Total
33315 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43422 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2025-11-05 | 4.6 Medium |
| The issue was addressed by adding additional logic. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a device may be able to disable Stolen Device Protection. | ||||
| CVE-2025-12616 | 1 Phpgurukul | 1 News Portal | 2025-11-05 | 3.7 Low |
| A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used. | ||||
| CVE-2025-25005 | 1 Microsoft | 1 Exchange Server | 2025-11-04 | 6.5 Medium |
| Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. | ||||
| CVE-2025-53781 | 1 Microsoft | 25 Azure, Azure Virtual Machine, Dcadsv5-series Azure Vm and 22 more | 2025-11-04 | 7.7 High |
| Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-33051 | 1 Microsoft | 1 Exchange Server | 2025-11-04 | 7.5 High |
| Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-55673 | 1 Apache | 1 Superset | 2025-11-04 | 4.3 Medium |
| When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. This issue affects Apache Superset: before 4.1.3. Users are recommended to upgrade to version 4.1.3, which fixes the issue. | ||||
| CVE-2025-48913 | 1 Apache | 1 Cxf | 2025-11-04 | 9.8 Critical |
| If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue. | ||||
| CVE-2025-46647 | 1 Apache | 2 Apache Apisix, Apisix | 2025-11-04 | 5.3 Medium |
| A vulnerability of plugin openid-connect in Apache APISIX. This vulnerability will only have an impact if all of the following conditions are met: 1. Use the openid-connect plugin with introspection mode 2. The auth service connected to openid-connect provides services to multiple issuers 3. Multiple issuers share the same private key and relies only on the issuer being different If affected by this vulnerability, it would allow an attacker with a valid account on one of the issuers to log into the other issuer. This issue affects Apache APISIX: until 3.12.0. Users are recommended to upgrade to version 3.12.0 or higher. | ||||
| CVE-2025-43228 | 1 Apple | 4 Ios, Ipados, Iphone Os and 1 more | 2025-11-04 | 4.3 Medium |
| The issue was addressed with improved UI. This issue is fixed in iOS 18.6 and iPadOS 18.6, Safari 18. 6. Visiting a malicious website may lead to address bar spoofing. | ||||
| CVE-2024-43115 | 1 Apache | 1 Dolphinscheduler | 2025-11-04 | 8.8 High |
| Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue. | ||||
| CVE-2024-3651 | 2 Kjd, Redhat | 8 Internationalized Domain Names In Applications, Ansible Automation Platform, Enterprise Linux and 5 more | 2025-11-04 | 7.5 High |
| A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size. | ||||
| CVE-2024-36041 | 1 Kde | 1 Plasma-workspace | 2025-11-04 | 7.3 High |
| KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory. | ||||
| CVE-2024-35164 | 1 Apache | 1 Guacamole | 2025-11-04 | 6.8 Medium |
| The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.6.0, which fixes this issue. | ||||
| CVE-2024-26651 | 1 Linux | 1 Linux Kernel | 2025-11-04 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to transfer the error. | ||||
| CVE-2024-23301 | 4 Fedoraproject, Redhat, Relax-and-recover and 1 more | 4 Fedora, Enterprise Linux, Relax-and-recover and 1 more | 2025-11-04 | 5.5 Medium |
| Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. | ||||
| CVE-2024-22368 | 1 Tozt | 1 Spreadsheet\ | 2025-11-04 | 5.5 Medium |
| The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells. | ||||
| CVE-2023-44487 | 32 Akka, Amazon, Apache and 29 more | 367 Http Server, Opensearch Data Prepper, Apisix and 364 more | 2025-11-04 | 7.5 High |
| The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | ||||
| CVE-2023-42465 | 2 Redhat, Sudo Project | 4 Enterprise Linux, Openshift Data Foundation, Rhel Eus and 1 more | 2025-11-04 | 7.0 High |
| Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. | ||||
| CVE-2023-5870 | 2 Postgresql, Redhat | 22 Postgresql, Advanced Cluster Security, Codeready Linux Builder Eus and 19 more | 2025-11-04 | 2.2 Low |
| A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack. | ||||
| CVE-2023-48654 | 1 Oneidentity | 1 Password Manager | 2025-11-04 | 9.8 Critical |
| One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the Google ReCAPTCHA section, click on the Privacy link, observe that there is a new browser window, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM. | ||||