CVE List - 2025 / December
Showing 1601 - 1700 of 3706 CVEs for December 2025 (Page 17 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-62562 | 2025-12-09 | Microsoft Outlook Remote Code Execution Vulnerability |
| CVE-2025-62563 | 2025-12-09 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-62564 | 2025-12-09 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-62571 | 2025-12-09 | Windows Installer Elevation of Privilege Vulnerability |
| CVE-2025-62572 | 2025-12-09 | Application Information Service Elevation of Privilege Vulnerability |
| CVE-2025-62573 | 2025-12-09 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| CVE-2025-64658 | 2025-12-09 | Windows File Explorer Elevation of Privilege Vulnerability |
| CVE-2025-64667 | 2025-12-09 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2025-64666 | 2025-12-09 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2025-64670 | 2025-12-09 | Windows DirectX Information Disclosure Vulnerability |
| CVE-2025-64673 | 2025-12-09 | Windows Storage VSP Driver Elevation of Privilege Vulnerability |
| CVE-2025-59516 | 2025-12-09 | Windows Storage VSP Driver Elevation of Privilege Vulnerability |
| CVE-2025-59517 | 2025-12-09 | Windows Storage VSP Driver Elevation of Privilege Vulnerability |
| CVE-2025-62455 | 2025-12-09 | Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability |
| CVE-2025-62461 | 2025-12-09 | Windows Projected File System Elevation of Privilege Vulnerability |
| CVE-2025-62462 | 2025-12-09 | Windows Projected File System Elevation of Privilege Vulnerability |
| CVE-2025-62463 | 2025-12-09 | DirectX Graphics Kernel Denial of Service Vulnerability |
| CVE-2025-62464 | 2025-12-09 | Windows Projected File System Elevation of Privilege Vulnerability |
| CVE-2025-62465 | 2025-12-09 | DirectX Graphics Kernel Denial of Service Vulnerability |
| CVE-2025-55233 | 2025-12-09 | Windows Projected File System Elevation of Privilege Vulnerability |
| CVE-2025-62467 | 2025-12-09 | Windows Projected File System Elevation of Privilege Vulnerability |
| CVE-2025-62468 | 2025-12-09 | Windows Defender Firewall Service Information Disclosure Vulnerability |
| CVE-2025-62474 | 2025-12-09 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2025-62550 | 2025-12-09 | Azure Monitor Agent Remote Code Execution Vulnerability |
| CVE-2025-62552 | 2025-12-09 | Microsoft Access Remote Code Execution Vulnerability |
| CVE-2025-62553 | 2025-12-09 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-62554 | 2025-12-09 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-62555 | 2025-12-09 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-62556 | 2025-12-09 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-62557 | 2025-12-09 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-62558 | 2025-12-09 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-62559 | 2025-12-09 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-62560 | 2025-12-09 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-62567 | 2025-12-09 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2025-62569 | 2025-12-09 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-62570 | 2025-12-09 | Windows Camera Frame Server Monitor Information Disclosure Vulnerability |
| CVE-2025-62565 | 2025-12-09 | Windows File Explorer Elevation of Privilege Vulnerability |
| CVE-2025-64661 | 2025-12-09 | Windows Shell Elevation of Privilege Vulnerability |
| CVE-2025-64671 | 2025-12-09 | GitHub Copilot for Jetbrains Remote Code Execution Vulnerability |
| CVE-2025-64672 | 2025-12-09 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2025-64678 | 2025-12-09 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-64679 | 2025-12-09 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-64680 | 2025-12-09 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-54100 | 2025-12-09 | PowerShell Remote Code Execution Vulnerability |
| CVE-2025-62221 | 2025-12-09 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2025-34407 | 2025-12-09 | MailEnable < 10.54 Reflected XSS in theme Parameter of Statistics.aspx |
| CVE-2025-34397 | 2025-12-09 | MailEnable < 10.54 Reflected XSS in Message Parameter of Mobile/Compose.aspx |
| CVE-2025-34404 | 2025-12-09 | MailEnable < 10.54 Reflected XSS in InstanceScope Parameter of CAL/compose.aspx |
| CVE-2025-34406 | 2025-12-09 | MailEnable < 10.54 Reflected XSS in Id Parameter of Mobile/ContactDetails.aspx |
| CVE-2025-34403 | 2025-12-09 | MailEnable < 10.54 Reflected XSS in FieldTo Parameter of AddressBook.aspx |
| CVE-2025-34402 | 2025-12-09 | MailEnable < 10.54 Reflected XSS in FieldCc Parameter of AddressBook.aspx |
| CVE-2025-34401 | 2025-12-09 | MailEnable < 10.54 Reflected XSS in FieldBcc Parameter of AddressBook.aspx |
| CVE-2025-34409 | 2025-12-09 | MailEnable < 10.54 Reflected XSS in Failed Parameter of MAI/AddRecipientsResult.aspx |
| CVE-2025-34400 | 2025-12-09 | MailEnable < 10.54 Reflected XSS in AddressesTo Parameter of AddressBook.aspx |
| CVE-2025-34399 | 2025-12-09 | MailEnable < 10.54 Reflected XSS in AddressesCc Parameter of AddressBook.aspx |
| CVE-2025-34398 | 2025-12-09 | MailEnable < 10.54 Reflected XSS in AddressesBcc Parameter of AddressBook.aspx |
| CVE-2025-34408 | 2025-12-09 | MailEnable < 10.54 Reflected XSS in Added Parameter of MAI/AddRecipientsResult.aspx |
| CVE-2025-34396 | 2025-12-09 | MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAINFY.DLL |
| CVE-2025-34413 | 2025-12-09 | Legality WHISTLEBLOWING Missing Critical HTTP Security Headers |
| CVE-2025-34414 | 2025-12-09 | Entrust Instant Financial Issuance (IFI) Unauthenticated .NET Remoting Exposure |
| CVE-2025-11531 | 2025-12-09 | HP System Event Utility and Omen Gaming Hub – Potential Arbitrary Code Execution |
| CVE-2025-14334 | 2025-12-09 | itsourcecode Student Management System new_adviser.php sql injection |
| CVE-2025-9612 | 2025-12-09 | CVE-2025-9612 |
| CVE-2025-9614 | 2025-12-09 | CVE-2025-9614 |
| CVE-2025-9613 | 2025-12-09 | CVE-2025-9613 |
| CVE-2025-14335 | 2025-12-09 | itsourcecode Student Management System new_school_year.php sql injection |
| CVE-2025-14336 | 2025-12-09 | itsourcecode Student Management System promote.php sql injection |
| CVE-2025-64113 | 2025-12-09 | Emby Server allows attackers to gain administrative server access without preconditions |
| CVE-2025-14337 | 2025-12-09 | itsourcecode Student Management System new_grade.php sql injection |
| CVE-2025-66214 | 2025-12-09 | Ladybug has an XMLDecoder Deserialization Vulnerability (Java RCE) |
| CVE-2025-66456 | 2025-12-09 | Elysia vulnerable to prototype pollution with multiple standalone schema validation |
| CVE-2025-66457 | 2025-12-09 | Elysia affected by arbitrary code injection through cookie config |
| CVE-2025-66625 | 2025-12-09 | Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality |
| CVE-2025-66626 | 2025-12-09 | argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links |
| CVE-2025-64787 | 2025-12-09 | Acrobat Reader | Improper Verification of Cryptographic Signature (CWE-347) |
| CVE-2025-64786 | 2025-12-09 | Acrobat Reader | Improper Verification of Cryptographic Signature (CWE-347) |
| CVE-2025-64785 | 2025-12-09 | Acrobat Reader | Untrusted Search Path (CWE-426) |
| CVE-2025-64899 | 2025-12-09 | Acrobat Reader | Out-of-bounds Read (CWE-125) |
| CVE-2025-67488 | 2025-12-09 | SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE |
| CVE-2021-47701 | 2025-12-09 | OpenBMCS User Management Privilege Escalation |
| CVE-2021-47702 | 2025-12-09 | OpenBMCS Cross Site Request Forgery (CSRF) via sendFeedback.php |
| CVE-2021-47703 | 2025-12-09 | OpenBMCS Server Side Request Forgery (SSRF) via /php/query.php |
| CVE-2021-47704 | 2025-12-09 | OpenBMCS SQL Injection via obix_test.php |
| CVE-2021-47705 | 2025-12-09 | CNC_Ctrl DllUnregisterServer Access Violation |
| CVE-2021-47706 | 2025-12-09 | COMMAX Biometric Access Control System Authentication Bypass |
| CVE-2021-47707 | 2025-12-09 | COMMAX CVD-Axx DVR Weak Default Credentials Stream Disclosure |
| CVE-2021-47708 | 2025-12-09 | COMMAX Smart Home IoT Control System SQL Injection Authentication Bypass |
| CVE-2025-64896 | 2025-12-09 | Creative Cloud Desktop | Creation of Temporary File in Directory with Incorrect Permissions (CWE-379) |
| CVE-2021-47709 | 2025-12-09 | COMMAX Smart Home Ruvie CCTV Bridge DVR Service Config Write / DoS |
| CVE-2025-13743 | 2025-12-09 | Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs |
| CVE-2021-47710 | 2025-12-09 | COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure |
| CVE-2021-47717 | 2025-12-09 | IntelliChoice eFORCE Software Suite Username Enumeration |
| CVE-2021-47718 | 2025-12-09 | OpenBMCS Directory Listing Information Disclosure |
| CVE-2021-47719 | 2025-12-09 | CNC_Ctrl DllUnregisterServer f5501 Access Violation |
| CVE-2021-47723 | 2025-12-09 | STVS ProVision Cross-Site Request Forgery (Add Admin) |
| CVE-2021-47724 | 2025-12-09 | STVS ProVision Authenticated File Disclosure via archive.rb |
| CVE-2021-47727 | 2025-12-09 | Selea Targa IP Camera Unauthenticated Stream Disclosure |
| CVE-2021-47728 | 2025-12-09 | Selea Targa IP Camera Remote Code Execution via Utils |
| CVE-2021-47729 | 2025-12-09 | Selea Targa IP Camera Stored Cross-Site Scripting via Files List |
| CVE-2021-47730 | 2025-12-09 | Selea Targa IP Camera Cross-Site Request Forgery via Admin Creation |