2025, 4:15 p.m. | 2 hours, 35 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the color parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13511 - Adobe Flash Type Confusion
CVE ID : CVE-2025-13511
Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13511
Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13594 - Apache HTTP Server Command Injection Vulnerability
CVE ID : CVE-2025-13594
Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13594
Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63432 - Xtooltech Xtool AnyScan TLS Certificate Validation Weakness
CVE ID : CVE-2025-63432
Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago
Description : Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle (MITM) attack to intercept, decrypt, and modify traffic between the application and the update server. This serves as the basis for further attacks, including Remote Code Execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63432
Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago
Description : Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle (MITM) attack to intercept, decrypt, and modify traffic between the application and the update server. This serves as the basis for further attacks, including Remote Code Execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63433 - Xtooltech Xtool AnyScan Cryptographic Key Weakness
CVE ID : CVE-2025-63433
Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago
Description : Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt, modify, and re-encrypt the update manifest, allowing them to direct the application to download a malicious update package.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63433
Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago
Description : Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt, modify, and re-encrypt the update manifest, allowing them to direct the application to download a malicious update package.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63434 - Xtooltech Xtool AnyScan Unauthenticated Remote Code Execution Vulnerability
CVE ID : CVE-2025-63434
Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago
Description : The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control the update metadata can serve a malicious package, which the application will accept, extract, and later execute, leading to arbitrary code execution.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63434
Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago
Description : The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control the update metadata can serve a malicious package, which the application will accept, extract, and later execute, leading to arbitrary code execution.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63435 - Xtooltech Xtool AnyScan Authentication Bypass Vulnerability
CVE ID : CVE-2025-63435
Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago
Description : Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely download official update packages..
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63435
Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago
Description : Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthenticated remote attacker to freely download official update packages..
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63952 - Magewell Pro Convert CSRF Vulnerability
CVE ID : CVE-2025-63952
Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago
Description : A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63952
Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago
Description : A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63953 - Magewell Pro Convert CSRF Account Creation
CVE ID : CVE-2025-63953
Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago
Description : A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63953
Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago
Description : A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63958 - MILLENSYS Vision Tools Unauthenticated Configuration Disclosure
CVE ID : CVE-2025-63958
Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago
Description : MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (/MILLENSYS/settings) that is accessible without authentication. This page leaks plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An unauthenticated attacker can retrieve this information by accessing the endpoint directly, potentially leading to full system compromise. The vulnerability is due to missing access controls on a privileged administrative function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63958
Published : Nov. 24, 2025, 5:16 p.m. | 1 hour, 35 minutes ago
Description : MILLENSYS Vision Tools Workspace 6.5.0.2585 exposes a sensitive configuration endpoint (/MILLENSYS/settings) that is accessible without authentication. This page leaks plaintext database credentials, file share paths, internal license server configuration, and software update parameters. An unauthenticated attacker can retrieve this information by accessing the endpoint directly, potentially leading to full system compromise. The vulnerability is due to missing access controls on a privileged administrative function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13609 - Keylime: keylime: registrar allows identity takeover via duplicate uuid registration
CVE ID : CVE-2025-13609
Published : Nov. 24, 2025, 6:15 p.m. | 35 minutes ago
Description : A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13609
Published : Nov. 24, 2025, 6:15 p.m. | 35 minutes ago
Description : A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36112 - IBM Sterling B2B Integrator and IBM Sterling File Gateway information disclosure
CVE ID : CVE-2025-36112
Published : Nov. 24, 2025, 6:25 p.m. | 26 minutes ago
Description : IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36112
Published : Nov. 24, 2025, 6:25 p.m. | 26 minutes ago
Description : IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13466 - body-parser vulnerable to denial of service when url encoding is used
CVE ID : CVE-2025-13466
Published : Nov. 24, 2025, 6:29 p.m. | 21 minutes ago
Description : body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This can lead to service slowdown or partial outages under sustained malicious traffic. This issue is addressed in version 2.2.1.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13466
Published : Nov. 24, 2025, 6:29 p.m. | 21 minutes ago
Description : body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This can lead to service slowdown or partial outages under sustained malicious traffic. This issue is addressed in version 2.2.1.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0005 - Apache Xerces Integer Overflow Vulnerability
CVE ID : CVE-2025-0005
Published : Nov. 24, 2025, 8:15 p.m. | 2 hours, 36 minutes ago
Description : Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in crash or denial of service.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0005
Published : Nov. 24, 2025, 8:15 p.m. | 2 hours, 36 minutes ago
Description : Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in crash or denial of service.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52539 - Xilinx Run Time Environment Buffer Overflow Vulnerability
CVE ID : CVE-2025-52539
Published : Nov. 24, 2025, 8:15 p.m. | 2 hours, 36 minutes ago
Description : A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface (AXI), potentially resulting in loss of confidentiality, integrity, and/or availability.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52539
Published : Nov. 24, 2025, 8:15 p.m. | 2 hours, 36 minutes ago
Description : A buffer overflow with Xilinx Run Time Environment may allow a local attacker to read or corrupt data from the advanced extensible interface (AXI), potentially resulting in loss of confidentiality, integrity, and/or availability.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...