Total
319108 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10571 | 2025-11-21 | 9.6 Critical | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1. | ||||
| CVE-2025-64770 | 2025-11-21 | 6.8 Medium | ||
| The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information. | ||||
| CVE-2025-64684 | 1 Jetbrains | 1 Youtrack | 2025-11-21 | 4.5 Medium |
| In JetBrains YouTrack before 2025.3.104432 information disclosure was possible via the feedback form | ||||
| CVE-2025-64685 | 1 Jetbrains | 1 Youtrack | 2025-11-21 | 8.1 High |
| In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure | ||||
| CVE-2025-64686 | 1 Jetbrains | 1 Youtrack | 2025-11-21 | 3.1 Low |
| In JetBrains YouTrack before 2025.3.104432 missing user principal cleanup led to reuse of incorrect authorization context | ||||
| CVE-2025-62674 | 2025-11-21 | 6.8 Medium | ||
| The affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP) services, which may allow an attacker unauthorized access to camera configuration information. | ||||
| CVE-2025-13087 | 2025-11-21 | 6.2 Medium | ||
| A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint, the application reads certain header details and unsafely uses these values to build commands, allowing an attacker with administrative privileges to inject arbitrary commands that execute as root. | ||||
| CVE-2025-64687 | 1 Jetbrains | 1 Youtrack | 2025-11-21 | 5.4 Medium |
| In JetBrains YouTrack before 2025.3.104432 improper access control allowed modify MCP tool logic | ||||
| CVE-2025-64688 | 1 Jetbrains | 1 Youtrack | 2025-11-21 | 7.4 High |
| In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation allowed delegation to unauthorized repositories from the Junie widget | ||||
| CVE-2025-36072 | 1 Ibm | 1 Webmethods Integration | 2025-11-21 | 8.8 High |
| IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused by the deserialization of untrusted object graphs data. | ||||
| CVE-2025-64689 | 1 Jetbrains | 1 Youtrack | 2025-11-21 | 9.6 Critical |
| In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure of the global Junie token | ||||
| CVE-2021-4464 | 1 Fiberhome | 4 An5506-04-fa, An5506-04-fa Firmware, Hg6245d and 1 more | 2025-11-21 | N/A |
| FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service ('webs') fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun, leading to a crash or potential control of execution flow. | ||||
| CVE-2025-12862 | 1 Projectworlds | 1 Online Notes Sharing Platform | 2025-11-21 | 6.3 Medium |
| A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/userprofile.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be performed from remote. The exploit is publicly available and might be used. | ||||
| CVE-2025-12923 | 1 1000mz | 1 Chestnutcms | 2025-11-21 | 2.7 Low |
| A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2015-10142 | 1 Sitecore | 3 Cms, Experience Platform, Sitecore | 2025-11-21 | N/A |
| Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 (rev. 141226) and prior to 7.5 Update-1 (rev. 150130) contain a vulnerability that may allow an attacker to download files under the web root of the site when the name of the file is already known via a specially-crafted URL. Affected files do not include .config, .aspx or .cs files. The issue does not allow for directory browsing. | ||||
| CVE-2025-66059 | 2025-11-21 | 5.3 Medium | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0. | ||||
| CVE-2025-66057 | 2025-11-21 | 6.3 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through <= 5.5.2. | ||||
| CVE-2025-66056 | 2025-11-21 | 4.3 Medium | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through < 6.10.0. | ||||
| CVE-2025-66055 | 2025-11-21 | 7.2 High | ||
| Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through <= 5.9.10. | ||||
| CVE-2025-66053 | 2025-11-21 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold enfold allows Stored XSS.This issue affects Enfold: from n/a through <= 7.1.2. | ||||