Vulnerability Summary for the Week of November 10, 2025

2025-11-17 21:11

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source Info	Patch Info
leopardhost–TNC Toolbox: Web Performance	The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials (hostname, username, and API key) in files within the web-accessible wp-content directory without adequate protection in the “Tnc_Wp_Toolbox_Settings::save_settings” function. This makes it possible for unauthenticated attackers to retrieve these credentials and use them to interact with the cPanel API, which can lead to arbitrary file uploads, remote code execution, and full compromise of the hosting environment.	2025-11-11	10	CVE-2025-12539	https://www.wordfence.com/threat-intel/vulnerabilities/id/2eaa5a5c-c11f-40d0-be69-c3ec8029a819?source=cve https://github.com/The-Network-Crew/TNC-Toolbox-for-WordPress/commit/31bb3040b22c84e2d6dfd3210fe0ad045ff4ddf6
IBM–AIX	IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.	2025-11-13	10	CVE-2025 […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of November 10, 2025 Share this: Facebook X LinkedIn Like this: Like Loading... Related Tags: Bulletins EN Post navigation ← mcp-scan – Real-Time Guardrail Monitoring and Dynamic Proxy for MCP Servers AT&T’s $177M Breach Settlement Deadline Nears — Are You Entitled to a Payout? → Search for: Pages Advertising Contact Legal and Contact information Opt-out preferences Privacy Policy Social Media Apps Telegram Channel Recent Posts IT Security News Hourly Summary 2025-11-18 00h : 9 posts November 18, 2025 Payroll Pirates – Network of Criminal Groups Hijacking Payroll Systems November 18, 2025 Threat Actors can Use Xanthorox AI Tool to Generate Different Malicious Code Based on Prompts November 18, 2025 What future innovations excite leaders in Agentic AI security November 18, 2025 What makes an effective Secret Scanning solution November 18, 2025 Are current IAM solutions capable of handling NHIs effectively November 18, 2025 How adaptable are AI-driven security systems to new threats November 18, 2025 IT Security News Daily Summary 2025-11-17 November 18, 2025 Iranian Hackers Use SpearSpecter to Target Senior Government Leaders November 18, 2025 Yurei Ransomware File Encryption, Operation Model and Data Transfer Methods Uncovered November 18, 2025 Bitsgap vs HaasOnline: Advanced Features vs Smart Simplicity November 18, 2025 Pentagon and soldiers let too many secrets slip on social networks, watchdog says November 18, 2025 ‘Largest-ever’ cloud DDoS attack pummels Azure with 3.64B packets per second November 18, 2025 EchoGram: The Attack That Can Break AI Guardrails November 17, 2025 Cisco Firewall, Unified CCX, and ISE Vulnerability Summary (Nov 2025) November 17, 2025 When Machines Attack Machines: The New Reality of AI Security November 17, 2025 CISA, eyeing China, plans hiring spree to rebuild its depleted ranks November 17, 2025 Alice Blue Partners with AccuKnox for Regulatory Compliance November 17, 2025 AI Pulse: The Rise of AI Search Crawlers November 17, 2025 A Perfect Storm: DDoS Attack Hits Turkish Luxury Retailer During Fall Collection Launch November 17, 2025 Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com. Manage Consent To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Functional Functional Always active The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. Preferences Preferences The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. Statistics Statistics The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Marketing Marketing The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Manage options Manage services Manage {vendor_count} vendors Read more about these purposes View preferences {title} {title} {title}