Security Vulnerabilities - CVEs Published In November 2025
Improper Privilege Management vulnerability in Apache Kvrocks.
This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0.
Users are recommended to upgrade to version 2.14.0, which fixes the issue.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-11-28
Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-11-28
Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-28
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-11-28
File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-11-28
WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-11-28
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-28
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-28
WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-11-28
Permission control vulnerability in the Settings module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-11-28