CVE List - 2025 / December
Showing 901 - 1000 of 3706 CVEs for December 2025 (Page 10 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-53751 | 2025-12-08 | cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname |
| CVE-2023-53752 | 2025-12-08 | net: deal with integer overflows in kmalloc_reserve() |
| CVE-2023-53753 | 2025-12-08 | drm/amd/display: fix mapping to non-allocated address |
| CVE-2023-53754 | 2025-12-08 | scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() |
| CVE-2023-53755 | 2025-12-08 | dmaengine: ptdma: check for null desc before calling pt_cmd_callback |
| CVE-2023-53756 | 2025-12-08 | KVM: VMX: Fix crash due to uninitialized current_vmcs |
| CVE-2023-53757 | 2025-12-08 | irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe |
| CVE-2023-53758 | 2025-12-08 | spi: atmel-quadspi: Free resources even if runtime resume failed in .remove() |
| CVE-2023-53759 | 2025-12-08 | HID: hidraw: fix data race on device refcount |
| CVE-2023-53760 | 2025-12-08 | scsi: ufs: core: mcq: Fix &hwq->cq_lock deadlock issue |
| CVE-2023-53761 | 2025-12-08 | USB: usbtmc: Fix direction for 0-length ioctl control messages |
| CVE-2023-53762 | 2025-12-08 | Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync |
| CVE-2023-53763 | 2025-12-08 | Revert "f2fs: fix to do sanity check on extent cache correctly" |
| CVE-2023-53764 | 2025-12-08 | wifi: ath12k: Handle lock during peer_id find |
| CVE-2023-53765 | 2025-12-08 | dm cache: free background tracker's queued work in btracker_destroy |
| CVE-2023-53766 | 2025-12-08 | FS: JFS: Check for read-only mounted filesystem in txBegin |
| CVE-2023-53767 | 2025-12-08 | wifi: ath12k: fix memory leak in ath12k_qmi_driver_event_work() |
| CVE-2023-53768 | 2025-12-08 | regmap-irq: Fix out-of-bounds access when allocating config buffers |
| CVE-2023-53769 | 2025-12-08 | virt/coco/sev-guest: Double-buffer messages |
| CVE-2025-14209 | 2025-12-08 | Campcodes School File Management System update_query.php sql injection |
| CVE-2025-14210 | 2025-12-08 | projectworlds Advanced Library Management System delete_member.php sql injection |
| CVE-2025-14211 | 2025-12-08 | projectworlds Advanced Library Management System delete_book.php sql injection |
| CVE-2025-14212 | 2025-12-08 | projectworlds Advanced Library Management System member_search.php sql injection |
| CVE-2025-14214 | 2025-12-08 | itsourcecode Student Information System section_edit1.php sql injection |
| CVE-2025-14215 | 2025-12-08 | code-projects Currency Exchange System edit.php sql injection |
| CVE-2025-14216 | 2025-12-08 | code-projects Currency Exchange System viewserial.php sql injection |
| CVE-2025-14217 | 2025-12-08 | code-projects Currency Exchange System edittrns.php sql injection |
| CVE-2025-14218 | 2025-12-08 | code-projects Currency Exchange System editotheraccount.php sql injection |
| CVE-2025-14219 | 2025-12-08 | Campcodes Retro Basketball Shoes Online Store admin_running.php unrestricted upload |
| CVE-2025-14220 | 2025-12-08 | ORICO CD3510 File Upload path traversal |
| CVE-2025-14221 | 2025-12-08 | SourceCodester Online Banking System page cross site scripting |
| CVE-2025-14222 | 2025-12-08 | code-projects Employee Profile Management System print_personnel_report.php sql injection |
| CVE-2025-14253 | 2025-12-08 | Galaxy Software Services|Vitals ESP - Arbitrary File Read |
| CVE-2025-14254 | 2025-12-08 | Galaxy Software Services|Vitals ESP - SQL Injection |
| CVE-2025-14255 | 2025-12-08 | Galaxy Software Services|Vitals ESP - SQL Injection |
| CVE-2025-66320 | 2025-12-08 | Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-66321 | 2025-12-08 | Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-66322 | 2025-12-08 | Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-14223 | 2025-12-08 | code-projects Simple Leave Manager request.php sql injection |
| CVE-2025-66323 | 2025-12-08 | Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-66324 | 2025-12-08 | Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity. |
| CVE-2025-66326 | 2025-12-08 | Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-66327 | 2025-12-08 | Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-66328 | 2025-12-08 | Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-66331 | 2025-12-08 | Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-66332 | 2025-12-08 | Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-66333 | 2025-12-08 | Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-66334 | 2025-12-08 | Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-58279 | 2025-12-08 | Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-66325 | 2025-12-08 | Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-14224 | 2025-12-08 | Yottamaster DM2/DM3/DM200 File Upload path traversal |
| CVE-2025-66329 | 2025-12-08 | Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-66330 | 2025-12-08 | App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-12956 | 2025-12-08 | Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x |
| CVE-2025-26487 | 2025-12-08 | Server Side Request Forgery (SSRF) in the web server of Infinera MTC-9 |
| CVE-2025-26488 | 2025-12-08 | Improper input validation in XML Management service in Infinera MTC-9 |
| CVE-2025-26489 | 2025-12-08 | Improper input validation in Netconf service in Infinera MTC-9 |
| CVE-2025-14225 | 2025-12-08 | D-Link DCS-930L alphapd setSystemAdmin command injection |
| CVE-2025-27019 | 2025-12-08 | Remote shell service (RSH) in Infinera MTC-9 |
| CVE-2025-27020 | 2025-12-08 | Improper configuration of SSH service in Infinera MTC-9 |
| CVE-2025-66461 | 2025-12-08 | FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the... |
| CVE-2025-14226 | 2025-12-08 | itsourcecode Student Management System edit_user.php sql injection |
| CVE-2025-14262 | 2025-12-08 | Jobs can be saved as workflows with wrong permissions on KNIME Business Hub |
| CVE-2025-14227 | 2025-12-08 | Philipinho Simple-PHP-Blog edit.php sql injection |
| CVE-2025-14228 | 2025-12-08 | Yealink SIP-T21P E2 Local Directory cross site scripting |
| CVE-2025-14229 | 2025-12-08 | SourceCodester Inventory Management System SVC Report Export csv injection |
| CVE-2025-14230 | 2025-12-08 | code-projects Daily Time Recording System add_payroll.php sql injection |
| CVE-2025-42615 | 2025-12-08 | Improper Restriction of Excessive Authentication Attempts vulnerability in CIRCL Vulnerability-Lookup |
| CVE-2025-14244 | 2025-12-08 | GreenCMS Menu Management CustomController.class.php cross site scripting |
| CVE-2025-42616 | 2025-12-08 | CSRF vulnerability in CIRCL Vulnerability-Lookup |
| CVE-2025-42620 | 2025-12-08 | CSRF vulnerability in CIRCL Vulnerability-Lookup |
| CVE-2025-14245 | 2025-12-08 | IdeaCMS Coupon.php whereRaw sql injection |
| CVE-2025-14246 | 2025-12-08 | code-projects Simple Shopping Cart settings.php sql injection |
| CVE-2025-14247 | 2025-12-08 | code-projects Simple Shopping Cart additems.php sql injection |
| CVE-2025-14248 | 2025-12-08 | code-projects Simple Shopping Cart adminlogin.php sql injection |
| CVE-2025-14249 | 2025-12-08 | code-projects Online Ordering System user_school.php sql injection |
| CVE-2025-14250 | 2025-12-08 | code-projects Online Ordering System user_contact.php sql injection |
| CVE-2025-14251 | 2025-12-08 | code-projects Online Ordering System Admin Login admin sql injection |
| CVE-2025-14256 | 2025-12-08 | itsourcecode Student Management System newcurriculm.php sql injection |
| CVE-2025-22420 | 2025-12-08 | In multiple locations, there is a possible way to leak audio files across user profiles due to a confused deputy. This could lead to local escalation of privilege with no... |
| CVE-2025-22432 | 2025-12-08 | In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution... |
| CVE-2025-32319 | 2025-12-08 | In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a permissions bypass. This could lead to local escalation of privilege... |
| CVE-2025-32328 | 2025-12-08 | In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This... |
| CVE-2025-32329 | 2025-12-08 | In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This... |
| CVE-2025-48525 | 2025-12-08 | In disassociate of DisassociationProcessor.java, there is a possible way for an app to continue reading notifications when not associated to a companion device due to improper input validation. This could... |
| CVE-2025-48536 | 2025-12-08 | In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could lead to local escalation of... |
| CVE-2025-48555 | 2025-12-08 | In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2025-48564 | 2025-12-08 | In multiple locations, there is a possible intent filter bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2025-48565 | 2025-12-08 | In multiple locations, there is a possible way to bypass the cross profile intent filter due to a logic error in the code. This could lead to local escalation of... |
| CVE-2025-48566 | 2025-12-08 | In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation. This could lead to local escalation of privilege with... |
| CVE-2025-48572 | 2025-12-08 | In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional... |
| CVE-2025-48573 | 2025-12-08 | In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to... |
| CVE-2025-48575 | 2025-12-08 | In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of privilege with no additional execution... |
| CVE-2025-48576 | 2025-12-08 | In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed.... |
| CVE-2025-48580 | 2025-12-08 | In connectInternal of MediaBrowser.java, there is a possible way to access while in use permission while the app is in background due to a logic error in the code. This... |
| CVE-2025-48583 | 2025-12-08 | In multiple functions of BaseBundle.java, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege... |
| CVE-2025-48584 | 2025-12-08 | In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial of service with no additional... |
| CVE-2025-48586 | 2025-12-08 | In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to local escalation of privilege with... |
| CVE-2025-48588 | 2025-12-08 | In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic error in the code. This could lead to local escalation of privilege with... |
| CVE-2025-48589 | 2025-12-08 | In multiple functions of HeaderPrivacyIconsController.kt, there is a possible way to grand permissions across user due to a logic error in the code. This could lead to local escalation of... |