CVE List - 2025 / December
Showing 2101 - 2200 of 3706 CVEs for December 2025 (Page 22 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-14521 | 2025-12-11 | baowzh hfly download path traversal |
| CVE-2025-14522 | 2025-12-11 | baowzh hfly upload_json.php unrestricted upload |
| CVE-2024-8273 | 2025-12-11 | Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1. |
| CVE-2025-14526 | 2025-12-11 | Tenda CH22 L7Im frmL7ImForm buffer overflow |
| CVE-2025-66043 | 2025-12-11 | Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker... |
| CVE-2025-66044 | 2025-12-11 | Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker... |
| CVE-2025-66045 | 2025-12-11 | Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker... |
| CVE-2025-66046 | 2025-12-11 | Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker... |
| CVE-2025-66047 | 2025-12-11 | Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker... |
| CVE-2025-66048 | 2025-12-11 | Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker... |
| CVE-2025-14527 | 2025-12-11 | projectworlds Advanced Library Management System view_book.php sql injection |
| CVE-2025-14528 | 2025-12-11 | D-Link DIR-803 Configuration getcfg.php information disclosure |
| CVE-2025-13912 | 2025-12-11 | Potential non-constant time compiled code with Clang LLVM |
| CVE-2025-14529 | 2025-12-11 | Campcodes Retro Basketball Shoes Online Store admin_running.php sql injection |
| CVE-2025-14530 | 2025-12-11 | SourceCodester Real Estate Property Listing App property.php unrestricted upload |
| CVE-2025-14046 | 2025-12-11 | Insufficient HTML Sanitization Allows User-Controlled DOM Elements to Overwrite Server-Initialized Data Islands and Trigger Unintended Server-Side POST Requests |
| CVE-2025-64669 | 2025-12-11 | Windows Admin Center Elevation of Privilege Vulnerability |
| CVE-2025-13780 | 2025-12-11 | Remote Code Execution vulnerability when restoring PLAIN-format SQL dumps in server mode (pgAdmin 4) |
| CVE-2025-14531 | 2025-12-11 | code-projects Rental Management System Log Transaction.java crlf injection |
| CVE-2025-14534 | 2025-12-11 | UTT 进取 512W Endpoint formNatStaticMap strcpy buffer overflow |
| CVE-2025-14535 | 2025-12-11 | UTT 进取 512W formConfigFastDirectionW strcpy buffer overflow |
| CVE-2025-36889 | 2025-12-11 | In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2025-36912 | 2025-12-11 | In cellular modem, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution... |
| CVE-2025-36916 | 2025-12-11 | In PrepareWorkloadBuffers of gxp_main_actor.cc, there is a possible double fetch due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2025-36917 | 2025-12-11 | In SwDcpItg of up_L2commonPdcpSecurity.cpp, there is a possible denial of service due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges... |
| CVE-2025-36918 | 2025-12-11 | In aoc_service_read_message of aoc_ipc_core.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2025-36919 | 2025-12-11 | In aocc_read of aoc_channel_dev.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2025-36921 | 2025-12-11 | In ProtocolPsUnthrottleApn() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required.... |
| CVE-2025-36922 | 2025-12-11 | In bigo_map of bigo_iommu.c, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege in the OS Kernel level with... |
| CVE-2025-36923 | 2025-12-11 | In NrmmDecoder::DecodeSORTransparentContext of cn_NrmmDecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional... |
| CVE-2025-36924 | 2025-12-11 | In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional... |
| CVE-2025-36925 | 2025-12-11 | In WAVES_send_data_to_dsp of libaoc_waves.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2025-36927 | 2025-12-11 | In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2025-36928 | 2025-12-11 | In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2025-36929 | 2025-12-11 | In AreFencesRegistered of gxp_fence_manager.cc, there is a possible information leak due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2025-36930 | 2025-12-11 | In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2025-36931 | 2025-12-11 | In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2025-36932 | 2025-12-11 | In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2025-36934 | 2025-12-11 | In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2025-36935 | 2025-12-11 | In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2025-36936 | 2025-12-11 | In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2025-36937 | 2025-12-11 | In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2025-36938 | 2025-12-11 | In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution... |
| CVE-2024-42197 | 2025-12-11 | HCL Workload Scheduler is vulnerable to plain text storage of a password |
| CVE-2025-13211 | 2025-12-11 | IBM Aspera Orchestrator Denial of Service |
| CVE-2025-13481 | 2025-12-11 | IBM Aspera Orchestrator Command Injection |
| CVE-2025-13148 | 2025-12-11 | IBM Aspera Orchestrator Unverified Password Change |
| CVE-2025-13214 | 2025-12-11 | IBM Aspera Orchestrator SQL Injection |
| CVE-2025-14536 | 2025-12-11 | code-projects Class and Exam Timetable Management Login index.php sql injection |
| CVE-2025-55183 | 2025-12-11 | An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A... |
| CVE-2025-55184 | 2025-12-11 | A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable... |
| CVE-2025-14293 | 2025-12-11 | WP Job Portal <= 2.4.0 - Authenticated (Subscriber+) Arbitrary File Read |
| CVE-2025-14537 | 2025-12-11 | code-projects Class and Exam Timetable Management preview7.php sql injection |
| CVE-2025-13663 | 2025-12-11 | Quartus Prime Pro Edition Installer Advisory |
| CVE-2025-66590 | 2025-12-11 | Out-of-bounds Write vulnerability in AzeoTech DAQFactory |
| CVE-2025-66589 | 2025-12-11 | Out-of-bounds Read vulnerability in AzeoTech DAQFactory |
| CVE-2025-66588 | 2025-12-11 | Access of Uninitialized Pointer vulnerability in AzeoTech DAQFactory |
| CVE-2025-66587 | 2025-12-11 | Heap-based Buffer Overflow vulnerability in AzeoTech DAQFactory |
| CVE-2025-66586 | 2025-12-11 | Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in AzeoTech DAQFactory |
| CVE-2025-13664 | 2025-12-11 | Quartus Prime Standard Security Advisory |
| CVE-2025-66585 | 2025-12-11 | Use After Free vulnerability in AzeoTech DAQFactory |
| CVE-2025-64702 | 2025-12-11 | quic-go HTTP/3 QPACK Header Expansion DoS |
| CVE-2025-66584 | 2025-12-11 | Stack-based Buffer Overflow vulnerability in AzeoTech DAQFactory |
| CVE-2025-14538 | 2025-12-11 | yangshare warehouseManager 仓库管理系统 CustomerManageHandler.java addCustomer cross site scripting |
| CVE-2025-64721 | 2025-12-11 | Sandboxie's Integer Overflow in SbieIniServer::RC4Crypt allows sandbox escape and SYSTEM compromise |
| CVE-2024-58286 | 2025-12-11 | dizqueTV 1.5.3 Remote Code Execution via FFMPEG Executable Path |
| CVE-2024-58287 | 2025-12-11 | reNgine 2.2.0 Authenticated Command Injection via Scan Engine Configuration |
| CVE-2024-58288 | 2025-12-11 | Genexus Protection Server 9.7.2.10 Unquoted Service Path Privilege Escalation |
| CVE-2024-58289 | 2025-12-11 | Microweber 2.0.15 Stored Cross-Site Scripting via User Profile Fields |
| CVE-2024-58290 | 2025-12-11 | Xhibiter NFT Marketplace 1.10.2 SQL Injection via Collections Endpoint |
| CVE-2024-58291 | 2025-12-11 | Flatboard 3.2 Authenticated Stored Cross-Site Scripting via Forum Information Field |
| CVE-2024-58292 | 2025-12-11 | XMB Forum 1.9.12.06 Persistent Cross-Site Scripting via Admin Templates |
| CVE-2024-58293 | 2025-12-11 | Akaunting 3.1.8 Server-Side Template Injection via Multiple Form Fields |
| CVE-2024-58294 | 2025-12-11 | FreePBX 16 Authenticated Remote Code Execution via API Module |
| CVE-2024-58295 | 2025-12-11 | ElkArte Forum 1.1.9 Authenticated Remote Code Execution via Theme Upload |
| CVE-2024-58296 | 2025-12-11 | CE Phoenix v3.0.1 Stored Cross-Site Scripting via admin/currencies.php |
| CVE-2024-58297 | 2025-12-11 | PyroCMS v3.0.1 Stored Cross-Site Scripting via Admin Redirects |
| CVE-2024-58298 | 2025-12-11 | Compuware iStrobe Web 20.13 Pre-Auth Remote Code Execution via File Upload |
| CVE-2025-66419 | 2025-12-11 | MaxKB vulnerable to privilege escalation through sandbox bypass |
| CVE-2024-58300 | 2025-12-11 | Siklu MultiHaul TG Series < 2.0.0 Unauthenticated Credential Disclosure Vulnerability |
| CVE-2024-58301 | 2025-12-11 | Purei CMS 1.0 SQL Injection via Multiple Vulnerable Endpoints |
| CVE-2024-58302 | 2025-12-11 | FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings |
| CVE-2024-58303 | 2025-12-11 | FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings |
| CVE-2024-58304 | 2025-12-11 | SPA-CART CMS 1.9.0.3 Stored Cross-Site Scripting |
| CVE-2024-58306 | 2025-12-11 | minaliC 2.0.0 Denial of Service Vulnerability via Large GET Request |
| CVE-2024-58307 | 2025-12-11 | CSZCMS 1.3.0 Authenticated SQL Injection via Members View Endpoint |
| CVE-2024-58308 | 2025-12-11 | Quick.CMS 6.7 SQL Injection Authentication Bypass via Admin Login |
| CVE-2024-58309 | 2025-12-11 | xbtitFM 4.1.18 Unauthenticated SQL Injection in shoutedit.php |
| CVE-2024-58310 | 2025-12-11 | APC Network Management Card 4 Path Traversal via Directory Traversal |
| CVE-2024-58312 | 2025-12-11 | xbtitFM 4.1.18 Unauthenticated Path Traversal in nfogen.php |
| CVE-2024-58313 | 2025-12-11 | xbtitFM 4.1.18 Insecure File Upload in file_hosting Feature |
| CVE-2025-34499 | 2025-12-11 | AnyDesk 9.0.1 Unquoted Service Path Privilege Escalation Vulnerability |
| CVE-2025-34504 | 2025-12-11 | KodExplorer 4.52 Open Redirect Vulnerability via User Login Endpoint |
| CVE-2025-34506 | 2025-12-11 | WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload |
| CVE-2025-66446 | 2025-12-11 | MaxKB has a Python sandbox LD_PRELOAD bypass |
| CVE-2025-13668 | 2025-12-11 | Quartus Prime Pro Edition Advisory |
| CVE-2025-66450 | 2025-12-11 | LibreChat JSON Injection in Chat POST Allows Remote Resource Inclusion and PXSS via Image Upload |
| CVE-2025-66451 | 2025-12-11 | LibreChat's Improper Input Validation in Prompt Creation API Enables Unauthorized Permission Changes |
| CVE-2025-66452 | 2025-12-11 | LibreChat's lack of JSON parsing error handling can lead to XSS |
| CVE-2025-67780 | 2025-12-11 | SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 (e.g., on Mini1_prod2) allow administrative actions via unauthenticated LAN gRPC requests, aka MARMALADE 2. The cross-origin policy can be bypassed by omitting a... |