CVE-2025-40763 - "Altair Grid Engine Environment Variable Path Hijacking (Local Privilege Escalation)"
CVE ID : CVE-2025-40763
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Altair Grid Engine (All vers...
CVE ID : CVE-2025-40763
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Altair Grid Engine (All vers...
CVE-2025-40763 - "Altair Grid Engine Environment Variable Path Hijacking (Local Privilege Escalation)"
A vulnerability has been identified in Altair Grid Engine (All versions
cvefeed.io
November 11, 2025 at 11:58 PM
CVE-2025-40763 - "Altair Grid Engine Environment Variable Path Hijacking (Local Privilege Escalation)"
CVE ID : CVE-2025-40763
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Altair Grid Engine (All vers...
CVE ID : CVE-2025-40763
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Altair Grid Engine (All vers...
CVE-2025-61833 - Substance3D - Stager | Out-of-bounds Read (CWE-125)
CVE ID : CVE-2025-61833
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : Substance3D - Stager versions 3.1.5 and earlier are affected by an out-of-bounds read vulnerability w...
CVE ID : CVE-2025-61833
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : Substance3D - Stager versions 3.1.5 and earlier are affected by an out-of-bounds read vulnerability w...
CVE-2025-61833 - Substance3D - Stager | Out-of-bounds Read (CWE-125)
Substance3D - Stager versions 3.1.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation …
cvefeed.io
November 11, 2025 at 11:54 PM
CVE-2025-61833 - Substance3D - Stager | Out-of-bounds Read (CWE-125)
CVE ID : CVE-2025-61833
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : Substance3D - Stager versions 3.1.5 and earlier are affected by an out-of-bounds read vulnerability w...
CVE ID : CVE-2025-61833
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : Substance3D - Stager versions 3.1.5 and earlier are affected by an out-of-bounds read vulnerability w...
🔍 Chinese Attackers Exploit VMware Tools Flaw
A critical zero-day vulnerability (CVE-2025-41244) in VMware Aria Operations and VMware Tools has been actively exploited by China-linked hacking groups, allowing elevation of privileges and rooted access inside virtual machines.
A critical zero-day vulnerability (CVE-2025-41244) in VMware Aria Operations and VMware Tools has been actively exploited by China-linked hacking groups, allowing elevation of privileges and rooted access inside virtual machines.
November 11, 2025 at 11:54 PM
🔍 Chinese Attackers Exploit VMware Tools Flaw
A critical zero-day vulnerability (CVE-2025-41244) in VMware Aria Operations and VMware Tools has been actively exploited by China-linked hacking groups, allowing elevation of privileges and rooted access inside virtual machines.
A critical zero-day vulnerability (CVE-2025-41244) in VMware Aria Operations and VMware Tools has been actively exploited by China-linked hacking groups, allowing elevation of privileges and rooted access inside virtual machines.
CVE-2025-40744 - "Solid Edge Certificate Validation Weakness"
CVE ID : CVE-2025-40744
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected appl...
CVE ID : CVE-2025-40744
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected appl...
CVE-2025-40744 - "Solid Edge Certificate Validation Weakness"
A vulnerability has been identified in Solid Edge SE2025 (All versions
cvefeed.io
November 11, 2025 at 11:50 PM
CVE-2025-40744 - "Solid Edge Certificate Validation Weakness"
CVE ID : CVE-2025-40744
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected appl...
CVE ID : CVE-2025-40744
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 11). Affected appl...
CVE-2025-40760 - Altair Grid Engine Password Hash Disclosure Vulnerability
CVE ID : CVE-2025-40760
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affect...
CVE ID : CVE-2025-40760
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affect...
CVE-2025-40760 - Altair Grid Engine Password Hash Disclosure Vulnerability
A vulnerability has been identified in Altair Grid Engine (All versions
cvefeed.io
November 11, 2025 at 11:47 PM
CVE-2025-40760 - Altair Grid Engine Password Hash Disclosure Vulnerability
CVE ID : CVE-2025-40760
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affect...
CVE ID : CVE-2025-40760
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affect...
CVE-2025-12748 - Libvirt: denial of service in xml parsing
CVE ID : CVE-2025-12748
Published : Nov. 11, 2025, 8:15 p.m. | 3 hours, 16 minutes ago
Description : A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XM...
CVE ID : CVE-2025-12748
Published : Nov. 11, 2025, 8:15 p.m. | 3 hours, 16 minutes ago
Description : A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XM...
CVE-2025-12748 - Libvirt: denial of service in xml parsing
A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory …
cvefeed.io
November 11, 2025 at 11:45 PM
CVE-2025-12748 - Libvirt: denial of service in xml parsing
CVE ID : CVE-2025-12748
Published : Nov. 11, 2025, 8:15 p.m. | 3 hours, 16 minutes ago
Description : A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XM...
CVE ID : CVE-2025-12748
Published : Nov. 11, 2025, 8:15 p.m. | 3 hours, 16 minutes ago
Description : A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XM...
CVE-2024-32010 - Spectrum Power 4 Database Credential Extraction and Command Injection Vulnerability
CVE ID : CVE-2024-32010
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions...
CVE ID : CVE-2024-32010
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions...
CVE-2024-32010 - Spectrum Power 4 Database Credential Extraction and Command Injection Vulnerability
A vulnerability has been identified in Spectrum Power 4 (All versions
cvefeed.io
November 11, 2025 at 11:42 PM
CVE-2024-32010 - Spectrum Power 4 Database Credential Extraction and Command Injection Vulnerability
CVE ID : CVE-2024-32010
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions...
CVE ID : CVE-2024-32010
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions...
CVE-2025-64404: Apache OpenOffice: Remote documents loaded without prompt via background and bullet images
oss-sec: CVE-2025-64404: Apache OpenOffice: Remote documents loaded without prompt via background and bullet images
Posted by Arrigo Marchiori on Nov 11 Severity: moderate
Affected versions:
- Apache OpenOffice through 4.1.15
Description:
Apache OpenOffice documents can contain links to other files. A missing Authorization vulnerability in Apache
OpenOffice allowed an attacker to craft a document that would cause external links
to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used background fill images,
or bullet images, linked to external files...
seclists.org
November 11, 2025 at 11:42 PM
CVE-2025-64404: Apache OpenOffice: Remote documents loaded without prompt via background and bullet images
CVE-2024-32011 - Spectrum Power Command Injection Vulnerability
CVE ID : CVE-2024-32011
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affec...
CVE ID : CVE-2024-32011
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affec...
CVE-2024-32011 - Spectrum Power Command Injection Vulnerability
A vulnerability has been identified in Spectrum Power 4 (All versions
cvefeed.io
November 11, 2025 at 11:40 PM
CVE-2024-32011 - Spectrum Power Command Injection Vulnerability
CVE ID : CVE-2024-32011
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affec...
CVE ID : CVE-2024-32011
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affec...
CVE-2025-41116 - Incorrect oauth passthrough in Grafana Snowflake Datasource
CVE ID : CVE-2025-41116
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : When using the Grafana Databricks Datasource Plugin,
if Oauth passthrough is enabled on the d...
CVE ID : CVE-2025-41116
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : When using the Grafana Databricks Datasource Plugin,
if Oauth passthrough is enabled on the d...
CVE-2025-41116 - Incorrect oauth passthrough in Grafana Snowflake Datasource
When using the Grafana Databricks Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it could result in the wrong user identifier being used, and information for which the viewer is not …
cvefeed.io
November 11, 2025 at 11:38 PM
CVE-2025-41116 - Incorrect oauth passthrough in Grafana Snowflake Datasource
CVE ID : CVE-2025-41116
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : When using the Grafana Databricks Datasource Plugin,
if Oauth passthrough is enabled on the d...
CVE ID : CVE-2025-41116
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : When using the Grafana Databricks Datasource Plugin,
if Oauth passthrough is enabled on the d...
CVE-2025-40827 - Siemens Software Center/DLL Hijacking
CVE ID : CVE-2025-40827
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All ver...
CVE ID : CVE-2025-40827
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All ver...
CVE-2025-40827 - Siemens Software Center/DLL Hijacking
A vulnerability has been identified in Siemens Software Center (All versions
cvefeed.io
November 11, 2025 at 11:36 PM
CVE-2025-40827 - Siemens Software Center/DLL Hijacking
CVE ID : CVE-2025-40827
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All ver...
CVE ID : CVE-2025-40827
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All ver...
CVE-2024-32008 - Spectrum Power 4 Local Privilege Escalation
CVE ID : CVE-2024-32008
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected...
CVE ID : CVE-2024-32008
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected...
CVE-2024-32008 - Spectrum Power 4 Local Privilege Escalation
A vulnerability has been identified in Spectrum Power 4 (All versions
cvefeed.io
November 11, 2025 at 11:34 PM
CVE-2024-32008 - Spectrum Power 4 Local Privilege Escalation
CVE ID : CVE-2024-32008
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected...
CVE ID : CVE-2024-32008
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected...
CVE-2025-3717 - Incorrect oauth passthrough in Grafana Snowflake Datasource
CVE ID : CVE-2025-3717
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : When using the Grafana Snowflake Datasource Plugin,
if Oauth passthrough is enabled on the data...
CVE ID : CVE-2025-3717
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : When using the Grafana Snowflake Datasource Plugin,
if Oauth passthrough is enabled on the data...
CVE-2025-3717 - Incorrect oauth passthrough in Grafana Snowflake Datasource
When using the Grafana Snowflake Datasource Plugin, if Oauth passthrough is enabled on the datasource, and multiple users are using the same datasource at the same time on a single Grafana instance, it could result in the wrong user identifier being used, and information for which the viewer is not …
cvefeed.io
November 11, 2025 at 11:33 PM
CVE-2025-3717 - Incorrect oauth passthrough in Grafana Snowflake Datasource
CVE ID : CVE-2025-3717
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : When using the Grafana Snowflake Datasource Plugin,
if Oauth passthrough is enabled on the data...
CVE ID : CVE-2025-3717
Published : Nov. 11, 2025, 9:15 p.m. | 2 hours, 16 minutes ago
Description : When using the Grafana Snowflake Datasource Plugin,
if Oauth passthrough is enabled on the data...
CVE-2025-64402: Apache OpenOffice: Remote documents loaded without prompt via OLE objects
oss-sec: CVE-2025-64402: Apache OpenOffice: Remote documents loaded without prompt via OLE objects
Posted by Arrigo Marchiori on Nov 11 Severity: moderate
Affected versions:
- Apache OpenOffice through 4.1.15
Description:
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an
attacker to craft a document that would cause external links
to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "OLE objects" linked to
external files would
load the contents of those...
seclists.org
November 11, 2025 at 11:32 PM
CVE-2025-64402: Apache OpenOffice: Remote documents loaded without prompt via OLE objects
CVE-2025-64401: Apache OpenOffice: Remote documents loaded without prompt via IFrame
oss-sec: CVE-2025-64401: Apache OpenOffice: Remote documents loaded without prompt via IFrame
Posted by Arrigo Marchiori on Nov 11 Severity: moderate
Affected versions:
- Apache OpenOffice through 4.1.15
Description:
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an
attacker to craft a document that would cause external links
to be loaded without prompt. In the affected versions of Apache OpenOffice, documents that used "floating frames"
linked to external files would
load the contents of...
seclists.org
November 11, 2025 at 11:27 PM
CVE-2025-64401: Apache OpenOffice: Remote documents loaded without prompt via IFrame
CVE-2025-64403: Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc
oss-sec: CVE-2025-64403: Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc
Posted by Arrigo Marchiori on Nov 11 Severity: moderate
Affected versions:
- Apache OpenOffice through 4.1.15
Description:
Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". A missing
Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause such links
to be loaded without prompt.
This issue affects Apache OpenOffice: through 4.1.15.
Users are recommended to...
seclists.org
November 11, 2025 at 11:22 PM
CVE-2025-64403: Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc
Paloaltoの脆弱性情報 「CVE-2025-4615 PAN-OS: Improper Neutralization of Input in the Management Web Interface (Severity: INFORMATIONAL)」が公開されました。
→ https://security.paloaltonetworks.com/CVE-2025-4615
→ https://security.paloaltonetworks.com/CVE-2025-4615
November 11, 2025 at 11:03 PM
Paloaltoの脆弱性情報 「CVE-2025-4615 PAN-OS: Improper Neutralization of Input in the Management Web Interface (Severity: INFORMATIONAL)」が公開されました。
→ https://security.paloaltonetworks.com/CVE-2025-4615
→ https://security.paloaltonetworks.com/CVE-2025-4615
サトー、海外グループで個人情報漏洩の可能性-Oracle EBSのゼロデイを悪用したサイバー攻撃(CVE-2025-61882)
rocket-boys.co.jp/security-mea...
#セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
rocket-boys.co.jp/security-mea...
#セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
サトー、海外グループで個人情報漏洩の可能性-Oracle EBSのゼロデイを悪用したサイバー攻撃(CVE-2025-61882)|セキュリティニュースのセキュリティ対策Lab
ラベルプリンターやRFIDに関する製品を販売する株式会社サトーは2025年11月10日、海外グループ会社が利用するクラウド環境でサイバーセキュリティインシデントが発生し、個人情報を含む取引先関連情報が漏えいした可能性を公表しました。原因は、サービスプロバイダー管理下の Oracle E-Business Suite(EBS)のゼロデイ脆弱性「CVE-2025-61882」 を悪用した攻撃で、同社は...
rocket-boys.co.jp
November 11, 2025 at 10:54 PM
サトー、海外グループで個人情報漏洩の可能性-Oracle EBSのゼロデイを悪用したサイバー攻撃(CVE-2025-61882)
rocket-boys.co.jp/security-mea...
#セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
rocket-boys.co.jp/security-mea...
#セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
CVE-2025-60724 - GDI+ Remote Code Execution Vulnerability
CVE ID : CVE-2025-60724
Published : Nov. 11, 2025, 6:15 p.m. | 1 hour, 40 minutes ago
Description : Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a...
CVE ID : CVE-2025-60724
Published : Nov. 11, 2025, 6:15 p.m. | 1 hour, 40 minutes ago
Description : Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a...
CVE-2025-60724 - GDI+ Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
cvefeed.io
November 11, 2025 at 10:18 PM
CVE-2025-60724 - GDI+ Remote Code Execution Vulnerability
CVE ID : CVE-2025-60724
Published : Nov. 11, 2025, 6:15 p.m. | 1 hour, 40 minutes ago
Description : Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a...
CVE ID : CVE-2025-60724
Published : Nov. 11, 2025, 6:15 p.m. | 1 hour, 40 minutes ago
Description : Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a...
CVE-2025-30398 - Nuance PowerScribe 360 Information Disclosure Vulnerability
CVE ID : CVE-2025-30398
Published : Nov. 11, 2025, 6:15 p.m. | 1 hour, 40 minutes ago
Description : Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose inform...
CVE ID : CVE-2025-30398
Published : Nov. 11, 2025, 6:15 p.m. | 1 hour, 40 minutes ago
Description : Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose inform...
CVE-2025-30398 - Nuance PowerScribe 360 Information Disclosure Vulnerability
Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.
cvefeed.io
November 11, 2025 at 10:13 PM
CVE-2025-30398 - Nuance PowerScribe 360 Information Disclosure Vulnerability
CVE ID : CVE-2025-30398
Published : Nov. 11, 2025, 6:15 p.m. | 1 hour, 40 minutes ago
Description : Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose inform...
CVE ID : CVE-2025-30398
Published : Nov. 11, 2025, 6:15 p.m. | 1 hour, 40 minutes ago
Description : Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose inform...
攻撃者は別のGladinet Triofoxゼロデイ(CVE-2025-12480)を悪用した。
Attackers exploited another Gladinet Triofox zero-day (CVE-2025-12480) #HelpNetSecurity (Nov 11)
www.helpnetsecurity.com/2025/11/11/g...
Attackers exploited another Gladinet Triofox zero-day (CVE-2025-12480) #HelpNetSecurity (Nov 11)
www.helpnetsecurity.com/2025/11/11/g...
Attackers exploited another Gladinet Triofox zero-day (CVE-2025-12480) - Help Net Security
Attackers have exploited a now-fixed vulnerability (CVE-2025-12480) in the Gladinet Triofox platform while it was still a zero-day.
www.helpnetsecurity.com
November 11, 2025 at 10:10 PM
攻撃者は別のGladinet Triofoxゼロデイ(CVE-2025-12480)を悪用した。
Attackers exploited another Gladinet Triofox zero-day (CVE-2025-12480) #HelpNetSecurity (Nov 11)
www.helpnetsecurity.com/2025/11/11/g...
Attackers exploited another Gladinet Triofox zero-day (CVE-2025-12480) #HelpNetSecurity (Nov 11)
www.helpnetsecurity.com/2025/11/11/g...
CISA: スパイウェア配布に悪用されるサムスンの脆弱性を修正 (CVE-2025-21042)
CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042) #HelpNetSecurity (Nov 11)
www.helpnetsecurity.com/2025/11/11/s...
CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042) #HelpNetSecurity (Nov 11)
www.helpnetsecurity.com/2025/11/11/s...
CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042) - Help Net Security
CISA has added CVE-2025-21042, a vulnerability affecting Samsung mobile devices that has been used to deliver spyware, to its KEV catalog.
www.helpnetsecurity.com
November 11, 2025 at 10:09 PM
CISA: スパイウェア配布に悪用されるサムスンの脆弱性を修正 (CVE-2025-21042)
CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042) #HelpNetSecurity (Nov 11)
www.helpnetsecurity.com/2025/11/11/s...
CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042) #HelpNetSecurity (Nov 11)
www.helpnetsecurity.com/2025/11/11/s...
CVE-2025-62211 - Dynamics 365 Field Service (online) Spoofing Vulnerability
CVE ID : CVE-2025-62211
Published : Nov. 11, 2025, 6:15 p.m. | 1 hour, 40 minutes ago
Description : Improper neutralization of input during web page generation ('cross-site scripting') in Dynamic...
CVE ID : CVE-2025-62211
Published : Nov. 11, 2025, 6:15 p.m. | 1 hour, 40 minutes ago
Description : Improper neutralization of input during web page generation ('cross-site scripting') in Dynamic...
CVE-2025-62211 - Dynamics 365 Field Service (online) Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
cvefeed.io
November 11, 2025 at 10:08 PM
CVE-2025-62211 - Dynamics 365 Field Service (online) Spoofing Vulnerability
CVE ID : CVE-2025-62211
Published : Nov. 11, 2025, 6:15 p.m. | 1 hour, 40 minutes ago
Description : Improper neutralization of input during web page generation ('cross-site scripting') in Dynamic...
CVE ID : CVE-2025-62211
Published : Nov. 11, 2025, 6:15 p.m. | 1 hour, 40 minutes ago
Description : Improper neutralization of input during web page generation ('cross-site scripting') in Dynamic...
CVE-2025-62210 - Dynamics 365 Field Service (online) Spoofing Vulnerability
CVE ID : CVE-2025-62210
Published : Nov. 11, 2025, 6:15 p.m. | 1 hour, 40 minutes ago
Description : Improper neutralization of input during web page generation ('cross-site scripting') in Dynamic...
CVE ID : CVE-2025-62210
Published : Nov. 11, 2025, 6:15 p.m. | 1 hour, 40 minutes ago
Description : Improper neutralization of input during web page generation ('cross-site scripting') in Dynamic...
CVE-2025-62210 - Dynamics 365 Field Service (online) Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
cvefeed.io
November 11, 2025 at 10:03 PM
CVE-2025-62210 - Dynamics 365 Field Service (online) Spoofing Vulnerability
CVE ID : CVE-2025-62210
Published : Nov. 11, 2025, 6:15 p.m. | 1 hour, 40 minutes ago
Description : Improper neutralization of input during web page generation ('cross-site scripting') in Dynamic...
CVE ID : CVE-2025-62210
Published : Nov. 11, 2025, 6:15 p.m. | 1 hour, 40 minutes ago
Description : Improper neutralization of input during web page generation ('cross-site scripting') in Dynamic...
Microsoft's November 2025 Patch Tuesday addressed 63 vulnerabilities, including one zero-day (CVE-2025-62215) exploited in the wild, allowing local privilege escalation. Key vulnerabilities include CVE-2025-62199 (RCE in Office), CVE-2025-60716 (EoP in DirectX), and CVE-2025-60724 (RCE in GDI+).
Microsoft November 2025 Patch Tuesday – 63 Vulnerabilities, Including 1 Zero-Day Fixed
cybersecuritynews.com
November 11, 2025 at 10:02 PM
Microsoft's November 2025 Patch Tuesday addressed 63 vulnerabilities, including one zero-day (CVE-2025-62215) exploited in the wild, allowing local privilege escalation. Key vulnerabilities include CVE-2025-62199 (RCE in Office), CVE-2025-60716 (EoP in DirectX), and CVE-2025-60724 (RCE in GDI+).