CVE-2025-3261 - Stored Cross-Site Scripting (XSS) in ThingsBoard
CVE ID : CVE-2025-3261
Published : Nov. 27, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user's browser. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3261
Published : Nov. 27, 2025, 6:15 p.m. | 2 hours, 56 minutes ago
Description : ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user's browser. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13338 - Apache HTTP Server Cross-Site Scripting
CVE ID : CVE-2025-13338
Published : Nov. 27, 2025, 11:15 p.m. | 1 hour, 57 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13338
Published : Nov. 27, 2025, 11:15 p.m. | 1 hour, 57 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66359 - Logpoint Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-66359
Published : Nov. 28, 2025, 12:15 a.m. | 57 minutes ago
Description : An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66359
Published : Nov. 28, 2025, 12:15 a.m. | 57 minutes ago
Description : An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66360 - Logpoint Access Control Policy Privilege Escalation Vulnerability
CVE ID : CVE-2025-66360
Published : Nov. 28, 2025, 12:15 a.m. | 57 minutes ago
Description : An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66360
Published : Nov. 28, 2025, 12:15 a.m. | 57 minutes ago
Description : An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66361 - Logpoint Exposes Sensitive Information
CVE ID : CVE-2025-66361
Published : Nov. 28, 2025, 12:15 a.m. | 57 minutes ago
Description : An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66361
Published : Nov. 28, 2025, 12:15 a.m. | 57 minutes ago
Description : An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58294 - Cisco Print Module Information Disclosure
CVE ID : CVE-2025-58294
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58294
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58303 - Adobe Screen Recorder Use-After-Free Vulnerability
CVE ID : CVE-2025-58303
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58303
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58307 - Apache Screen Recording Framework Use-After-Free
CVE ID : CVE-2025-58307
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58307
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58309 - Apache Startup Recovery Unauthenticated Remote Code Execution and Information Disclosure
CVE ID : CVE-2025-58309
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the startup recovery module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58309
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the startup recovery module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58310 - Apache Distributed Component Permission Control Bypass
CVE ID : CVE-2025-58310
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the distributed component. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58310
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the distributed component. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58312 - Apache App Lock Unauthenticated Access Vulnerability
CVE ID : CVE-2025-58312
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58312
Published : Nov. 28, 2025, 3:15 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58314 - Cisco Component Driver Memory Corruption Vulnerability
CVE ID : CVE-2025-58314
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Vulnerability of accessing invalid memory in the component driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58314
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Vulnerability of accessing invalid memory in the component driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58315 - Aruba Wi-Fi Module Permission Control Vulnerability
CVE ID : CVE-2025-58315
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58315
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58316 - "Realtek Video Service Denial of Service Vulnerability"
CVE ID : CVE-2025-58316
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : DoS vulnerability in the video-related system service module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58316
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : DoS vulnerability in the video-related system service module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64311 - Notepad Permission Control Vulnerability (Confidentiality)
CVE ID : CVE-2025-64311
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64311
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64313 - "Microsoft Office DoS Vulnerability"
CVE ID : CVE-2025-64313
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64313
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64314 - Cisco Memory Management Permission Control Vulnerability
CVE ID : CVE-2025-64314
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the memory management module. Impact: Successful exploitation of this vulnerability may affect confidentiality.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64314
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the memory management module. Impact: Successful exploitation of this vulnerability may affect confidentiality.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64315 - Apache File Manager Configuration Defect Remote File Inclusion Vulnerability
CVE ID : CVE-2025-64315
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Configuration defect vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64315
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Configuration defect vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13737 - Nextend Social Login and Register <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login
CVE ID : CVE-2025-13737
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink the user's social login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13737
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink the user's social login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58302 - "Acme Settings Module Unsecured Configuration"
CVE ID : CVE-2025-58302
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58302
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58304 - Apache File Manager Unauthorized Access Vulnerability
CVE ID : CVE-2025-58304
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58304
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...