Total
9301 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43323 | 1 Apple | 5 Ipados, Iphone Os, Tvos and 2 more | 2025-11-04 | N/A | 8.1 HIGH |
| This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 26, tvOS 26, iOS 26 and iPadOS 26, watchOS 26. An app may be able to fingerprint the user. | |||||
| CVE-2025-43378 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2. An app may be able to access sensitive user data. | |||||
| CVE-2025-43391 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data. | |||||
| CVE-2025-43345 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-04 | N/A | 5.5 MEDIUM |
| A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7, visionOS 26, iOS 18.7 and iPadOS 18.7. An app may be able to access sensitive user data. | |||||
| CVE-2025-43479 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data. | |||||
| CVE-2025-43495 | 1 Apple | 2 Ipados, Iphone Os | 2025-11-04 | N/A | 5.4 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to monitor keystrokes without user permission. | |||||
| CVE-2025-43411 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
| This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access user-sensitive data. | |||||
| CVE-2015-7928 | 1 Ewon | 1 Ewon Firmware | 2025-11-04 | 5.0 MEDIUM | 8.5 HIGH |
| eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2025-11998 | 2025-11-04 | N/A | N/A | ||
| The following HP Card Readers B Models (X3D03B & Y7C05B) are potentially vulnerable to information disclosure, allowing prior user identity to be inherited under certain conditions —e.g., when an NFC device (such as a smartphone/smartwatches) is in proximity during a card swipe event. | |||||
| CVE-2025-34272 | 2025-11-04 | N/A | N/A | ||
| In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view. Depending on the product's dashboard sharing and access policies, this behavior may cause information exposure or unexpected privilege exposure. | |||||
| CVE-2025-12616 | 2025-11-04 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used. | |||||
| CVE-2025-12521 | 2025-11-04 | N/A | 5.3 MEDIUM | ||
| The Analytify Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0.3 via the Analytify Tag HTML details. This makes it possible for unauthenticated attackers to extract usernames from source code. While we generally do not assign CVE IDs to username exposure issues, this vendor has specifically requested we consider it a vulnerability. | |||||
| CVE-2025-29270 | 2025-11-04 | N/A | 10.0 CRITICAL | ||
| Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device. | |||||
| CVE-2025-11377 | 2025-11-04 | N/A | 4.3 MEDIUM | ||
| The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | |||||
| CVE-2025-60892 | 2025-11-04 | N/A | 6.8 MEDIUM | ||
| An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. The imager's 'public-key authentication' setting unintentionally re-adds a user's id_rsa.pub key from their local Windows machine to the authorized_keys file on the Raspberry Pi, even after the user explicitly deletes the key from the user interface. This creates an unintended attack surface, as it could allow an attacker to use a different key than the intended one to login to the device. | |||||
| CVE-2025-11983 | 2025-11-04 | N/A | 4.3 MEDIUM | ||
| The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials (Api-Key and Api-Username headers) to any host specified in a post's discourse_permalink custom field during comment synchronization. This makes it possible for authenticated attackers, with author-level access and above, to exfiltrate sensitive Discourse API credentials to attacker-controlled servers, as well as query internal services and potentially perform further attacks. | |||||
| CVE-2025-43367 | 1 Apple | 1 Macos | 2025-11-04 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Sonoma 14.8. An app may be able to access protected user data. | |||||
| CVE-2025-43362 | 1 Apple | 2 Ipados, Iphone Os | 2025-11-04 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26, iOS 18.7 and iPadOS 18.7. An app may be able to monitor keystrokes without user permission. | |||||
| CVE-2024-8929 | 1 Php | 1 Php | 2025-11-03 | N/A | 5.8 MEDIUM |
| In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server. | |||||
| CVE-2024-45624 | 2025-11-03 | N/A | 7.5 HIGH | ||
| Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved. | |||||