Total
316927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-63453 | 2025-11-04 | N/A | 9.8 CRITICAL | ||
| Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php. | |||||
| CVE-2025-63294 | 2025-11-04 | N/A | 6.5 MEDIUM | ||
| WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users. | |||||
| CVE-2025-60785 | 2025-11-04 | N/A | 8.8 HIGH | ||
| A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2025-50739 | 2025-11-04 | N/A | 9.8 CRITICAL | ||
| iib0011 omni-tools v0.4.0 is vulnerable to remote code execution via unsafe JSON deserialization. | |||||
| CVE-2025-50736 | 2025-11-04 | N/A | 6.1 MEDIUM | ||
| An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for phishing attacks or to bypass security filters. | |||||
| CVE-2025-50574 | 2025-11-04 | N/A | 6.1 MEDIUM | ||
| Cross-site scripting (XSS) vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter. | |||||
| CVE-2025-43426 | 2025-11-04 | N/A | 5.5 MEDIUM | ||
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to access sensitive user data. | |||||
| CVE-2025-43423 | 2025-11-04 | N/A | 2.0 LOW | ||
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, visionOS 26.1. An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging. | |||||
| CVE-2025-43422 | 2025-11-04 | N/A | 4.6 MEDIUM | ||
| The issue was addressed by adding additional logic. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a device may be able to disable Stolen Device Protection. | |||||
| CVE-2025-43419 | 2025-11-04 | N/A | 8.8 HIGH | ||
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. Processing maliciously crafted web content may lead to memory corruption. | |||||
| CVE-2025-43414 | 2025-11-04 | N/A | 6.2 MEDIUM | ||
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app. | |||||
| CVE-2025-20737 | 2025-11-04 | N/A | 7.8 HIGH | ||
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00435343; Issue ID: MSV-4040. | |||||
| CVE-2025-20735 | 2025-11-04 | N/A | 7.8 HIGH | ||
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00435349; Issue ID: MSV-4051. | |||||
| CVE-2025-20733 | 2025-11-04 | N/A | 7.8 HIGH | ||
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00441509; Issue ID: MSV-4138. | |||||
| CVE-2025-20730 | 2025-11-04 | N/A | 6.7 MEDIUM | ||
| In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10068463; Issue ID: MSV-4141. | |||||
| CVE-2025-20728 | 2025-11-04 | N/A | 7.8 HIGH | ||
| In wlan STA driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00447115; Issue ID: MSV-4276. | |||||
| CVE-2025-20727 | 2025-11-04 | N/A | 7.5 HIGH | ||
| In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623. | |||||
| CVE-2025-20726 | 2025-11-04 | N/A | 7.5 HIGH | ||
| In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622. | |||||
| CVE-2025-20725 | 2025-11-04 | N/A | 7.5 HIGH | ||
| In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01671924; Issue ID: MSV-4620. | |||||
| CVE-2023-2088 | 1 Redhat | 1 Openstack | 2025-11-04 | N/A | 6.5 MEDIUM |
| A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality. | |||||