Vulnerability Summary for the Week of November 10, 2025

2025-11-17 21:11

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source Info	Patch Info
leopardhost–TNC Toolbox: Web Performance	The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials (hostname, username, and API key) in files within the web-accessible wp-content directory without adequate protection in the “Tnc_Wp_Toolbox_Settings::save_settings” function. This makes it possible for unauthenticated attackers to retrieve these credentials and use them to interact with the cPanel API, which can lead to arbitrary file uploads, remote code execution, and full compromise of the hosting environment.	2025-11-11	10	CVE-2025-12539	https://www.wordfence.com/threat-intel/vulnerabilities/id/2eaa5a5c-c11f-40d0-be69-c3ec8029a819?source=cve https://github.com/The-Network-Crew/TNC-Toolbox-for-WordPress/commit/31bb3040b22c84e2d6dfd3210fe0ad045ff4ddf6
IBM–AIX	IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.	2025-11-13	10	CVE-2025 […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of November 10, 2025 Share this: Facebook X LinkedIn Like this: Like Loading... Related Tags: Bulletins EN Post navigation ← mcp-scan – Real-Time Guardrail Monitoring and Dynamic Proxy for MCP Servers AT&T’s $177M Breach Settlement Deadline Nears — Are You Entitled to a Payout? → Search for: Pages Advertising Contact Legal and Contact information Opt-out preferences Privacy Policy Social Media Apps Telegram Channel Recent Posts AI Pulse: The Rise of AI Search Crawlers November 17, 2025 A Perfect Storm: DDoS Attack Hits Turkish Luxury Retailer During Fall Collection Launch November 17, 2025 Security researcher calls BS on Coinbase breach disclosure timeline November 17, 2025 Post-quantum (ML-DSA) code signing with AWS Private CA and AWS KMS November 17, 2025 IT Security News Hourly Summary 2025-11-17 21h : 3 posts November 17, 2025 Private AI at Home: A RAG-Powered Secure Chatbot for Everyday Help November 17, 2025 Microsoft mitigated the largest cloud DDoS ever recorded, 15.7 Tbps November 17, 2025 Pig-Butchering Scams Operators Scaled Their Operations with The Support of AI-Assistants November 17, 2025 AT&T’s $177M Breach Settlement Deadline Nears — Are You Entitled to a Payout? November 17, 2025 Vulnerability Summary for the Week of November 10, 2025 November 17, 2025 mcp-scan – Real-Time Guardrail Monitoring and Dynamic Proxy for MCP Servers November 17, 2025 Randall Munroe’s XKCD ‘’Shielding Chart” November 17, 2025 ShadowMQ: Critical AI Flaws Impact Meta, NVIDIA, and More November 17, 2025 Collaborative research by Microsoft and NVIDIA on real-time immunity November 17, 2025 The price of ChatGPT’s erotic chat? $20/month and your identity November 17, 2025 Selling your identity to North Korean IT scammers isn’t a sustainable side hustle November 17, 2025 A Polycrisis of AI Cyberattacks is Approaching. Are You Breach Ready Yet? November 17, 2025 Cloudflare to acquire Replicate, aiming for seamless serverless AI at global scale November 17, 2025 New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT November 17, 2025 Everest Ransomware Says It Stole Data of Millions of Under Armour Users November 17, 2025 Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com. Manage Consent To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Functional Functional Always active The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. Preferences Preferences The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. Statistics Statistics The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Marketing Marketing The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Manage options Manage services Manage {vendor_count} vendors Read more about these purposes View preferences {title} {title} {title}