CVE Feeds
CVE News Feed
Updates on the latest vulnerabilities detected.
-
CVE-2025-12852 - NEC RakurakuMusen Start EX DLL Loading Remote Code Execution
CVE ID :CVE-2025-12852
Published : Nov. 19, 2025, 1:01 a.m. | 1 hour, 25 minutes ago
Description :DLL Loading vulnerability in NEC Corporation RakurakuMusen Start EX All Verisons allows a attacker to manipulate the PC environment to cause unintended operations on the user's device.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-65093 - LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint
CVE ID :CVE-2025-65093
Published : Nov. 18, 2025, 11:15 p.m. | 3 hours, 10 minutes ago
Description :LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at the /ajax_output.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query logic and infer data from the database through conditional responses. This issue has been patched in version 25.11.0.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-65015 - joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads
CVE ID :CVE-2025-65015
Published : Nov. 18, 2025, 11:15 p.m. | 3 hours, 10 minutes ago
Description :joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python web application, an attacker may be able to send arbitrarily large bearer tokens in the HTTP request headers. When this occurs, Python logging or diagnostic tools (e.g., Sentry) may end up processing extremely large log messages containing the full JWT header during the joserfc.jwt.decode() operation. The same behavior also appears when validating claims and signature payload sizes, as the library raises joserfc.errors.ExceededSizeError() with the full payload embedded in the exception message. Since the payload is already fully loaded into memory at this stage, the library cannot prevent or reject it. This issue has been patched in versions 1.3.5 and 1.4.2.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-65014 - LibreNMS has Weak Password Policy
CVE ID :CVE-2025-65014
Published : Nov. 18, 2025, 11:15 p.m. | 3 hours, 10 minutes ago
Description :LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a weak password policy vulnerability was identified in the user management functionality of the LibreNMS application. This vulnerability allows administrators to create accounts with extremely weak and predictable passwords, such as 12345678. This exposes the platform to brute-force and credential stuffing attacks. This issue has been patched in version 25.11.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-65013 - LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
CVE ID :CVE-2025-65013
Published : Nov. 18, 2025, 11:15 p.m. | 3 hours, 10 minutes ago
Description :LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting (XSS) vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited by a victim, causes arbitrary JavaScript execution in the victim’s browser. This issue has been patched in version 25.11.0.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-65012 - Kirby CMS has cross-site scripting (XSS) in the changes dialog
CVE ID :CVE-2025-65012
Published : Nov. 18, 2025, 11:15 p.m. | 3 hours, 10 minutes ago
Description :Kirby is an open-source content management system. From versions 5.0.0 to 5.1.3, attackers could change the title of any page or the name of any user to a malicious string. Then they could modify any content field of the same model without saving, making the model a candidate for display in the "Changes" dialog. If another authenticated user subsequently opened the dialog in their Panel, the malicious code would be executed. This vulnerability affects all Kirby 5 sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update page titles or usernames. The attack requires user interaction by another Panel user and cannot be automated. This issue has been patched in version 5.1.4.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-64515 - Open Forms prefill data in read-only components can be tampered
CVE ID :CVE-2025-64515
Published : Nov. 18, 2025, 11:15 p.m. | 3 hours, 10 minutes ago
Description :Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields are marked as readonly and cannot be modified through the user interface. This issue has been patched in versions 3.2.7 and 3.3.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-64325 - Emby Server is Vulnerable to Remote Code Execution Through XSS in Admin Dashboard
CVE ID :CVE-2025-64325
Published : Nov. 18, 2025, 11:15 p.m. | 3 hours, 11 minutes ago
Description :Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has been patched in version 4.8.1.0 and Beta version 4.9.0.0-beta.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-64324 - KubeVirt Vulnerable to Arbitrary Host File Read and Write
CVE ID :CVE-2025-64324
Published : Nov. 18, 2025, 11:15 p.m. | 3 hours, 11 minutes ago
Description :KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the `DiskOrCreate` option (which creates a file if it doesn't exist) has a logic bug that allows an attacker to read and write arbitrary files owned by more privileged users on the host system. Versions 1.6.1 and 1.7.0 fix the issue.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-62406 - Piwigo is vulnerable to one-click account takeover by modifying the password-reset link
CVE ID :CVE-2025-62406
Published : Nov. 18, 2025, 11:15 p.m. | 3 hours, 11 minutes ago
Description :Piwigo is a full featured open source photo gallery application for the web. In Piwigo 15.6.0, using the password reset function allows sending a password-reset URL by entering an existing username or email address. However, the hostname used to construct this URL is taken from the HTTP request's Host header and is not validated at all. Therefore, an attacker can send a password-reset URL with a modified hostname to an existing user whose username or email the attacker knows or guesses. This issue has been patched in version 15.7.0.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-54990 - XWiki AdminTools application doesn't set permissions on the AdminTools space
CVE ID :CVE-2025-54990
Published : Nov. 18, 2025, 11:15 p.m. | 3 hours, 11 minutes ago
Description :XWiki AdminTools integrates administrative tools for managing a running XWiki instance. Prior to version 1.1, users without admin rights have access to AdminTools.SpammedPages. View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin users, the page is still accessible. This issue has been patched in version 1.1. A workaround involves setting the view rights for the AdminTools space to be only available for the XWikiAdminGroup.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-63229 - Mozart FM Transmitter Reflected Cross-Site Scripting (XSS)
CVE ID :CVE-2025-63229
Published : Nov. 18, 2025, 10:15 p.m. | 4 hours, 11 minutes ago
Description :The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains a reflected Cross-Site Scripting (XSS) vulnerability in the /main0.php endpoint. By injecting a malicious JavaScript payload into the ?m= query parameter, an attacker can execute arbitrary code in the victim's browser, potentially stealing sensitive information, hijacking sessions, or performing unauthorized actions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-63217 - Itel DAB MUX JWT Authentication Bypass
CVE ID :CVE-2025-63217
Published : Nov. 18, 2025, 10:15 p.m. | 4 hours, 11 minutes ago
Description :The Itel DAB MUX (IDMUX build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-63216 - Itel DAB Gateway JWT Token Reuse Attack
CVE ID :CVE-2025-63216
Published : Nov. 18, 2025, 10:15 p.m. | 4 hours, 11 minutes ago
Description :The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-63215 - Sound4 IMPACT Remote Code Execution (RCE)
CVE ID :CVE-2025-63215
Published : Nov. 18, 2025, 10:15 p.m. | 4 hours, 11 minutes ago
Description :The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-12119 - Bulk write with options may read invalid memory
CVE ID :CVE-2025-12119
Published : Nov. 18, 2025, 10:15 p.m. | 4 hours, 11 minutes ago
Description :A mongoc_bulk_operation_t may read invalid memory if large options are passed.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-63228 - Mozart FM Transmitter Unauthenticated Remote Code Execution File Upload Vulnerability
CVE ID :CVE-2025-63228
Published : Nov. 18, 2025, 8:15 p.m. | 6 hours, 11 minutes ago
Description :The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php endpoint. An attacker can exploit this by sending a crafted POST request with a malicious file (e.g., a PHP webshell) to the server. The uploaded file is stored in the /upload/ directory, enabling remote code execution and full system compromise.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-63227 - Mozart FM Transmitter Unrestricted File Upload Vulnerability
CVE ID :CVE-2025-63227
Published : Nov. 18, 2025, 8:15 p.m. | 6 hours, 11 minutes ago
Description :The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unrestricted file upload vulnerability in the /patch.php endpoint. An attacker with administrative credentials can upload arbitrary files (e.g., PHP webshells), which are stored in the /patch/ directory. This allows the attacker to execute arbitrary commands on the server, potentially leading to full system compromise.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-63226 - Sencore SMP100 Session Hijacking Vulnerability
CVE ID :CVE-2025-63226
Published : Nov. 18, 2025, 8:15 p.m. | 6 hours, 11 minutes ago
Description :The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60.1.4, V60.1.29) is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are on the same network as the victim and have access to the target's logged-in session can access the endpoint and add new users without any authentication. This allows attackers to gain unauthorized access to the system and perform malicious activities.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-37162 - Authenticated Command Injection Vulnerability Leading to Arbitrary Remote Command Execution
CVE ID :CVE-2025-37162
Published : Nov. 18, 2025, 8:15 p.m. | 6 hours, 11 minutes ago
Description :A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Information
Vortech Consulting is a network security and design consulting firm originally founded in 1997. Over our nearly 30 year history we have provided security services and products for a wide variety of companies around the globe.
Company
Who's Online
We have 408 guests and no members online