Security Vulnerabilities
Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the underlying XI host. By abusing the migration workflow, an admin-level attacker could execute actions outside the intended security scope of the application, resulting in full control of the operating system.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-11-03
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-11-03
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-11-03
Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in /maid-hiring.php va the name field.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-03
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-11-03
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-03
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an attacker to access unauthorized content or perform unauthorized actions using man in the middle techniques due to improper access controls.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-11-03
Simple User Management System with PHP-MySQL v1.0 is vulnerable to Cross-Site Scripting (XSS) via the Profile Section. The system fails to properly sanitize user input, allowing attackers to inject and execute arbitrary JavaScript when the input is displayed in the browser
CVSS Score
4.6
EPSS Score
0.0
Published
2025-11-03
NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_content function.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-03
An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-03