CVE List - 2025 / December
Showing 1901 - 2000 of 3706 CVEs for December 2025 (Page 20 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-64596 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64823 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64606 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64565 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-64556 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64560 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-34428 | 2025-12-10 | MailEnable < 10.54 Cleartext Credential Storage in AUTH.SAV |
| CVE-2025-64601 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64620 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64801 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64861 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64820 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64616 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64558 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64598 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64875 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64605 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64538 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-64826 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64583 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-64600 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64888 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-64817 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64559 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64800 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64563 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-64548 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64887 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-34427 | 2025-12-10 | MailEnable < 10.54 Cleartext Credential Storage in AUTH.TAB |
| CVE-2025-64539 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-64593 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64602 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64827 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64550 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-64574 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64537 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-64546 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64545 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2025-64553 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64829 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64613 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64833 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64547 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64582 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-64622 | 2025-12-10 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2025-67461 | 2025-12-10 | Zoom Rooms for macOS - External Control of File Name or Path |
| CVE-2025-67460 | 2025-12-10 | Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure |
| CVE-2025-65950 | 2025-12-10 | WBCE CMS is Vulnerable to Time-Based Blind SQL Injection through groups[] Parameter |
| CVE-2025-62181 | 2025-12-10 | Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration where during user authentication process, a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. |
| CVE-2020-36883 | 2025-12-10 | SpinetiX Fusion Digital Signage 3.4.8 Authenticated Path Traversal via File Operations |
| CVE-2020-36884 | 2025-12-10 | BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF |
| CVE-2020-36885 | 2025-12-10 | Sony IPELA Network Camera 1.82.01 Remote Stack Buffer Overflow via ftpclient.cgi |
| CVE-2020-36886 | 2025-12-10 | SpinetiX Fusion Digital Signage 3.4.8 Cross-Site Request Forgery via User Creation |
| CVE-2020-36887 | 2025-12-10 | SpinetiX Fusion Digital Signage 3.4.8 Unauthenticated Database Backup Disclosure |
| CVE-2020-36888 | 2025-12-10 | SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration via Login Script |
| CVE-2020-36892 | 2025-12-10 | Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated Privilege Escalation |
| CVE-2020-36893 | 2025-12-10 | Eibiz i-Media Server Digital Signage 3.8.0 Directory Traversal Vulnerability |
| CVE-2020-36894 | 2025-12-10 | Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated User Creation Vulnerability |
| CVE-2020-36895 | 2025-12-10 | EIBIZ i-Media Server Digital Signage 3.8.0 Unauthenticated Configuration Disclosure |
| CVE-2020-36896 | 2025-12-10 | QiHang Media Web Digital Signage 3.0.9 Cleartext Credentials Disclosure |
| CVE-2020-36897 | 2025-12-10 | QiHang Media Web Digital Signage 3.0.9 Unauthenticated Remote Code Execution |
| CVE-2020-36898 | 2025-12-10 | QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion |
| CVE-2020-36899 | 2025-12-10 | QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Disclosure |
| CVE-2020-36900 | 2025-12-10 | All-Dynamics Digital Signage System 2.0.2 Cross-Site Request Forgery via User Management |
| CVE-2020-36901 | 2025-12-10 | UBICOD Medivision Digital Signage 1.5.1 Cross-Site Request Forgery via User Management |
| CVE-2020-36902 | 2025-12-10 | UBICOD Medivision Digital Signage 1.5.1 Authorization Bypass via User Privileges |
| CVE-2023-53740 | 2025-12-10 | Screen SFT DAB 1.9.3 Authentication Bypass via Admin Password Change |
| CVE-2023-53741 | 2025-12-10 | Screen SFT DAB 1.9.3 Authentication Bypass via IP Session Management |
| CVE-2023-53775 | 2025-12-10 | Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness |
| CVE-2023-53776 | 2025-12-10 | Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness |
| CVE-2024-58279 | 2025-12-10 | appRain CMF 4.0.5 Authenticated Remote Code Execution via Filemanager Upload |
| CVE-2024-58280 | 2025-12-10 | CMSimple 5.15 Remote Command Execution via Extensions Configuration |
| CVE-2024-58281 | 2025-12-10 | Dotclear 2.29 Remote Code Execution via Authenticated File Upload |
| CVE-2024-58282 | 2025-12-10 | Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload |
| CVE-2024-58283 | 2025-12-10 | WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload |
| CVE-2024-58284 | 2025-12-10 | PopojiCMS 2.0.1 Remote Command Execution via Authenticated Metadata Settings |
| CVE-2024-58285 | 2025-12-10 | Chyrp 2.5.2 Stored Cross-Site Scripting Vulnerability via Post Title |
| CVE-2025-66472 | 2025-12-10 | XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication |
| CVE-2025-66033 | 2025-12-10 | Improper Memory Cleanup in the Okta Java SDK |
| CVE-2025-66473 | 2025-12-10 | XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis |
| CVE-2025-66474 | 2025-12-10 | XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection |
| CVE-2025-66628 | 2025-12-10 | ImageMagick is vulnerable to an Integer Overflow in TIM decoder leading to out of bounds read (32-bit only) |
| CVE-2025-67490 | 2025-12-10 | Auth0 Next.js SDK has Improper Request Caching Lookup |
| CVE-2025-67505 | 2025-12-10 | Race condition in the Okta Java SDK |
| CVE-2025-67513 | 2025-12-10 | FreePBX Endpoint Manager's Weak Default Password Allows Unauthenticated Access in Endpoint Module REST API |
| CVE-2025-67510 | 2025-12-10 | MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”) |
| CVE-2025-67509 | 2025-12-10 | MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write |
| CVE-2025-67511 | 2025-12-10 | Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool |
| CVE-2025-67644 | 2025-12-10 | LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method |
| CVE-2025-67646 | 2025-12-10 | TableProgressTracking's missing CSRF protection allows unauthorized state changes |
| CVE-2025-67648 | 2025-12-10 | Shopware's inproper input validation can lead to Reflected XSS through Storefront Login Page |
| CVE-2025-55307 | 2025-12-11 | An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query() with a... |
| CVE-2025-55308 | 2025-12-11 | An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. A crafted PDF containing JavaScript that calls closeDoc() while internal objects are still... |
| CVE-2025-55309 | 2025-12-11 | An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can contain JavaScript that attaches an OnBlur action... |
| CVE-2025-55310 | 2025-12-11 | An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or replace the static HTML files... |
| CVE-2025-55311 | 2025-12-11 | An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and... |
| CVE-2025-55312 | 2025-12-11 | An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail... |
| CVE-2025-55313 | 2025-12-11 | An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files.... |
| CVE-2025-55314 | 2025-12-11 | An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application... |
| CVE-2025-55816 | 2025-12-11 | HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file. |