9.3

CVSS4.0

CVE-2025-64486 - calibre is vulnerable to arbitrary code execution when opening FB2 files

calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve arbitra…

πŸ“… Published: Nov. 7, 2025, 11:25 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.3

CVSS3.1

CVE-2025-12911 -

Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

πŸ“… Published: Nov. 7, 2025, 11:23 p.m. πŸ”„ Last Modified: Nov. 21, 2025, 9:18 p.m.

6.2

CVSS3.1

CVE-2025-12910 -

Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. (Chromium security severity: Low)

πŸ“… Published: Nov. 7, 2025, 11:23 p.m. πŸ”„ Last Modified: Nov. 21, 2025, 9:19 p.m.

5.3

CVSS3.1

CVE-2025-12909 -

Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. (Chromium security severity: Low)

πŸ“… Published: Nov. 7, 2025, 11:23 p.m. πŸ”„ Last Modified: Nov. 21, 2025, 9:19 p.m.

5.4

CVSS3.1

CVE-2025-12908 -

Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

πŸ“… Published: Nov. 7, 2025, 11:23 p.m. πŸ”„ Last Modified: Nov. 21, 2025, 9:19 p.m.

8.8

CVSS3.1

CVE-2025-12907 -

Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code via user action in Devtools. (Chromium security severity: Low)

πŸ“… Published: Nov. 7, 2025, 11:23 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 5:47 p.m.

5.4

CVSS3.1

CVE-2025-12906 -

Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

πŸ“… Published: Nov. 7, 2025, 11:23 p.m. πŸ”„ Last Modified: Nov. 21, 2025, 9:21 p.m.

5.4

CVSS3.1

CVE-2025-12905 -

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. (Chromium security severity: Low)

πŸ“… Published: Nov. 7, 2025, 11:23 p.m. πŸ”„ Last Modified: Nov. 21, 2025, 9:21 p.m.

5.3

CVSS4.0

CVE-2025-64485 - CVAT: Mounted share file overwrite via crafted request

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the us…

πŸ“… Published: Nov. 7, 2025, 11:21 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2025-64433 - KubeVirt Arbitrary Container File Read

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.5.3 and 1.6.1, a vulnerability was discovered that allows a VM to read arbitrary files from the virt-launcher pod's file system. This issue stems from improper symlink handling when mounting PVC disks into a VM. Specifically…

πŸ“… Published: Nov. 7, 2025, 11:07 p.m. πŸ”„ Last Modified: Nov. 25, 2025, 4:49 p.m.
Total resulsts: 349182
Page 3102 of 34,919
Β« previous page Β» next page
Filters