CVE-2025-13757 - Devolutions Server SQL Injection
CVE ID : CVE-2025-13757
Published : Nov. 27, 2025, 4:15 p.m. | 55 minutes ago
Description : SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13757
Published : Nov. 27, 2025, 4:15 p.m. | 55 minutes ago
Description : SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13758 - Devolutions Server Exposed Credentials Vulnerability
CVE ID : CVE-2025-13758
Published : Nov. 27, 2025, 4:15 p.m. | 55 minutes ago
Description : Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13758
Published : Nov. 27, 2025, 4:15 p.m. | 55 minutes ago
Description : Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13765 - Devolutions Server Unsecured Email Credentials Exposure
CVE ID : CVE-2025-13765
Published : Nov. 27, 2025, 4:15 p.m. | 55 minutes ago
Description : Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13765
Published : Nov. 27, 2025, 4:15 p.m. | 55 minutes ago
Description : Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12559 - Information Disclosure in Common Teams API
CVE ID : CVE-2025-12559
Published : Nov. 27, 2025, 4:36 p.m. | 34 minutes ago
Description : Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12559
Published : Nov. 27, 2025, 4:36 p.m. | 34 minutes ago
Description : Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12421 - Account Takeover via Code Exchange Endpoint
CVE ID : CVE-2025-12421
Published : Nov. 27, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12421
Published : Nov. 27, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3261 - Stored Cross-Site Scripting (XSS) in ThingsBoard
CVE ID : CVE-2025-3261
Published : Nov. 27, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user's browser. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3261
Published : Nov. 27, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user's browser. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13338 - Apache HTTP Server Cross-Site Scripting
CVE ID : CVE-2025-13338
Published : Nov. 27, 2025, 11:15 p.m. | 1 hour, 57 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13338
Published : Nov. 27, 2025, 11:15 p.m. | 1 hour, 57 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66359 - Logpoint Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-66359
Published : Nov. 28, 2025, 12:15 a.m. | 57 minutes ago
Description : An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66359
Published : Nov. 28, 2025, 12:15 a.m. | 57 minutes ago
Description : An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66360 - Logpoint Access Control Policy Privilege Escalation Vulnerability
CVE ID : CVE-2025-66360
Published : Nov. 28, 2025, 12:15 a.m. | 57 minutes ago
Description : An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66360
Published : Nov. 28, 2025, 12:15 a.m. | 57 minutes ago
Description : An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66361 - Logpoint Exposes Sensitive Information
CVE ID : CVE-2025-66361
Published : Nov. 28, 2025, 12:15 a.m. | 57 minutes ago
Description : An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66361
Published : Nov. 28, 2025, 12:15 a.m. | 57 minutes ago
Description : An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58294 - Cisco Print Module Information Disclosure
CVE ID : CVE-2025-58294
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58294
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58303 - Adobe Screen Recorder Use-After-Free Vulnerability
CVE ID : CVE-2025-58303
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58303
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58307 - Apache Screen Recording Framework Use-After-Free
CVE ID : CVE-2025-58307
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58307
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58309 - Apache Startup Recovery Unauthenticated Remote Code Execution and Information Disclosure
CVE ID : CVE-2025-58309
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the startup recovery module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58309
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the startup recovery module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58310 - Apache Distributed Component Permission Control Bypass
CVE ID : CVE-2025-58310
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the distributed component. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58310
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the distributed component. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58312 - Apache App Lock Unauthenticated Access Vulnerability
CVE ID : CVE-2025-58312
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58312
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58314 - Cisco Component Driver Memory Corruption Vulnerability
CVE ID : CVE-2025-58314
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Vulnerability of accessing invalid memory in the component driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58314
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Vulnerability of accessing invalid memory in the component driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58315 - Aruba Wi-Fi Module Permission Control Vulnerability
CVE ID : CVE-2025-58315
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58315
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58316 - "Realtek Video Service Denial of Service Vulnerability"
CVE ID : CVE-2025-58316
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : DoS vulnerability in the video-related system service module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58316
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : DoS vulnerability in the video-related system service module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64311 - Notepad Permission Control Vulnerability (Confidentiality)
CVE ID : CVE-2025-64311
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64311
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64313 - "Microsoft Office DoS Vulnerability"
CVE ID : CVE-2025-64313
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64313
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...