The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
11/17/2025 02:00 PM EST
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| leopardhost–TNC Toolbox: Web Performance | The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials (hostname, username, and API key) in files within the web-accessible wp-content directory without adequate protection in the “Tnc_Wp_Toolbox_Settings:: |
2025-11-11 | 10 | CVE-2025-12539 | https://www.wordfence.com/ https://github.com/The- |
| IBM–AIX | IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346. | 2025-11-13 | 10 | CVE-2025-36250 | https://www.ibm.com/support/ |
| SAP_SE–SQL Anywhere Monitor (Non-Gui) | SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system. | 2025-11-11 | 10 | CVE-2025-42890 | https://me.sap.com/notes/ https://url.sap/ |
| General Industrial Controls–Lynx+ Gateway | General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device. | 2025-11-14 | 10 | CVE-2025-58083 | https://www.cisa.gov/news- https://github.com/cisagov/ |
| kddiwebcommunications–WP for CPI | The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the Cpiwm_Import_Controller:: |
2025-11-11 | 9.8 | CVE-2025-11170 | https://www.wordfence.com/ https://wordpress.org/plugins/ |
| easycommerce–EasyCommerce AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin | The EasyCommerce – AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.5.0. This is due to the /easycommerce/v1/orders REST API endpoint not properly restricting the ability for users to select roles during registration. This makes it possible for unauthenticated attackers to gain administrator-level access to a vulnerable site. | 2025-11-11 | 9.8 | CVE-2025-11457 | https://www.wordfence.com/ https://wordpress.org/plugins/ |
| TrioFox–TrioFox | Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete. | 2025-11-10 | 9.1 | CVE-2025-12480 | https://github.com/mandiant/ https://www.triofox.com/ https://access.triofox.com/ https://cloud.google.com/blog/ |
| pgadmin.org–pgAdmin 4 | pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data. | 2025-11-13 | 9.1 | CVE-2025-12762 | https://github.com/pgadmin- |
| strix-bubol5–Holiday class post calendar | The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.1 via the ‘contents’ parameter. This is due to a lack of sanitization of user-supplied data when creating a cache file. This makes it possible for unauthenticated attackers to execute code on the server. | 2025-11-11 | 9.8 | CVE-2025-12813 | https://www.wordfence.com/ https://plugins.trac. |
| Hundred Plus–EIP Plus | EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the ‘forgot password’ link, thereby successfully resetting any user’s password. | 2025-11-10 | 9.8 | CVE-2025-12866 | https://www.twcert.org.tw/tw/ https://www.twcert.org.tw/en/ |
| CyberTutor–New Site Server | New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the website. | 2025-11-10 | 9.8 | CVE-2025-12868 | https://www.twcert.org.tw/tw/ https://www.twcert.org.tw/en/ |
| aEnrich–a+HRD | The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges. | 2025-11-12 | 9.8 | CVE-2025-12870 | https://www.twcert.org.tw/tw/ https://www.twcert.org.tw/en/ |
| aEnrich–a+HRD | The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges. | 2025-11-12 | 9.8 | CVE-2025-12871 | https://www.twcert.org.tw/tw/ https://www.twcert.org.tw/en/ |
| Avast–(Free/Premiium/ |
Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via pool overflow. | 2025-11-11 | 9.9 | CVE-2025-13032 | https://www.gendigital.com/us/ |
| D-Link–DIR-816L | A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-11-14 | 9.8 | CVE-2025-13188 | VDB-332476 | D-Link DIR-816L authentication.cgi authenticationcgi_main stack-based overflow VDB-332476 | CTI Indicators (IOB, IOC, IOA) Submit #685538 | D-Link DIR-816L DIR816L_REVB_FW_2_06_b09_beta Stack-based Buffer Overflow https://github.com/scanleale/ https://www.dlink.com/ |
| IBM–AIX | IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques. | 2025-11-13 | 9 | CVE-2025-36096 | https://www.ibm.com/support/ |
| IBM–AIX | IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347. | 2025-11-13 | 9.6 | CVE-2025-36251 | https://www.ibm.com/support/ |
| SAP_SE–SAP Solution Manager | Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availability of the system. | 2025-11-11 | 9.9 | CVE-2025-42887 | https://me.sap.com/notes/ https://url.sap/ |
| Dell–Data Lakehouse | Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. This vulnerability is considered Critical, as it may result in unauthorized access with elevated privileges, compromising system integrity and customer data. Dell recommends customers upgrade to the latest version at the earliest opportunity. | 2025-11-12 | 9.1 | CVE-2025-46608 | https://www.dell.com/support/ |
| Microsoft–Microsoft Office LTSC for Mac 2021 | Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. | 2025-11-11 | 9.8 | CVE-2025-60724 | GDI+ Remote Code Execution Vulnerability |
| Fortinet–FortiWeb | A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. | 2025-11-14 | 9.1 | CVE-2025-64446 | https://fortiguard.fortinet. |
| charmbracelet–soft-serve | Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. Version 0.11.1 fixes the vulnerability. | 2025-11-10 | 9.1 | CVE-2025-64522 | https://github.com/ https://github.com/ https://github.com/ |
| JetBrains–YouTrack | In JetBrains YouTrack before 2025.3.104432 misconfiguration in the Junie could lead to exposure of the global Junie token | 2025-11-10 | 9.6 | CVE-2025-64689 | https://www.jetbrains.com/ |
| baptisteArno–typebot.io | Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery (SSRF) vulnerability in the Typebot webhook block (HTTP Request component) functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance Metadata Service (IMDS). By bypassing IMDSv2 protection through custom header injection, attackers can extract temporary AWS IAM credentials for the EKS node role, leading to complete compromise of the Kubernetes cluster and associated AWS infrastructure. Version 3.13.1 fixes the issue. | 2025-11-13 | 9.6 | CVE-2025-64709 | https://github.com/ |
| Zohocorp–ManageEngine Analytics Plus | Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration. | 2025-11-11 | 9.8 | CVE-2025-8324 | https://www.manageengine.com/ |
| Siemens–Spectrum Power 4 | A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application user. | 2025-11-11 | 8.8 | CVE-2024-32011 | https://cert-portal.siemens. |
| Axis Communications AB–AXIS Optimizer | AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the attacker has access to the local Windows machine and sufficient access rights (administrator) to write data into the installation path of AXIS Optimizer. | 2025-11-11 | 8.4 | CVE-2025-10714 | https://www.axis.com/dam/ |
| mvirik–Mementor Core | The Mementor Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.5. This is due to plugin not properly handling the user switch back function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges by accessing an administrator account through the switch back functionality. | 2025-11-11 | 8.8 | CVE-2025-11168 | https://www.wordfence.com/ http://plugins.trac.wordpress. https://wordpress.org/plugins/ |
| astrasecuritysuite–Astra Security Suite Firewall & Malware Scan | The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient validation of remote URLs for zip downloads and an easily guessable key in all versions up to, and including, 0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-11-11 | 8.1 | CVE-2025-11521 | https://www.wordfence.com/ https://wordpress.org/plugins/ |
| chrisbadgett–LifterLMS WP LMS for eLearning, Online Courses, & Quizzes | The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating a user’s identity prior to allowing them to modify their own role via the REST API. The permission check in the update_item_permissions_check( |
2025-11-13 | 8.8 | CVE-2025-11923 | https://www.wordfence.com/ https://plugins.trac. https://plugins.trac. https://plugins.trac. |
| Premierturk Information Technologies Inc.–Excavation Management Information System | Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting, Functionality Misuse.This issue affects Excavation Management Information System: before v.10.2025.01. | 2025-11-11 | 8.1 | CVE-2025-11959 | https://www.usom.gov.tr/ |
| n/a–cloudinary | Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing security checks, altering data, or manipulating the application’s behavior. **Note:** Following our established security policy, we attempted to contact the maintainer regarding this vulnerability, but haven’t received a response. | 2025-11-10 | 8.6 | CVE-2025-12613 | https://security.snyk.io/vuln/ https://github.com/cloudinary/ https://github.com/cloudinary/ |
| koopersmith–Elastic Theme Editor | The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the process_theme function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-11-11 | 8.8 | CVE-2025-12637 | https://www.wordfence.com/ https://plugins.trac. |
| wpallimport–Import any XML, CSV or Excel File to WordPress | The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.9.6. This is due to the use of eval() on unsanitized user-supplied input in the pmxi_if function within helpers/functions.php. This makes it possible for authenticated attackers, with import capabilities (typically administrators), to inject and execute arbitrary PHP code on the server via crafted import templates. This can lead to remote code execution. | 2025-11-13 | 8.8 | CVE-2025-12733 | https://www.wordfence.com/ https://plugins.trac. https://plugins.trac. |
| creativethemeshq–Blocksy Companion | The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. This is due to insufficient file type validation detecting SVG files, allowing double extension files to bypass sanitization while being accepted as a valid SVG file. This makes it possible for authenticated attackers, with author level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2025-11-11 | 8.8 | CVE-2025-12846 | https://www.wordfence.com/ https://plugins.trac. |
| e-Excellence–U-Office Force | U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents. | 2025-11-10 | 8.8 | CVE-2025-12864 | https://www.twcert.org.tw/tw/ https://www.twcert.org.tw/en/ |
| e-Excellence–U-Office Force | U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents. | 2025-11-10 | 8.8 | CVE-2025-12865 | https://www.twcert.org.tw/tw/ https://www.twcert.org.tw/en/ |
| AWS–JDBC Wrapper | An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. We recommend customers upgrade to the following versions: AWS JDBC Wrapper to v2.6.5, AWS Go Wrapper to 2025-10-17, AWS NodeJS Wrapper to v2.0.1, AWS Python Wrapper to v1.4.0 and AWS PGSQL ODBC driver to v1.0.1 | 2025-11-10 | 8 | CVE-2025-12967 | https://aws.amazon.com/ https://github.com/aws/aws- https://github.com/aws/aws- https://github.com/aws/aws- https://github.com/aws/aws- https://github.com/aws/aws- https://github.com/aws/aws- https://github.com/aws/aws- https://github.com/aws/aws- https://github.com/aws/aws- https://github.com/aws/aws- |
| D-Link–DIR-816L | A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. This affects the function genacgi_main of the file gena.cgi. The manipulation of the argument SERVER_ID/HTTP_SID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-11-15 | 8.8 | CVE-2025-13189 | VDB-332478 | D-Link DIR-816L gena.cgi genacgi_main stack-based overflow VDB-332478 | CTI Indicators (IOB, IOC, IOA) Submit #685540 | D-Link DIR-816L DIR816L_REVB_FW_2_06_b09_beta Stack-based Buffer Overflow https://github.com/scanleale/ https://www.dlink.com/ |
| D-Link–DIR-816L | A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. This vulnerability affects the function scandir_main of the file /portal/__ajax_exporer.sgi. The manipulation of the argument en results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-11-15 | 8.8 | CVE-2025-13190 | VDB-332479 | D-Link DIR-816L __ajax_exporer.sgi scandir_main stack-based overflow VDB-332479 | CTI Indicators (IOB, IOC, IOA) Submit #685541 | D-Link DIR-816L DIR816L_REVB_FW_2_06_b09_beta Stack-based Buffer Overflow https://github.com/scanleale/ https://www.dlink.com/ |
| D-Link–DIR-816L | A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta. This issue affects the function soapcgi_main of the file /soap.cgi. This manipulation causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-11-15 | 8.8 | CVE-2025-13191 | VDB-332480 | D-Link DIR-816L soap.cgi soapcgi_main stack-based overflow VDB-332480 | CTI Indicators (IOB, IOC, IOA) Submit #685543 | D-Link DIR-816L DIR816L_REVB_FW_2_06_b09_beta Stack-based Buffer Overflow https://github.com/scanleale/ https://www.dlink.com/ |
| Cisco–Cisco Digital Network Architecture Center (DNA Center) | A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to perform unauthorized modifications to the system, including creating new user accounts or elevating their own privileges on an affected system. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer. | 2025-11-13 | 8.8 | CVE-2025-20341 | cisco-sa-catc-priv-esc- |
| n/a–Intel(R) CIP software | Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via network access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | 2025-11-11 | 8.8 | CVE-2025-24299 | https://intel.com/content/www/ |
| n/a–Intel(R) CIP software | Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via network access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | 2025-11-11 | 8.8 | CVE-2025-24838 | https://intel.com/content/www/ |
| Red Hat–Cluster Observability Operator 1.3.0 | A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with *ClusterRole* upon deployment of the *Namespace-Scoped* Custom Resource MonitorStack. This issue allows an adversarial Kubernetes Account with only namespaced-level roles, for example, a tenant controlling a namespace, to create a MonitorStack in the authorized namespace and then elevate permission to the cluster level by impersonating the ServiceAccount created by the Operator, resulting in privilege escalation and other issues. | 2025-11-12 | 8.8 | CVE-2025-2843 | RHSA-2025:21146 https://access.redhat.com/ RHBZ#2355222 |
| n/a–Intel(R) PROSet/Wireless WiFi Software for Windows | Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts. | 2025-11-11 | 8.2 | CVE-2025-30255 | https://intel.com/content/www/ |
| Microsoft–Nuance PowerScribe 360 version 4.0.5 | Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network. | 2025-11-11 | 8.1 | CVE-2025-30398 | Nuance PowerScribe 360 Information Disclosure Vulnerability |
| n/a–Intel(R) Arc(TM) B-series GPUs | Incorrect default permissions in some firmware for the Intel(R) Arc(TM) B-series GPUs within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | 2025-11-11 | 8.2 | CVE-2025-32091 | https://intel.com/content/www/ |
| n/a–Intel QuickAssist Technology | Improper input validation for some Intel QuickAssist Technology before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | 2025-11-11 | 8.8 | CVE-2025-33000 | https://intel.com/content/www/ |
| NVIDIA–AuthN component of NVIDIA AIStore | NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability might lead to escalation of privileges, information disclosure, and data tampering. | 2025-11-11 | 8.8 | CVE-2025-33186 | https://nvd.nist.gov/vuln/ https://www.cve.org/CVERecord? https://nvidia.custhelp.com/ |
| n/a–Intel(R) PROSet/Wireless WiFi Software for Windows | Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (low) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (high) impacts. | 2025-11-11 | 8.2 | CVE-2025-35971 | https://intel.com/content/www/ |
| IBM–AIX | IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system. | 2025-11-13 | 8.2 | CVE-2025-36236 | https://www.ibm.com/support/ |
| Dell–SmartFabric OS10 Software | Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | 2025-11-12 | 8.8 | CVE-2025-46427 | https://www.dell.com/support/ |
| Dell–SmartFabric OS10 Software | Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. | 2025-11-12 | 8.8 | CVE-2025-46428 | https://www.dell.com/support/ |
| Combodo–iTop | Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content. | 2025-11-10 | 8.8 | CVE-2025-47773 | https://github.com/Combodo/ |
| Combodo–iTop | Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is rendered via an AJAX call. Versions 2.7.13 and 3.2.2 sanitize the var responsible for the attack. | 2025-11-10 | 8.8 | CVE-2025-47932 | https://github.com/Combodo/ |
| Combodo–iTop | Combodo iTop is a web based IT service management tool. In versions prior to 3.2.2, when displaying content in a browse brick in the user portal, a cross-site scripting attack can occur. This is fixed in versions 3.2.2 and 3.3.0. | 2025-11-10 | 8.5 | CVE-2025-48055 | https://github.com/Combodo/ |
| Combodo–iTop | Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a field with an error contains malicious content. Versions 2.7.13 and 3.2.2 protect rendered HTML content. | 2025-11-10 | 8.8 | CVE-2025-48065 | https://github.com/Combodo/ |
| Combodo–iTop | Combodo iTop is a web based IT service management tool. In versions prior to 2.7.13 and 3.2.2, a user that has enough rights to create webhooks (mostly administrators) can drop the database. This is fixed in iTop 2.7.13 and 3.2.2 by verifying callback signature. | 2025-11-10 | 8.7 | CVE-2025-49145 | https://github.com/Combodo/ |
| General Industrial Controls–Lynx+ Gateway | General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and login. | 2025-11-14 | 8.2 | CVE-2025-55034 | https://www.cisa.gov/news- https://github.com/cisagov/ |
| Red Hat–Red Hat Enterprise Linux 10 | If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the “use_dns” setting is explicitly set to false are not affected. | 2025-11-12 | 8.6 | CVE-2025-59088 | RHSA-2025:21138 RHSA-2025:21139 RHSA-2025:21140 RHSA-2025:21141 RHSA-2025:21142 RHSA-2025:21448 |
Share this:
Discover more from #News247WorldPress
Subscribe to get the latest posts sent to your email.