Total
667 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13131 | 1 Sonarr | 1 Sonarr | 2025-11-14 | 7.8 High |
| A vulnerability was found in Sonarr 4.0.15.2940. The impacted element is an unknown function of the file C:\ProgramData\Sonarr\bin\Sonarr.Console.exe of the component Service. Performing manipulation results in incorrect default permissions. The attack is only possible with local access. The vendor confirms this vulnerability but classifies it as a "low severity issue due to the default service user being used as it would either require someone to intentionally change the service to a highly privileged account or an attacker would need an admin level account". It is planned to fix this issue in the next major release v5. | ||||
| CVE-2025-13130 | 1 Radarr | 1 Radarr | 2025-11-14 | 7.8 High |
| A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect default permissions. The attack can only be performed from a local environment. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6527 | 1 70mai | 2 M300, M300 Firmware | 2025-11-14 | 3.1 Low |
| A vulnerability, which was classified as problematic, was found in 70mai M300 up to 20250611. Affected is an unknown function of the component Web Server. The manipulation leads to improper access controls. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-49924 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 7.3 High |
| Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through <= 2.2.4.2. | ||||
| CVE-2025-12436 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-11-13 | 5.9 Medium |
| Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||
| CVE-2025-12445 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-11-13 | 6.5 Medium |
| Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
| CVE-2025-6325 | 2 Kingaddons, Wordpress | 2 King Addons For Elementor, Wordpress | 2025-11-13 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in KingAddons.com King Addons for Elementor king-addons allows Privilege Escalation.This issue affects King Addons for Elementor: from n/a through <= 51.1.36. | ||||
| CVE-2025-62034 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. | ||||
| CVE-2025-62007 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in bPlugins Voice Feedback voice-feedback allows Privilege Escalation.This issue affects Voice Feedback: from n/a through <= 1.0.3. | ||||
| CVE-2025-60222 | 3 Fantasticplugins, Woocommerce, Wordpress | 3 Sumo Memberships For Woocommerce, Woocommerce, Wordpress | 2025-11-13 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Privilege Escalation.This issue affects SUMO Memberships for WooCommerce: from n/a through <= 7.6.0. | ||||
| CVE-2025-60220 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through <= 3.0.0. | ||||
| CVE-2025-60211 | 3 Extendons, Woocommerce, Wordpress | 3 Woocommerce Registration Fields Plugin, Woocommerce, Wordpress | 2025-11-13 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through <= 3.2.3. | ||||
| CVE-2025-60195 | 2 Atarim, Wordpress | 2 Atarim, Wordpress | 2025-11-13 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a through <= 4.2. | ||||
| CVE-2025-59580 | 2 Goodlayers, Wordpress | 2 Goodlayers Core, Wordpress | 2025-11-13 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in GoodLayers Goodlayers Core goodlayers-core allows Privilege Escalation.This issue affects Goodlayers Core: from n/a through < 2.1.7. | ||||
| CVE-2025-49900 | 1 Wordpress | 1 Wordpress | 2025-11-13 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.This issue affects Advanced scrollbar: from n/a through <= 1.1.8. | ||||
| CVE-2025-48082 | 2 Progress Planner, Wordpress | 2 Progress Planner, Wordpress | 2025-11-13 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Progress Planner Progress Planner progress-planner allows Privilege Escalation.This issue affects Progress Planner: from n/a through <= 1.8.0. | ||||
| CVE-2024-32009 | 1 Siemens | 1 Spectrum Power 4 | 2025-11-12 | 7.8 High |
| A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to wrongly set permissions to a binary which allows any local attacker to gain administrative privileges. | ||||
| CVE-2025-63384 | 1 Chipsalliance | 1 Rocket-chip | 2025-11-12 | 6.5 Medium |
| A vulnerability was discovered in RISC-V Rocket-Chip v1.6 and before implementation where the SRET (Supervisor-mode Exception Return) instruction fails to correctly transition the processor's privilege level. Instead of downgrading from Machine-mode (M-mode) to Supervisor-mode (S-mode) as specified by the sstatus.SPP bit, the processor incorrectly remains in M-mode, leading to a critical privilege retention vulnerability. | ||||
| CVE-2024-12235 | 1 Tongzhouyun | 1 Agilebpm | 2025-11-12 | 6.3 Medium |
| A vulnerability was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 1.0.0. It has been declared as critical. Affected by this vulnerability is the function doFilter of the file \agile-bpm-basic-master\ab-auth\ab-auth-spring-security-oauth2\src\main\java\com\dstz\auth\filter\AuthorizationTokenCheckFilter.java. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-27095 | 2 Fit2cloud, Jumpserver | 2 Jumpserver, Jumpserver | 2025-11-12 | 4.3 Medium |
| JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to redirect API requests to an external server controlled by the attacker. This allows the attacker to intercept and capture the Kubernetes cluster token. This can potentially allow unauthorized access to the cluster and compromise its security. This vulnerability is fixed in 4.8.0 and 3.10.18. | ||||