CVE-2025-64313 - "Microsoft Office DoS Vulnerability"
CVE ID : CVE-2025-64313
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64313
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64314 - Cisco Memory Management Permission Control Vulnerability
CVE ID : CVE-2025-64314
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the memory management module. Impact: Successful exploitation of this vulnerability may affect confidentiality.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64314
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Permission control vulnerability in the memory management module. Impact: Successful exploitation of this vulnerability may affect confidentiality.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64315 - Apache File Manager Configuration Defect Remote File Inclusion Vulnerability
CVE ID : CVE-2025-64315
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Configuration defect vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64315
Published : Nov. 28, 2025, 3:16 a.m. | 1 hour, 57 minutes ago
Description : Configuration defect vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13737 - Nextend Social Login and Register <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login
CVE ID : CVE-2025-13737
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink the user's social login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13737
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink the user's social login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58302 - "Acme Settings Module Unsecured Configuration"
CVE ID : CVE-2025-58302
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58302
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58304 - Apache File Manager Unauthorized Access Vulnerability
CVE ID : CVE-2025-58304
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58304
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58305 - Gallery App Authentication Bypass
CVE ID : CVE-2025-58305
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Identity authentication bypass vulnerability in the Gallery app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58305
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Identity authentication bypass vulnerability in the Gallery app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58308 - Apache Call Module Authentication Bypass Vulnerability
CVE ID : CVE-2025-58308
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Vulnerability of improper criterion security check in the call module. Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58308
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Vulnerability of improper criterion security check in the call module. Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58311 - "USB Driver Uninitialized Free Memory UAF Vulnerability"
CVE ID : CVE-2025-58311
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : UAF vulnerability in the USB driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58311
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : UAF vulnerability in the USB driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64312 - Apache File Manager Unauthenticated File Access Vulnerability
CVE ID : CVE-2025-64312
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64312
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66370 - Kivitendo XXE Filesystem Exfiltration
CVE ID : CVE-2025-66370
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66370
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66371 - Peppol-py XXE File Disclosure Vulnerability
CVE ID : CVE-2025-66371
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66371
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66372 - Mustang XML External Entity (XXE) Exfiltration Vulnerability
CVE ID : CVE-2025-66372
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Mustang before 2.16.3 allows exfiltrating files via XXE attacks.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66372
Published : Nov. 28, 2025, 4:16 a.m. | 57 minutes ago
Description : Mustang before 2.16.3 allows exfiltrating files via XXE attacks.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66382 - Apache libexpat XML Entity Expansion Denial of Service
CVE ID : CVE-2025-66382
Published : Nov. 28, 2025, 7:15 a.m. | 1 hour, 58 minutes ago
Description : In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66382
Published : Nov. 28, 2025, 7:15 a.m. | 1 hour, 58 minutes ago
Description : In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66384 - MISP File Upload Validation Bypass
CVE ID : CVE-2025-66384
Published : Nov. 28, 2025, 7:15 a.m. | 1 hour, 58 minutes ago
Description : app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66384
Published : Nov. 28, 2025, 7:15 a.m. | 1 hour, 58 minutes ago
Description : app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66385 - Cerebrate Privilege Escalation Vulnerability
CVE ID : CVE-2025-66385
Published : Nov. 28, 2025, 7:15 a.m. | 1 hour, 58 minutes ago
Description : UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a higher role such as admin) via the user-edit endpoint by supplying or modifying role_id or organisation_id fields in the edit request.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66385
Published : Nov. 28, 2025, 7:15 a.m. | 1 hour, 58 minutes ago
Description : UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a higher role such as admin) via the user-edit endpoint by supplying or modifying role_id or organisation_id fields in the edit request.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66386 - MISP Path Traversal Vulnerability
CVE ID : CVE-2025-66386
Published : Nov. 28, 2025, 7:15 a.m. | 1 hour, 58 minutes ago
Description : app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66386
Published : Nov. 28, 2025, 7:15 a.m. | 1 hour, 58 minutes ago
Description : app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13768 - Uniong|WebITR - Authorization Bypass
CVE ID : CVE-2025-13768
Published : Nov. 28, 2025, 8:15 a.m. | 58 minutes ago
Description : WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13768
Published : Nov. 28, 2025, 8:15 a.m. | 58 minutes ago
Description : WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13769 - Uniong|WebITR - SQL Injection
CVE ID : CVE-2025-13769
Published : Nov. 28, 2025, 8:15 a.m. | 58 minutes ago
Description : WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13769
Published : Nov. 28, 2025, 8:15 a.m. | 58 minutes ago
Description : WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13770 - Uniong|WebITR - SQL Injection
CVE ID : CVE-2025-13770
Published : Nov. 28, 2025, 8:15 a.m. | 58 minutes ago
Description : WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13770
Published : Nov. 28, 2025, 8:15 a.m. | 58 minutes ago
Description : WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13771 - Uniong|WebITR - Arbitrary File Read
CVE ID : CVE-2025-13771
Published : Nov. 28, 2025, 8:15 a.m. | 58 minutes ago
Description : WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13771
Published : Nov. 28, 2025, 8:15 a.m. | 58 minutes ago
Description : WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...