CVE List - 2025 / December
Showing 1501 - 1600 of 3706 CVEs for December 2025 (Page 16 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-63024 | 2025-12-09 | WordPress Order Delivery Date for WooCommerce plugin <= 4.3.1 - Broken Access Control vulnerability |
| CVE-2025-63025 | 2025-12-09 | WordPress Xagio SEO plugin <= 7.1.0.29 - Broken Access Control vulnerability |
| CVE-2025-63028 | 2025-12-09 | WordPress Traveler theme <= 3.2.6 - Broken Access Control vulnerability |
| CVE-2025-63030 | 2025-12-09 | WordPress New User Approve plugin <= 3.2.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-63033 | 2025-12-09 | WordPress Make Section & Column Clickable For Elementor plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63034 | 2025-12-09 | WordPress Page View Count plugin <= 2.8.7 - Settings Change vulnerability |
| CVE-2025-63035 | 2025-12-09 | WordPress WPLMS plugin <= 1.9.9.5.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63036 | 2025-12-09 | WordPress Ronneby Theme Core plugin <= 1.5.68 - Local File Inclusion vulnerability |
| CVE-2025-63037 | 2025-12-09 | WordPress Ronneby Theme Core plugin <= 1.5.68 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63042 | 2025-12-09 | WordPress Tutor LMS Elementor Addons plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63044 | 2025-12-09 | WordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63045 | 2025-12-09 | WordPress Master Slider Pro plugin <= 3.7.12 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63046 | 2025-12-09 | WordPress ListingPro plugin <= 2.9.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63047 | 2025-12-09 | WordPress ListingPro theme <= 2.9.9 - Broken Access Control vulnerability |
| CVE-2025-63048 | 2025-12-09 | WordPress ListingPro Lead Form plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63049 | 2025-12-09 | WordPress ListingPro Lead Form plugin <= 1.0.2 - Broken Access Control vulnerability |
| CVE-2025-63050 | 2025-12-09 | WordPress REHub Framework plugin <= 19.9.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63052 | 2025-12-09 | WordPress SimpLy Gallery plugin <= 3.2.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63054 | 2025-12-09 | WordPress Quiz And Survey Master plugin <= 10.3.1 - Broken Access Control vulnerability |
| CVE-2025-63055 | 2025-12-09 | WordPress Master Addons for Elementor plugin <= 2.0.9.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63056 | 2025-12-09 | WordPress Contact Form by BestWebSoft plugin <= 4.3.5 - Broken Access Control vulnerability |
| CVE-2025-63057 | 2025-12-09 | WordPress Wp Ultimate Review plugin <= 2.3.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63058 | 2025-12-09 | WordPress Custom Field Template plugin <= 2.7.4 - Sensitive Data Exposure vulnerability |
| CVE-2025-63059 | 2025-12-09 | WordPress Ninja Popups plugin <= 4.7.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63060 | 2025-12-09 | WordPress Kallyas theme <= 4.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-63061 | 2025-12-09 | WordPress Kallyas theme <= 4.22.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63062 | 2025-12-09 | WordPress UDesign Core plugin <= 4.14.0 - Local File Inclusion vulnerability |
| CVE-2025-63063 | 2025-12-09 | WordPress Yandex.Metrica plugin <= 1.2.2 - Broken Access Control vulnerability |
| CVE-2025-63064 | 2025-12-09 | WordPress EventON plugin <= 4.9.12 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63065 | 2025-12-09 | WordPress Media Library Assistant plugin <= 3.30 - Broken Access Control vulnerability |
| CVE-2025-63066 | 2025-12-09 | WordPress Porto Theme - Functionality plugin <= 3.6.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63067 | 2025-12-09 | WordPress Porto Theme - Functionality plugin <= 3.6.2 - Broken Access Control vulnerability |
| CVE-2025-63068 | 2025-12-09 | WordPress Contact Form 7 Dynamic Text Extension plugin <= 5.0.3 - Content Injection vulnerability |
| CVE-2025-63069 | 2025-12-09 | WordPress Ivory Search plugin <= 5.5.12 - Broken Access Control vulnerability |
| CVE-2025-63070 | 2025-12-09 | WordPress Download Manager plugin <= 3.3.32 - Sensitive Data Exposure vulnerability |
| CVE-2025-63071 | 2025-12-09 | WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.12 - Sensitive Data Exposure vulnerability |
| CVE-2025-63072 | 2025-12-09 | WordPress Cornerstone plugin <= 7.7.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63073 | 2025-12-09 | WordPress The7 theme <= 12.8.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63074 | 2025-12-09 | WordPress The7 theme <= 12.8.0.2 - Local File Inclusion vulnerability |
| CVE-2025-63075 | 2025-12-09 | WordPress Betheme theme <= 28.1.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-63076 | 2025-12-09 | WordPress The7 Elements plugin <= 2.7.11 - Local File Inclusion vulnerability |
| CVE-2025-63077 | 2025-12-09 | WordPress Happy Addons for Elementor plugin <= 3.20.2 - Broken Access Control vulnerability |
| CVE-2024-38798 | 2025-12-09 | Uncleared password keystrokes in circular queue can lead to information disclosure or escalation of privilege |
| CVE-2025-14345 | 2025-12-09 | Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server |
| CVE-2025-2296 | 2025-12-09 | Un-verified kernel bypass Secure Boot mechanism in direct boot mode |
| CVE-2025-66533 | 2025-12-09 | WordPress GiveWP plugin <= 4.13.1 - Arbitrary Shortocde Execution vulnerability |
| CVE-2025-67467 | 2025-12-09 | WordPress GiveWP plugin <= 4.13.1 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-13642 | 2025-12-09 | ProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution |
| CVE-2025-5470 | 2025-12-09 | Dylib Hijacking in Yandex Disk |
| CVE-2025-5471 | 2025-12-09 | Dylib Hijacking in Yandex Telemost |
| CVE-2025-10573 | 2025-12-09 | Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction... |
| CVE-2025-5469 | 2025-12-09 | Dylib Hijacking in Yandex Messenger |
| CVE-2025-9638 | 2025-12-09 | i-Educar 2.10.0 - Stored Cross-Site Scripting (XSS) in admin panel |
| CVE-2025-13659 | 2025-12-09 | Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially... |
| CVE-2025-13661 | 2025-12-09 | Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required. |
| CVE-2025-13662 | 2025-12-09 | Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User... |
| CVE-2023-23729 | 2025-12-09 | WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Contributor+ reCAPTCHA Settings Change Vulnerability |
| CVE-2023-22675 | 2025-12-09 | WordPress WP Fast Cache plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2022-47425 | 2025-12-09 | WordPress ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin <= 3.4.10 - Broken Access Control |
| CVE-2022-46845 | 2025-12-09 | WordPress Slider a SlidersPack plugin <= 2.0.2 - Broken Access Control vulnerability |
| CVE-2025-12941 | 2025-12-09 | Denial of Service Vulnerability in NETGEAR C6220 and C6230 |
| CVE-2025-12945 | 2025-12-09 | Improper input validation in NETGEAR Nighthawk router R7000P |
| CVE-2025-12946 | 2025-12-09 | Improper input validation in NETGEAR Nighthawk routers |
| CVE-2025-64447 | 2025-12-09 | A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0... |
| CVE-2025-60024 | 2025-12-09 | Multiple Improper Limitations of a Pathname to a Restricted Directory ('Path Traversal') vulnerabilities [CWE-22] vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 may allow a privileged authenticated... |
| CVE-2025-64471 | 2025-12-09 | A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through... |
| CVE-2025-64156 | 2025-12-09 | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0... |
| CVE-2025-59923 | 2025-12-09 | An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at... |
| CVE-2025-64153 | 2025-12-09 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0... |
| CVE-2025-57823 | 2025-12-09 | A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with... |
| CVE-2025-62631 | 2025-12-09 | An insufficient session expiration vulnerability [CWE-613] in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources... |
| CVE-2025-54838 | 2025-12-09 | An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests. |
| CVE-2025-59808 | 2025-12-09 | An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR... |
| CVE-2025-59810 | 2025-12-09 | An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0... |
| CVE-2025-53949 | 2025-12-09 | An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all... |
| CVE-2025-54353 | 2025-12-09 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0... |
| CVE-2025-53679 | 2025-12-09 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0 through 5.0.2 and before 4.4.7 GUI allows a remote... |
| CVE-2025-59719 | 2025-12-09 | An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login... |
| CVE-2025-59718 | 2025-12-09 | A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy... |
| CVE-2024-47570 | 2025-12-09 | An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4... |
| CVE-2025-13924 | 2025-12-09 | Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.17 - Cross-Site Request Forgery to Product Field Group Duplication and Publication |
| CVE-2025-46637 | 2025-12-09 | Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A local malicious user could potentially exploit this vulnerability, leading to Elevation of... |
| CVE-2025-46636 | 2025-12-09 | Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading... |
| CVE-2025-64783 | 2025-12-09 | DNG SDK | Integer Overflow or Wraparound (CWE-190) |
| CVE-2025-64893 | 2025-12-09 | DNG SDK | Out-of-bounds Read (CWE-125) |
| CVE-2025-64894 | 2025-12-09 | DNG SDK | Integer Overflow or Wraparound (CWE-190) |
| CVE-2025-64784 | 2025-12-09 | DNG SDK | Heap-based Buffer Overflow (CWE-122) |
| CVE-2025-33213 | 2025-12-09 | NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code... |
| CVE-2025-33214 | 2025-12-09 | NVIDIA NVTabular for Linux contains a vulnerability in the Workflow component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution,... |
| CVE-2025-62454 | 2025-12-09 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2025-62456 | 2025-12-09 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| CVE-2025-62457 | 2025-12-09 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2025-62458 | 2025-12-09 | Win32k Elevation of Privilege Vulnerability |
| CVE-2025-62466 | 2025-12-09 | Windows Client-Side Caching Elevation of Privilege Vulnerability |
| CVE-2025-62469 | 2025-12-09 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-62470 | 2025-12-09 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2025-62472 | 2025-12-09 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2025-62473 | 2025-12-09 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-62549 | 2025-12-09 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-62561 | 2025-12-09 | Microsoft Excel Remote Code Execution Vulnerability |