Total
317580 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-7319 | 1 Nagios | 1 Network Analyzer | 2025-11-07 | 5.4 Medium |
| Nagios Network Analyzer versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Percentile Calculator menu. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2025-64163 | 1 Dataease | 1 Dataease | 2025-11-07 | 9.8 Critical |
| DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection for the dns:// protocol results in an SSRF vulnerability. This issue is fixed in version 2.10.15. | ||||
| CVE-2025-43418 | 1 Apple | 4 Ios, Ipad Os, Ipados and 1 more | 2025-11-07 | 4.6 Medium |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An attacker with physical access to a locked device may be able to view sensitive user information. | ||||
| CVE-2025-31954 | 1 Hcltech | 2 Dryice Iautomate, Iautomate | 2025-11-07 | 5.4 Medium |
| HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see. | ||||
| CVE-2025-30479 | 1 Dell | 1 Cloudlink | 2025-11-07 | 8.4 High |
| Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system. | ||||
| CVE-2025-64184 | 1 Webcomics | 1 Dosage | 2025-11-07 | 8.8 High |
| Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic (page URL, image URL, page content, etc.). While the basename is properly stripped of directory-traversing characters, the file extension is taken from the HTTP Content-Type header. This allows a remote attacker (or a Man-in-the-Middle, if the comic is served over HTTP) to write arbitrary files outside the target directory (if additional conditions are met). This issue is fixed in version 3.2. | ||||
| CVE-2023-43000 | 1 Apple | 7 Ios, Ipad Os, Ipados and 4 more | 2025-11-07 | 8.8 High |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6. Processing maliciously crafted web content may lead to memory corruption. | ||||
| CVE-2025-46424 | 1 Dell | 1 Cloudlink | 2025-11-07 | 6.7 Medium |
| Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. A high privileged attacker could potentially exploit this vulnerability leading to Denial of service. | ||||
| CVE-2025-12789 | 1 Redhat | 1 Red Hat Single Sign On | 2025-11-07 | 6.1 Medium |
| A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that occurs during the logout process. The redirect_uri parameter associated with the openid-connect logout protocol does not properly validate the provided URL. | ||||
| CVE-2025-46366 | 1 Dell | 1 Cloudlink | 2025-11-07 | 6.7 Medium |
| Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential information. | ||||
| CVE-2025-64187 | 1 Octoprint | 1 Octoprint | 2025-11-07 | N/A |
| OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into Action Command notifications and prompts popups generated by the printer. An attacker who successfully convinces a victim to print a specially crafted file could exploit this issue to disrupt ongoing prints, extract information (including sensitive configuration settings, if the targeted user has the necessary permissions for that), or perform other actions on behalf of the targeted user within the OctoPrint instance. This issue is fixed in version 1.11.4. | ||||
| CVE-2025-46365 | 1 Dell | 1 Cloudlink | 2025-11-07 | 5.3 Medium |
| Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink. | ||||
| CVE-2025-58725 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1507 and 17 more | 2025-11-07 | 7 High |
| Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-46364 | 1 Dell | 1 Cloudlink | 2025-11-07 | 9.1 Critical |
| Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system. | ||||
| CVE-2025-58729 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1507 and 19 more | 2025-11-07 | 6.5 Medium |
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-45379 | 1 Dell | 1 Cloudlink | 2025-11-07 | 8.4 High |
| Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system. | ||||
| CVE-2025-59184 | 1 Microsoft | 6 Windows Server, Windows Server 2016, Windows Server 2019 and 3 more | 2025-11-07 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-45378 | 1 Dell | 1 Cloudlink | 2025-11-07 | 9.1 Critical |
| Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials of server, attack is possible through network with known privileged user/password. | ||||
| CVE-2025-64323 | 1 Kgateway | 1 Kgateway | 2025-11-07 | 5.3 Medium |
| kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster metadata. This issue is solved in versions 2.0.5 and 2.1.0. | ||||
| CVE-2025-11832 | 2 Azure-access, Azure Access Technology | 6 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 3 more | 2025-11-07 | 9.8 Critical |
| Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | ||||