Common Vulnerability Analyzer Last Full Sync: Thu Nov 20 2025 22:32:22 GMT+0000 (Coordinated Universal Time)
1. ID: CVE-2025-58692
Assigner: psirt@fortinet.com
Description: An improper neutralization of special elements used in an SQL Command ("SQL Injection") vulnerability [CWE-89] in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests.
Published Date: Tue Nov 18 2025 17:16:06 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Nov 20 2025 14:36:17 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Nov 20 2025 14:39:20 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: Less than 8 hours
2. ID: CVE-2025-13229
Assigner: chrome-cve-admin@google.com
Description: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Tue Nov 18 2025 00:15:48 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Nov 19 2025 13:04:25 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Nov 19 2025 13:14:52 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 2 days ago
3. ID: CVE-2025-13230
Assigner: chrome-cve-admin@google.com
Description: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Tue Nov 18 2025 00:15:48 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Nov 19 2025 13:04:15 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Nov 19 2025 13:14:52 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 2 days ago
4. ID: CVE-2025-13226
Assigner: chrome-cve-admin@google.com
Description: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Tue Nov 18 2025 00:15:47 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Nov 19 2025 13:04:51 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Nov 19 2025 13:14:52 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 2 days ago
5. ID: CVE-2025-13227
Assigner: chrome-cve-admin@google.com
Description: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Tue Nov 18 2025 00:15:47 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Nov 19 2025 13:04:42 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Nov 19 2025 13:14:52 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 2 days ago
6. ID: CVE-2025-13228
Assigner: chrome-cve-admin@google.com
Description: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Tue Nov 18 2025 00:15:47 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Nov 19 2025 13:04:35 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Nov 19 2025 13:14:52 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 2 days ago
7. ID: CVE-2025-13224
Assigner: chrome-cve-admin@google.com
Description: Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Mon Nov 17 2025 23:15:47 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Nov 19 2025 13:04:59 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Nov 19 2025 13:14:52 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 2 days ago
8. ID: CVE-2025-13223
Assigner: chrome-cve-admin@google.com
Description: Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Mon Nov 17 2025 23:15:45 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Nov 20 2025 15:17:23 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Nov 19 2025 13:14:52 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: Less than 8 hours
9. ID: CVE-2025-64446
Assigner: psirt@fortinet.com
Description: A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
Published Date: Fri Nov 14 2025 16:15:58 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Nov 20 2025 22:16:03 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Nov 14 2025 18:19:48 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 hours
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED 17 minutes
10. ID: CVE-2025-46427
Assigner: security_alert@emc.com
Description: Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
Published Date: Wed Nov 12 2025 20:15:42 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Nov 17 2025 12:32:13 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Nov 17 2025 12:38:50 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 5 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 4 days ago
11. ID: CVE-2025-46428
Assigner: security_alert@emc.com
Description: Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
Published Date: Wed Nov 12 2025 20:15:42 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Nov 17 2025 12:32:02 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Nov 17 2025 12:38:50 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 5 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 4 days ago
12. ID: CVE-2025-62452
Assigner: secure@microsoft.com
Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Published Date: Tue Nov 11 2025 18:15:50 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Nov 14 2025 15:41:32 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Nov 14 2025 15:42:39 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8
Base Severity: HIGH
LAST MODIFIED: 7 days ago
13. ID: CVE-2025-62220
Assigner: secure@microsoft.com
Description: Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network.
Published Date: Tue Nov 11 2025 18:15:49 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Nov 14 2025 15:53:43 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Nov 14 2025 15:55:16 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 7 days ago
14. ID: CVE-2025-62222
Assigner: secure@microsoft.com
Description: Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.
Published Date: Tue Nov 11 2025 18:15:49 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Nov 14 2025 15:47:58 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Nov 14 2025 15:49:49 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 7 days ago
15. ID: CVE-2025-62210
Assigner: secure@microsoft.com
Description: Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
Published Date: Tue Nov 11 2025 18:15:48 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Nov 17 2025 17:41:05 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Nov 17 2025 17:42:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 6 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 8.7
Base Severity: HIGH
LAST MODIFIED: 4 days ago
16. ID: CVE-2025-62211
Assigner: secure@microsoft.com
Description: Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
Published Date: Tue Nov 11 2025 18:15:48 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Nov 17 2025 17:41:00 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Nov 17 2025 17:42:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 6 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 8.7
Base Severity: HIGH
LAST MODIFIED: 4 days ago
17. ID: CVE-2025-62204
Assigner: secure@microsoft.com
Description: Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Published Date: Tue Nov 11 2025 18:15:45 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Nov 17 2025 18:01:37 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Nov 17 2025 18:04:58 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 6 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8
Base Severity: HIGH
LAST MODIFIED: 4 days ago
18. ID: CVE-2025-60724
Assigner: secure@microsoft.com
Description: Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
Published Date: Tue Nov 11 2025 18:15:41 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Nov 17 2025 17:40:24 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Nov 17 2025 17:42:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 6 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 4 days ago
19. ID: CVE-2025-60715
Assigner: secure@microsoft.com
Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Published Date: Tue Nov 11 2025 18:15:39 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Nov 17 2025 17:43:02 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Nov 17 2025 17:46:40 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 6 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8
Base Severity: HIGH
LAST MODIFIED: 4 days ago
20. ID: CVE-2025-59499
Assigner: secure@microsoft.com
Description: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
Published Date: Tue Nov 11 2025 18:15:35 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Nov 17 2025 17:40:37 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Nov 17 2025 17:42:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 6 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 4 days ago
21. ID: CVE-2025-12432
Assigner: chrome-cve-admin@google.com
Description: Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Mon Nov 10 2025 20:15:37 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Nov 13 2025 15:26:15 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Nov 13 2025 15:54:41 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 8 days ago
22. ID: CVE-2025-12429
Assigner: chrome-cve-admin@google.com
Description: Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Published Date: Mon Nov 10 2025 20:15:36 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Nov 13 2025 15:26:46 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Nov 13 2025 15:54:41 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 8 days ago
23. ID: CVE-2025-12428
Assigner: chrome-cve-admin@google.com
Description: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Published Date: Mon Nov 10 2025 20:15:35 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Nov 13 2025 15:26:57 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Nov 13 2025 15:54:41 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 8 days ago
24. ID: CVE-2025-11205
Assigner: chrome-cve-admin@google.com
Description: Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Thu Nov 06 2025 22:15:38 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Nov 13 2025 15:31:01 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Nov 13 2025 15:54:41 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 7 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 8 days ago
25. ID: CVE-2025-45378
Assigner: security_alert@emc.com
Description: Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access of shell and escalate privilege, gain unauthorized access of system. If ssh is enabled with web credentials of server, attack is possible through network with known privileged user/password.
Published Date: Wed Nov 05 2025 17:15:41 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Nov 07 2025 17:52:11 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Nov 07 2025 17:54:48 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.1
Base Severity: CRITICAL
LAST MODIFIED: 14 days ago
26. ID: CVE-2025-45379
Assigner: security_alert@emc.com
Description: Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system.
Published Date: Wed Nov 05 2025 17:15:41 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Nov 07 2025 17:52:47 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Nov 07 2025 17:54:48 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 14 days ago
27. ID: CVE-2025-46364
Assigner: security_alert@emc.com
Description: Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system.
Published Date: Wed Nov 05 2025 17:15:41 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Nov 07 2025 17:53:19 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Nov 07 2025 17:54:48 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.1
Base Severity: CRITICAL
LAST MODIFIED: 14 days ago
28. ID: CVE-2025-30479
Assigner: security_alert@emc.com
Description: Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system.
Published Date: Wed Nov 05 2025 17:15:39 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Nov 07 2025 18:04:06 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Nov 07 2025 18:05:37 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 14 days ago
29. ID: CVE-2025-20358
Assigner: psirt@cisco.com
Description: A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. This vulnerability is due to improper authentication mechanisms in the communication between the CCX Editor and an affected Unified CCX server. An attacker could exploit this vulnerability by redirecting the authentication flow to a malicious server and tricking the CCX Editor into believing the authentication was successful. A successful exploit could allow the attacker to create and execute arbitrary scripts on the underlying operating system of an affected Unified CCX server, as an internal non-root user account.
Published Date: Wed Nov 05 2025 17:15:38 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Nov 07 2025 15:43:44 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Nov 07 2025 15:32:12 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: LOW
Base Score: 9.4
Base Severity: CRITICAL
LAST MODIFIED: 14 days ago
30. ID: CVE-2025-20343
Assigner: psirt@cisco.com
Description: A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause Cisco ISE to restart unexpectedly. This vulnerability is due to a logic error when processing a RADIUS access request for a MAC address that is already a rejected endpoint. An attacker could exploit this vulnerability by sending a specific sequence of multiple crafted RADIUS access request messages to Cisco ISE. A successful exploit could allow the attacker to cause a denial of service (DoS) condition when Cisco ISE restarts.
Published Date: Wed Nov 05 2025 17:15:37 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Nov 19 2025 14:56:35 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Nov 19 2025 15:19:32 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 14 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: HIGH
Base Score: 8.6
Base Severity: HIGH
LAST MODIFIED: 2 days ago
31. ID: CVE-2025-20354
Assigner: psirt@cisco.com
Description: A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. This vulnerability is due to improper authentication mechanisms that are associated to specific Cisco Unified CCX features. An attacker could exploit this vulnerability by uploading a crafted file to an affected system through the Java RMI process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.
Published Date: Wed Nov 05 2025 17:15:37 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Nov 07 2025 15:44:35 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Nov 07 2025 15:46:21 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 14 days ago
32. ID: CVE-2025-43994
Assigner: security_alert@emc.com
Description: Dell Storage Center - Dell Storage Manager, version(s) DSM 20.1.21, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
Published Date: Fri Oct 24 2025 15:15:38 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Nov 04 2025 14:31:14 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Nov 04 2025 14:33:33 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 11 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: LOW
Availability Impact: HIGH
Base Score: 8.6
Base Severity: HIGH
LAST MODIFIED: 17 days ago
33. ID: CVE-2025-43995
Assigner: security_alert@emc.com
Description: Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An unauthenticated remote attacker can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId. These userid are special users created in compellentservicesapi for special purposes.
Published Date: Fri Oct 24 2025 15:15:38 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Nov 04 2025 14:43:05 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Nov 04 2025 14:48:47 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 11 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 17 days ago
34. ID: CVE-2025-57870
Assigner: psirt@esri.com
Description: A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL commands via a specific ArcGIS Feature Service operation. Successful exploitation can potentially result in unauthorized access, modification, or deletion of data from the underlying Enterprise Geodatabase.
Published Date: Wed Oct 22 2025 15:15:51 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Oct 31 2025 18:51:22 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Oct 31 2025 18:52:48 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 10 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 10
Base Severity: CRITICAL
LAST MODIFIED: 21 days ago
35. ID: CVE-2025-62588
Assigner: secalert_us@oracle.com
Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Published Date: Tue Oct 21 2025 20:20:55 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Oct 23 2025 16:01:21 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Oct 23 2025 16:13:43 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.2
Base Severity: HIGH
LAST MODIFIED: 29 days ago
36. ID: CVE-2025-62589
Assigner: secalert_us@oracle.com
Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Published Date: Tue Oct 21 2025 20:20:55 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Oct 23 2025 16:01:00 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Oct 23 2025 16:13:43 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.2
Base Severity: HIGH
LAST MODIFIED: 29 days ago
37. ID: CVE-2025-62590
Assigner: secalert_us@oracle.com
Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Published Date: Tue Oct 21 2025 20:20:55 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Oct 23 2025 16:01:06 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Oct 23 2025 16:13:43 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.2
Base Severity: HIGH
LAST MODIFIED: 29 days ago
38. ID: CVE-2025-62641
Assigner: secalert_us@oracle.com
Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Published Date: Tue Oct 21 2025 20:20:55 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Oct 23 2025 15:59:57 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Oct 23 2025 16:13:43 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.2
Base Severity: HIGH
LAST MODIFIED: 29 days ago
39. ID: CVE-2025-62481
Assigner: secalert_us@oracle.com
Description: Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in takeover of Oracle Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published Date: Tue Oct 21 2025 20:20:54 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Oct 24 2025 13:19:45 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Oct 24 2025 13:20:16 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 28 days ago
40. ID: CVE-2025-62587
Assigner: secalert_us@oracle.com
Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Published Date: Tue Oct 21 2025 20:20:54 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Oct 23 2025 16:01:13 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Oct 23 2025 16:13:43 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.2
Base Severity: HIGH
LAST MODIFIED: 29 days ago
41. ID: CVE-2025-61757
Assigner: secalert_us@oracle.com
Description: Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published Date: Tue Oct 21 2025 20:20:52 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Nov 20 2025 19:16:21 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Oct 24 2025 14:28:26 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: Less than 4 hours
42. ID: CVE-2025-61763
Assigner: secalert_us@oracle.com
Description: Vulnerability in Oracle Essbase (component: Essbase Web Platform). The supported version that is affected is 21.7.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Essbase accessible data as well as unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
Published Date: Tue Oct 21 2025 20:20:52 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Oct 24 2025 14:27:30 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Oct 24 2025 14:28:26 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 8.1
Base Severity: HIGH
LAST MODIFIED: 28 days ago
43. ID: CVE-2025-61751
Assigner: secalert_us@oracle.com
Description: Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
Published Date: Tue Oct 21 2025 20:20:51 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Oct 24 2025 14:36:24 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Oct 24 2025 14:37:28 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 8.1
Base Severity: HIGH
LAST MODIFIED: 28 days ago
44. ID: CVE-2025-53072
Assigner: secalert_us@oracle.com
Description: Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in takeover of Oracle Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published Date: Tue Oct 21 2025 20:20:48 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Oct 24 2025 14:36:58 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Oct 24 2025 14:37:28 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 28 days ago
45. ID: CVE-2025-53049
Assigner: secalert_us@oracle.com
Description: Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Administration). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H).
Published Date: Tue Oct 21 2025 20:20:42 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Oct 23 2025 16:06:38 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Oct 23 2025 16:13:43 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 29 days ago
46. ID: CVE-2025-53043
Assigner: secalert_us@oracle.com
Description: Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Item Catalog). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Product Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Product Hub accessible data as well as unauthorized access to critical data or complete access to all Oracle Product Hub accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
Published Date: Tue Oct 21 2025 20:20:41 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Oct 23 2025 16:07:39 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Oct 23 2025 16:13:43 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 8.1
Base Severity: HIGH
LAST MODIFIED: 29 days ago
47. ID: CVE-2025-53036
Assigner: secalert_us@oracle.com
Description: Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
Published Date: Tue Oct 21 2025 20:20:40 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Oct 23 2025 16:08:47 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Oct 23 2025 16:13:43 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: NONE
Availability Impact: NONE
Base Score: 8.6
Base Severity: HIGH
LAST MODIFIED: 29 days ago
48. ID: CVE-2025-53037
Assigner: secalert_us@oracle.com
Description: Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published Date: Tue Oct 21 2025 20:20:40 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Oct 23 2025 16:08:38 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Oct 23 2025 16:13:43 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 29 days ago
49. ID: CVE-2025-49553
Assigner: psirt@adobe.com
Description: Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Scope is changed.
Published Date: Tue Oct 14 2025 22:15:37 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Oct 17 2025 14:59:03 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Oct 17 2025 14:59:42 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 9.3
Base Severity: CRITICAL
LAST MODIFIED: 35 days ago
50. ID: CVE-2025-54264
Assigner: psirt@adobe.com
Description: Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.
Published Date: Tue Oct 14 2025 21:15:35 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Oct 20 2025 13:47:24 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Oct 20 2025 13:54:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 6 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 8.1
Base Severity: HIGH
LAST MODIFIED: 32 days ago