CVE List - 2025 / December
Showing 1201 - 1300 of 3706 CVEs for December 2025 (Page 13 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-53841 | 2025-12-09 | devlink: report devlink_port_type_warn source device |
| CVE-2023-53842 | 2025-12-09 | ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove |
| CVE-2023-53843 | 2025-12-09 | net: openvswitch: reject negative ifindex |
| CVE-2023-53844 | 2025-12-09 | drm/ttm: Don't leak a resource on swapout move error |
| CVE-2023-53845 | 2025-12-09 | nilfs2: fix infinite loop in nilfs_mdt_get_block() |
| CVE-2023-53846 | 2025-12-09 | f2fs: fix to do sanity check on direct node in truncate_dnode() |
| CVE-2023-53847 | 2025-12-09 | usb-storage: alauda: Fix uninit-value in alauda_check_media() |
| CVE-2023-53848 | 2025-12-09 | md/raid5-cache: fix a deadlock in r5l_exit_log() |
| CVE-2023-53849 | 2025-12-09 | drm/msm: fix workqueue leak on bind errors |
| CVE-2023-53850 | 2025-12-09 | iavf: use internal state to free traffic IRQs |
| CVE-2023-53851 | 2025-12-09 | drm/msm/dp: Drop aux devices together with DP controller |
| CVE-2023-53852 | 2025-12-09 | nvme-core: fix memory leak in dhchap_secret_store |
| CVE-2023-53853 | 2025-12-09 | netlink: annotate accesses to nlk->cb_running |
| CVE-2023-53854 | 2025-12-09 | ASoC: mediatek: mt8186: Fix use-after-free in driver remove path |
| CVE-2023-53855 | 2025-12-09 | net: dsa: ocelot: call dsa_tag_8021q_unregister() under rtnl_lock() on driver remove |
| CVE-2023-53856 | 2025-12-09 | of: overlay: Call of_changeset_init() early |
| CVE-2023-53857 | 2025-12-09 | bpf: bpf_sk_storage: Fix invalid wait context lockdep report |
| CVE-2023-53858 | 2025-12-09 | tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error |
| CVE-2023-53859 | 2025-12-09 | s390/idle: mark arch_cpu_idle() noinstr |
| CVE-2023-53860 | 2025-12-09 | dm: don't attempt to queue IO under RCU protection |
| CVE-2023-53861 | 2025-12-09 | ext4: correct grp validation in ext4_mb_good_group |
| CVE-2023-53862 | 2025-12-09 | hfs: fix missing hfs_bnode_get() in __hfs_bnode_create |
| CVE-2023-53863 | 2025-12-09 | netlink: do not hard code device address lenth in fdb dumps |
| CVE-2023-53864 | 2025-12-09 | drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() |
| CVE-2023-53865 | 2025-12-09 | btrfs: fix warning when putting transaction with qgroups enabled after abort |
| CVE-2023-53866 | 2025-12-09 | ASoC: soc-compress: Reposition and add pcm_mutex |
| CVE-2025-14286 | 2025-12-09 | Tenda AC9 Configuration File DownloadCfg.jpg information disclosure |
| CVE-2025-66508 | 2025-12-09 | 1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers |
| CVE-2025-66565 | 2025-12-09 | Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values |
| CVE-2025-66567 | 2025-12-09 | ruby-saml has a SAML authentication bypass due to namespace handling (parser differential) |
| CVE-2025-66568 | 2025-12-09 | ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation |
| CVE-2025-66622 | 2025-12-09 | matrix-sdk-base is vulnerable to DoS via custom m.room.join_rules event values |
| CVE-2025-42872 | 2025-12-09 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal |
| CVE-2025-42873 | 2025-12-09 | Denial of Service (DoS) in SAPUI5 framework (Markdown-it component) |
| CVE-2025-42874 | 2025-12-09 | Denial of service (DOS) in SAP NetWeaver (remote service for Xcelsius) |
| CVE-2025-42875 | 2025-12-09 | Missing Authentication check in SAP NetWeaver Internet Communication Framework |
| CVE-2025-42876 | 2025-12-09 | Missing Authorization Check in SAP S/4 HANA Private Cloud (Financials General Ledger) |
| CVE-2025-42877 | 2025-12-09 | Memory Corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager and SAP Content Server |
| CVE-2025-42878 | 2025-12-09 | Sensitive Data Exposure in SAP Web Dispatcher and Internet Communication Manager (ICM) |
| CVE-2025-42880 | 2025-12-09 | Code Injection vulnerability in SAP Solution Manager |
| CVE-2025-42891 | 2025-12-09 | Missing Authorization check in SAP Enterprise Search for ABAP |
| CVE-2025-42896 | 2025-12-09 | Server-Side Request Forgery (SSRF) in SAP BusinessObjects Business Intelligence Platform |
| CVE-2025-42904 | 2025-12-09 | Information Disclosure vulnerability in Application Server ABAP |
| CVE-2025-42928 | 2025-12-09 | Deserialization Vulnerability in SAP jConnect - SDK for ASE |
| CVE-2025-66578 | 2025-12-09 | robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation |
| CVE-2025-66627 | 2025-12-09 | Wasmi's Linear Memory has a Critical Use After Free Vulnerability |
| CVE-2025-66631 | 2025-12-09 | CSLA .NET is vulnerable to Remote Code Execution via WcfProxy |
| CVE-2025-67504 | 2025-12-09 | WBCE CMS has Weak Random Number Generator in Password Generation Function |
| CVE-2025-67487 | 2025-12-09 | Static Web Server is vulnerable to symbolic link Path Traversal |
| CVE-2025-40327 | 2025-12-09 | perf/core: Fix system hang caused by cpu-clock usage |
| CVE-2025-40328 | 2025-12-09 | smb: client: fix potential UAF in smb2_close_cached_fid() |
| CVE-2025-40329 | 2025-12-09 | drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb |
| CVE-2025-40330 | 2025-12-09 | bnxt_en: Shutdown FW DMA in bnxt_shutdown() |
| CVE-2025-40331 | 2025-12-09 | sctp: Prevent TOCTOU out-of-bounds write |
| CVE-2025-40332 | 2025-12-09 | drm/amdkfd: Fix mmap write lock not release |
| CVE-2025-40333 | 2025-12-09 | f2fs: fix infinite loop in __insert_extent_tree() |
| CVE-2025-40334 | 2025-12-09 | drm/amdgpu: validate userq buffer virtual address and size |
| CVE-2025-40335 | 2025-12-09 | drm/amdgpu: validate userq input args |
| CVE-2025-40336 | 2025-12-09 | drm/gpusvm: fix hmm_pfn_to_map_order() usage |
| CVE-2025-40337 | 2025-12-09 | net: stmmac: Correctly handle Rx checksum offload errors |
| CVE-2025-40338 | 2025-12-09 | ASoC: Intel: avs: Do not share the name pointer between components |
| CVE-2025-40339 | 2025-12-09 | drm/amdgpu: fix nullptr err of vm_handle_moved |
| CVE-2025-40340 | 2025-12-09 | drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test. |
| CVE-2025-40341 | 2025-12-09 | futex: Don't leak robust_list pointer on exec race |
| CVE-2025-40342 | 2025-12-09 | nvme-fc: use lock accessing port_state and rport state |
| CVE-2025-40343 | 2025-12-09 | nvmet-fc: avoid scheduling association deletion twice |
| CVE-2025-40344 | 2025-12-09 | ASoC: Intel: avs: Disable periods-elapsed work when closing PCM |
| CVE-2025-13604 | 2025-12-09 | Login Security, FireWall, Malware removal by CleanTalk <= 2.168 - Unauthenticated Stored Cross-Site Scripting via Page URL |
| CVE-2025-14284 | 2025-12-09 | Versions of the package @tiptap/extension-link before 2.10.4 are vulnerable to Cross-site Scripting (XSS) due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript... |
| CVE-2025-13031 | 2025-12-09 | WPeMatico RSS Feed Fetcher < 2.8.13 - Contributor+ Stored XSS |
| CVE-2025-13070 | 2025-12-09 | CSV to SortTable <= 4.2 - Contributor+ LFI |
| CVE-2025-13071 | 2025-12-09 | Custom Admin Menu <= 1.0.0 - Reflected XSS |
| CVE-2025-13428 | 2025-12-09 | RCE in SecOps SOAR server via user-provided Python packages |
| CVE-2025-14306 | 2025-12-09 | Directory Traversal in Robocode's CacheCleaner Component |
| CVE-2025-14307 | 2025-12-09 | Insecure Temporary File Creation in Robocode's AutoExtract Component |
| CVE-2025-14308 | 2025-12-09 | Integer Overflow in Robocode's Buffer Write Method |
| CVE-2025-14309 | 2025-12-09 | NULL Pointer Dereference vulnerability in ravynsoft ravynos.This issue affects ravynos: through 0.5.2. |
| CVE-2025-14310 | 2025-12-09 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb.This issue affects rethinkdb: before 2.4.4. |
| CVE-2025-14311 | 2025-12-09 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in JMRI.This issue affects JMRI: before 5.13.3. |
| CVE-2025-41752 | 2025-12-09 | Reflected XSS vulnerability in pxc_portSfp.php |
| CVE-2025-41751 | 2025-12-09 | Reflected XSS vulnerability in pxc_portCntr.php |
| CVE-2025-41750 | 2025-12-09 | Reflected XSS vulnerability in pxc_PortCfg.php |
| CVE-2025-41749 | 2025-12-09 | Reflected XSS vulnerability in port_util.php |
| CVE-2025-41748 | 2025-12-09 | Reflected XSS vulnerability in pxc_Dot1xCfg.php |
| CVE-2025-41747 | 2025-12-09 | Reflected XSS vulnerability in pxc_vlanIntfCfg.php |
| CVE-2025-41746 | 2025-12-09 | Reflected XSS vulnerability in pxc_portSecCfg.php |
| CVE-2025-41745 | 2025-12-09 | Reflected XSS vulnerability in pxc_portCntr2.php |
| CVE-2025-41695 | 2025-12-09 | Reflected XSS vulnerability in dyn_conn.php |
| CVE-2025-41697 | 2025-12-09 | Shell access to UART Console |
| CVE-2025-41692 | 2025-12-09 | Weak/Predictable root Password |
| CVE-2025-41694 | 2025-12-09 | Authenticated Denial-of-Service via Webshell |
| CVE-2025-41696 | 2025-12-09 | Hardcoded User Password |
| CVE-2025-41693 | 2025-12-09 | Authenticated Denial-of-Service via SSH |
| CVE-2025-64696 | 2025-12-09 | Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications. |
| CVE-2025-66271 | 2025-12-09 | Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive... |
| CVE-2025-59030 | 2025-12-09 | Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor |
| CVE-2025-59029 | 2025-12-09 | Internal logic flaw in cache management can lead to a denial of service in PowerDNS Recursor |
| CVE-2024-56835 | 2025-12-09 | A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). The DHCP Server configuration file of the affected products is subject to code injection. An attacker... |
| CVE-2024-56836 | 2025-12-09 | A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). During the Dynamic DNS configuration of the affected product it is possible to inject additional configuration... |
| CVE-2024-56837 | 2025-12-09 | A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). Due to the insufficient validation during the installation and load of certain configuration files of the... |