8.6

CVSS4.0

CVE-2025-64488 - SuiteCRM: Authenticated SQL Injection Possible in Reschedule Call Module

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.7 and below and 8.0.0-beta.1 through 8.9.0 8.0.0-beta.1, an attacker can craft a malicious call_id that alters the logic of the SQL query or injects arbitrary SQL. An attack ca…

πŸ“… Published: Nov. 7, 2025, 11:59 p.m. πŸ”„ Last Modified: Nov. 12, 2025, 4:20 p.m.

9.3

CVSS4.0

CVE-2025-64486 - calibre is vulnerable to arbitrary code execution when opening FB2 files

calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve arbitra…

πŸ“… Published: Nov. 7, 2025, 11:25 p.m. πŸ”„ Last Modified: Nov. 12, 2025, 4:20 p.m.

4.3

CVSS3.1

CVE-2025-12911 -

Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

πŸ“… Published: Nov. 7, 2025, 11:23 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 4:15 p.m.

6.2

CVSS3.1

CVE-2025-12910 -

Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. (Chromium security severity: Low)

πŸ“… Published: Nov. 7, 2025, 11:23 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 4:15 p.m.

5.3

CVSS3.1

CVE-2025-12909 -

Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. (Chromium security severity: Low)

πŸ“… Published: Nov. 7, 2025, 11:23 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 4:15 p.m.

5.4

CVSS3.1

CVE-2025-12908 -

Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

πŸ“… Published: Nov. 7, 2025, 11:23 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 4:15 p.m.

8.8

CVSS3.1

CVE-2025-12907 -

Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code via user action in Devtools. (Chromium security severity: Low)

πŸ“… Published: Nov. 7, 2025, 11:23 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 4:15 p.m.

5.4

CVSS3.1

CVE-2025-12906 -

Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

πŸ“… Published: Nov. 7, 2025, 11:23 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 4:15 p.m.

5.4

CVSS3.1

CVE-2025-12905 -

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. (Chromium security severity: Low)

πŸ“… Published: Nov. 7, 2025, 11:23 p.m. πŸ”„ Last Modified: Nov. 10, 2025, 4:15 p.m.

5.3

CVSS4.0

CVE-2025-64485 - CVAT: Mounted share file overwrite via crafted request

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the us…

πŸ“… Published: Nov. 7, 2025, 11:21 p.m. πŸ”„ Last Modified: Nov. 12, 2025, 4:20 p.m.
Total resulsts: 318247
Page 86 of 31,825
Β« previous page Β» next page
Filters