Total
316927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6558 | 3 Apple, Debian, Google | 8 Ipados, Iphone Os, Macos and 5 more | 2025-11-04 | N/A | 8.8 HIGH |
| Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-6491 | 1 Php | 1 Php | 2025-11-04 | N/A | 5.9 MEDIUM |
| In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server. | |||||
| CVE-2025-6395 | 2025-11-04 | N/A | 6.5 MEDIUM | ||
| A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). | |||||
| CVE-2025-6018 | 1 Suse | 1 Pam-config | 2025-11-04 | N/A | 7.8 HIGH |
| A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over system configurations, services, or other sensitive operations. | |||||
| CVE-2025-64322 | 2025-11-04 | N/A | 5.3 MEDIUM | ||
| Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.2.0. | |||||
| CVE-2025-64321 | 2025-11-04 | N/A | 5.3 MEDIUM | ||
| Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.2.0. | |||||
| CVE-2025-64320 | 2025-11-04 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0. | |||||
| CVE-2025-64319 | 2025-11-04 | N/A | 5.3 MEDIUM | ||
| Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6. | |||||
| CVE-2025-64318 | 2025-11-04 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6. | |||||
| CVE-2025-64150 | 1 Jenkins | 1 Publish To Bitbucket | 2025-11-04 | N/A | 5.4 MEDIUM |
| A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2025-64149 | 1 Jenkins | 1 Publish To Bitbucket | 2025-11-04 | N/A | 5.4 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2025-64148 | 1 Jenkins | 1 Publish To Bitbucket | 2025-11-04 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2025-64147 | 1 Jenkins | 1 Curseforge Publisher | 2025-11-04 | N/A | 4.3 MEDIUM |
| Jenkins Curseforge Publisher Plugin 1.0 does not mask API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2025-64146 | 1 Jenkins | 1 Curseforge Publisher | 2025-11-04 | N/A | 4.3 MEDIUM |
| Jenkins Curseforge Publisher Plugin 1.0 stores API Keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2025-64145 | 1 Jenkins | 1 Byteguard Build Actions | 2025-11-04 | N/A | 4.3 MEDIUM |
| Jenkins ByteGuard Build Actions Plugin 1.0 does not mask API tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | |||||
| CVE-2025-64144 | 1 Jenkins | 1 Byteguard Build Actions | 2025-11-04 | N/A | 4.3 MEDIUM |
| Jenkins ByteGuard Build Actions Plugin 1.0 stores API tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2025-64143 | 1 Jenkins | 1 Openshift Pipeline | 2025-11-04 | N/A | 4.3 MEDIUM |
| Jenkins OpenShift Pipeline Plugin 1.0.57 and earlier stores authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to the Jenkins controller file system. | |||||
| CVE-2025-64142 | 1 Jenkins | 1 Nexus Task Runner | 2025-11-04 | N/A | 4.3 MEDIUM |
| A missing permission check in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2025-64141 | 1 Jenkins | 1 Nexus Task Runner | 2025-11-04 | N/A | 4.3 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Task Runner Plugin 0.9.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
| CVE-2025-64140 | 2025-11-04 | N/A | 8.8 HIGH | ||
| Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands. | |||||