2025-11-08 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2025-11212 | Google - Chrome | Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | CNA n/a CVSS3.1: 6.3 - MEDIUM | 0 1 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2025-10968 | GG Soft Software Services Inc. - PaperWork | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection.This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398. | CVSS3.1: 8.8 - HIGH | 0 | Exploitation: noneAutomatable: noTechnical Impact: total | SQLi in GG Soft’s PaperWork | github |
| CVE-2022-50590 | SuiteCRM - SuiteCRM | SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator. | CVSS4.0: 8.8 - HIGH | 0 1 2 | Exploitation: noneAutomatable: yesTechnical Impact: partial | SuiteCRM < 7.12.6 Type Confusion via ‘deleteAttachment’ Functionality | github |
This post is licensed under CC BY 4.0 by the author.