CVE List - 2025 / December
Showing 3601 - 3700 of 3706 CVEs for December 2025 (Page 37 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-53935 | 2025-12-18 | WBiz Desk 1.2 SQL Injection Vulnerability via ticket.php Parameter |
| CVE-2023-53936 | 2025-12-18 | Cameleon CMS 2.7.4 Authenticated Persistent Cross-Site Scripting via Post Creation |
| CVE-2023-53938 | 2025-12-18 | RockMongo 1.1.7 Stored Cross-Site Scripting Vulnerability via Multiple Parameters |
| CVE-2023-53939 | 2025-12-18 | TinyWebGallery v2.5 Stored Cross-Site Scripting via Folder Name Parameter |
| CVE-2023-53941 | 2025-12-18 | EasyPHP Webserver 14.1 Remote Code Execution |
| CVE-2023-53942 | 2025-12-18 | File Thingie 2.5.7 Authenticated Arbitrary File Upload Remote Code Execution |
| CVE-2023-53943 | 2025-12-18 | GLPI 9.5.7 Username Enumeration Vulnerability via Lost Password Endpoint |
| CVE-2023-53944 | 2025-12-18 | EasyPHP Webserver 14.1 Path Traversal via Directory Traversal Sequences |
| CVE-2024-58317 | 2025-12-18 | Kentico Xperience <= 13.0.164 Cookie Security Configuration |
| CVE-2024-58318 | 2025-12-18 | Kentico Xperience <= 13.0.162 Rich Text Editor Stored XSS |
| CVE-2024-58319 | 2025-12-18 | Kentico Xperience <= 13.0.160 Pages Dashboard Widget Reflected XSS |
| CVE-2024-58320 | 2025-12-18 | Kentico Xperience <= 13.0.159 Authentication Information Disclosure |
| CVE-2024-58321 | 2025-12-18 | Kentico Xperience <= 13.0.159 Form Validation Stored XSS |
| CVE-2024-58322 | 2025-12-18 | Kentico Xperience <= 13.0.158 Shipping Options Stored XSS |
| CVE-2024-58323 | 2025-12-18 | Kentico Xperience <= 13.0.158 Checkbox Form Component Stored XSS |
| CVE-2023-53937 | 2025-12-18 | Hubstaff 1.6.14 DLL Search Order Hijacking via wow64log Library |
| CVE-2023-53940 | 2025-12-18 | Codigo Markdown Editor 1.0.1 Electron Arbitrary Code Execution via Markdown File |
| CVE-2025-14889 | 2025-12-18 | Campcodes Advanced Voting Management System Password voters_edit.php improper authorization |
| CVE-2025-13911 | 2025-12-18 | Inductive Automation Ignition Execution with Unnecessary Privileges |
| CVE-2025-59529 | 2025-12-18 | simple protocol server ignores accepts unlimited connections and logs failures without limit |
| CVE-2025-14850 | 2025-12-18 | Advantech WebAccess/SCADA Improper Limitation of a Pathname to a Restricted Directory |
| CVE-2025-62000 | 2025-12-18 | BullWall Ransomware Containment incomplete file inspection |
| CVE-2025-62001 | 2025-12-18 | BullWall Ransomware Containment hard-coded folder exclusions |
| CVE-2025-14849 | 2025-12-18 | Advantech WebAccess/SCADA Unrestricted Upload of File with Dangerous Type |
| CVE-2025-62002 | 2025-12-18 | BullWall Ransomware Containment large file encryption |
| CVE-2025-14848 | 2025-12-18 | Advantech WebAccess/SCADA Absolute Path Traversal |
| CVE-2025-46268 | 2025-12-18 | Advantech WebAccess/SCADA SQL Injection |
| CVE-2025-62003 | 2025-12-18 | BullWall Server Intrusion Protection connection delay |
| CVE-2025-62004 | 2025-12-18 | BullWall Server Intrusion Protection initialization race condition |
| CVE-2025-67653 | 2025-12-18 | Advantech WebAccess/SCADA Path Traversal |
| CVE-2025-68161 | 2025-12-18 | Apache Log4j Core: Missing TLS hostname verification in Socket appender |
| CVE-2025-53710 | 2025-12-18 | Network boundaries not respected in certain Foundry namespaces. |
| CVE-2025-34449 | 2025-12-18 | Genymobile/scrcpy <= 3.3.3 Global Buffer Overflow |
| CVE-2025-34450 | 2025-12-18 | merbanan/rtl_433 <= 25.02 Stack-based Buffer Overflow |
| CVE-2025-34451 | 2025-12-18 | rofl0r/proxychains-ng <= 4.17 Stack-based Buffer Overflow |
| CVE-2025-34452 | 2025-12-18 | Streama Subtitle Download Path Traversal and SSRF Leading to Arbitrary File Write |
| CVE-2025-68388 | 2025-12-18 | Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading... |
| CVE-2025-68381 | 2025-12-18 | Packetbeat Improper Bounds Check |
| CVE-2025-68382 | 2025-12-18 | Packetbeat Out-of-bounds Read |
| CVE-2025-13427 | 2025-12-18 | Authentication Bypass in Dialogflow CX Messenger |
| CVE-2025-68383 | 2025-12-18 | Filebeat Improper Validation of Specified Index, Position, or Offset in Input |
| CVE-2025-65046 | 2025-12-18 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2025-64663 | 2025-12-18 | Custom Question Answering Elevation of Privilege Vulnerability |
| CVE-2025-65041 | 2025-12-18 | Microsoft Partner Center Elevation of Privilege Vulnerability |
| CVE-2025-65037 | 2025-12-18 | Azure Container Apps Remote Code Execution Vulnerability |
| CVE-2025-64676 | 2025-12-18 | Microsoft Purview eDiscovery Remote Code Execution Vulnerability |
| CVE-2025-64677 | 2025-12-18 | Office Out-of-Box Experience Spoofing Vulnerability |
| CVE-2025-68384 | 2025-12-18 | Elasticsearch Allocation of Resources Without Limits or Throttling |
| CVE-2025-68385 | 2025-12-18 | Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2025-68387 | 2025-12-18 | Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2025-68389 | 2025-12-18 | Kibana Allocation of Resources Without Limits or Throttling |
| CVE-2025-68390 | 2025-12-18 | Elasticsearch Allocation of Resources Without Limits or Throttling |
| CVE-2025-68386 | 2025-12-18 | Kibana Improper Authorization |
| CVE-2025-68422 | 2025-12-18 | Kibana Improper Authorization |
| CVE-2025-68279 | 2025-12-18 | Weblate has an arbitrary file read via symbolic links |
| CVE-2025-68398 | 2025-12-18 | Weblate has git config file overwrite vulnerability that leads to remote code execution |
| CVE-2025-64675 | 2025-12-18 | Azure Cosmos DB Spoofing Vulnerability |
| CVE-2025-14897 | 2025-12-18 | CodeAstro Real Estate Management System Administrator Endpoint useragentdelete.php sql injection |
| CVE-2025-14898 | 2025-12-18 | CodeAstro Real Estate Management System Administrator Endpoint userbuilderdelete.php sql injection |
| CVE-2025-67842 | 2025-12-19 | The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant's assets can be served... |
| CVE-2025-67843 | 2025-12-19 | A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX... |
| CVE-2025-67844 | 2025-12-19 | The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the... |
| CVE-2025-67845 | 2025-12-19 | A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing... |
| CVE-2025-67846 | 2025-12-19 | The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker... |
| CVE-2025-14733 | 2025-12-19 | WatchGuard Firebox iked Out of Bounds Write Vulnerability |
| CVE-2025-14899 | 2025-12-19 | CodeAstro Real Estate Management System Administrator Endpoint stateadd.php sql injection |
| CVE-2025-14900 | 2025-12-19 | CodeAstro Real Estate Management System Administrator Endpoint userdelete.php sql injection |
| CVE-2025-11774 | 2025-12-19 | Malicious Code Execution Vulnerability in the Software Keyboard Function of GENESIS64, ICONICS Suite, Mobile HMI, and MC Works64 |
| CVE-2025-14908 | 2025-12-19 | JeecgBoot Multi-Tenant Management SysTenantController.java improper authentication |
| CVE-2025-14909 | 2025-12-19 | JeecgBoot SysUserOnlineController.java SysUserOnlineController user session |
| CVE-2025-14910 | 2025-12-19 | Edimax BR-6208AC FTP Daemon Service handle_retr path traversal |
| CVE-2025-52692 | 2025-12-19 | Bypass Authentication |
| CVE-2025-13941 | 2025-12-19 | Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability |
| CVE-2025-14939 | 2025-12-19 | code-projects Online Appointment Booking System deletemanager.php sql injection |
| CVE-2025-14940 | 2025-12-19 | code-projects Scholars Tracking System delete_user.php sql injection |
| CVE-2025-14546 | 2025-12-19 | Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery (CSRF) due to the improper validation of the OAuth state parameter during the authentication callback. While the... |
| CVE-2025-13307 | 2025-12-19 | Ocean Modal Window < 2.3.3 - Editor+ Remote Code Execution via Modal Conditions |
| CVE-2025-14267 | 2025-12-19 | Unintended temporary cached data included in a structure only copy intended to be empty of data |
| CVE-2025-66173 | 2025-12-19 | There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this... |
| CVE-2025-66174 | 2025-12-19 | There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this... |
| CVE-2025-13754 | 2025-12-19 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.16 - Missing Authorization to Unauthenticated Sensitive Information Exposure |
| CVE-2025-14449 | 2025-12-19 | BA Book Everything <= 1.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via babe-search-form Shortcode |
| CVE-2025-13999 | 2025-12-19 | HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player 2.4.0 - 2.5.1 - Unauthenticated Server-Side Request Forgery |
| CVE-2025-13008 | 2025-12-19 | Session Token Disclosure in M-Files Web |
| CVE-2025-66493 | 2025-12-19 | Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2025-66494 | 2025-12-19 | Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2025-66495 | 2025-12-19 | Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2025-66496 | 2025-12-19 | Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability |
| CVE-2025-66497 | 2025-12-19 | Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability |
| CVE-2025-66498 | 2025-12-19 | Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability |
| CVE-2025-66499 | 2025-12-19 | Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2025-66500 | 2025-12-19 | Foxit webplugins.foxit.com Stored Cross-Site Scripting via postMessage Vulnerability |
| CVE-2025-66501 | 2025-12-19 | Foxit pdfonline.foxit.com Stored Cross-Site Scripting in eSign Predefined Text Feature |
| CVE-2025-66502 | 2025-12-19 | Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Page Templates Feature |
| CVE-2025-66519 | 2025-12-19 | Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Layer Import Functionality |
| CVE-2025-66520 | 2025-12-19 | Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Portfolio SVG Handling |
| CVE-2025-66521 | 2025-12-19 | Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Trusted Certificates Feature |
| CVE-2025-66522 | 2025-12-19 | Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Digital IDs Common Name Field |
| CVE-2025-14151 | 2025-12-19 | SlimStat Analytics <= 5.3.2 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-11747 | 2025-12-19 | Colibri Page Builder <= 1.0.345 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |