Total
316927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11954 | 1 Pimcore | 1 Pimcore | 2025-11-04 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic was found in Pimcore 11.4.2. Affected by this vulnerability is an unknown functionality of the component Search Document. The manipulation leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-11956 | 1 Pimcore | 1 Pimcore | 2025-11-04 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-0477 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2025-11-04 | N/A | 9.8 CRITICAL |
| An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to a weak encryption methodology and could allow a threat actor to extract passwords belonging to other users of the application. | |||||
| CVE-2025-0497 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2025-11-04 | N/A | 9.8 CRITICAL |
| A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to storing credentials in the configuration file of EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages. | |||||
| CVE-2025-0498 | 1 Rockwellautomation | 1 Factorytalk Assetcentre | 2025-11-04 | N/A | 9.8 CRITICAL |
| A data exposure vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. The vulnerability exists due to insecure storage of FactoryTalk® Security user tokens, which could allow a threat actor to steal a token and, impersonate another user. | |||||
| CVE-2025-61956 | 2025-11-04 | N/A | 10.0 CRITICAL | ||
| Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning. | |||||
| CVE-2025-61945 | 2025-11-04 | N/A | 10.0 CRITICAL | ||
| Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weather forecasting and flight safety. This unauthorized access could result in the disabling of vital alerts, causing hazardous conditions for aircraft, and manipulating runway assignments, which could result in mid-air conflicts or runway incursions. | |||||
| CVE-2025-60925 | 2025-11-04 | N/A | 5.3 MEDIUM | ||
| codeshare v1.0.0 was discovered to contain an information leakage vulnerability. | |||||
| CVE-2025-54863 | 2025-11-04 | N/A | 10.0 CRITICAL | ||
| Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could potentially compromise airport operations. Additionally, attackers could flood the system with false alerts, leading to a denial-of-service condition and significant disruption to airport operations. Unauthorized remote control over aviation weather monitoring and data manipulation could result in incorrect flight planning and hazardous takeoff and landing conditions. | |||||
| CVE-2025-54330 | 2025-11-04 | N/A | 5.3 MEDIUM | ||
| An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Out-of-bounds Read of q->bufs[] in the __is_done_for_me function. | |||||
| CVE-2025-54329 | 2025-11-04 | N/A | 7.5 HIGH | ||
| An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to send a multiple-payloads message (including an SMS message) lacks bounds checking, which can lead to a heap overflow. | |||||
| CVE-2025-45663 | 2025-11-04 | N/A | 6.5 MEDIUM | ||
| An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure. | |||||
| CVE-2025-43430 | 2025-11-04 | N/A | 4.3 MEDIUM | ||
| This issue was addressed through improved state management. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2025-43427 | 2025-11-04 | N/A | 4.3 MEDIUM | ||
| This issue was addressed through improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, tvOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2025-43424 | 2025-11-04 | N/A | 7.5 HIGH | ||
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. A malicious HID device may cause an unexpected process crash. | |||||
| CVE-2025-43421 | 2025-11-04 | N/A | 4.3 MEDIUM | ||
| Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2025-29699 | 2025-11-04 | N/A | 6.5 MEDIUM | ||
| NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_content function. | |||||
| CVE-2024-8878 | 1 Riello-ups | 2 Netman 204, Netman 204 Firmware | 2025-11-04 | N/A | 9.8 CRITICAL |
| The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05. | |||||
| CVE-2024-8877 | 1 Riello-ups | 2 Netman 204, Netman 204 Firmware | 2025-11-04 | N/A | 9.8 CRITICAL |
| Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05. | |||||
| CVE-2024-8504 | 2025-11-04 | N/A | 8.8 HIGH | ||
| An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. | |||||