CVE List - 2025 / December
Showing 2001 - 2100 of 3706 CVEs for December 2025 (Page 21 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-56077 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-RAP2200(E) 247 2200 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua. |
| CVE-2025-56079 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-EW1300G EW1300G V1.00/V2.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. |
| CVE-2025-56082 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the check_changes in file /usr/lib/lua/luci/controller/admin/common.lua. |
| CVE-2025-56083 | 2025-12-11 | OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_networkId_merge.lua. |
| CVE-2025-56084 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua. |
| CVE-2025-56085 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua. |
| CVE-2025-56086 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-EW1200 EW_3.0(1)B11P227_EW1200_11130208RG-EW1200 V1.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. |
| CVE-2025-56087 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the run_tcpdump in file /usr/lib/lua/luci/controller/admin/common_tcpdump.lua. |
| CVE-2025-56088 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_service in file /usr/lib/lua/luci/controller/admin/service.lua. |
| CVE-2025-56089 | 2025-12-11 | OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua. |
| CVE-2025-56090 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua. |
| CVE-2025-56091 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua. |
| CVE-2025-56092 | 2025-12-11 | OS Command Injection vulnerability in Ruijie X30 PRO V1 X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. |
| CVE-2025-56093 | 2025-12-11 | OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the setWisp in file /usr/lib/lua/luci/modules/wireless.lua. |
| CVE-2025-56094 | 2025-12-11 | OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/host_access_delay.lua. |
| CVE-2025-56095 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua. |
| CVE-2025-56096 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the restart_modules in file /usr/lib/lua/luci/controller/admin/common.lua. |
| CVE-2025-56097 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua. |
| CVE-2025-56098 | 2025-12-11 | OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. |
| CVE-2025-56099 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-YST AP_3.0(1)B11P280YST250F allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua. |
| CVE-2025-56101 | 2025-12-11 | OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. |
| CVE-2025-56102 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. |
| CVE-2025-56106 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua. |
| CVE-2025-56107 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the submit_wifi in file /usr/lib/lua/luci/controller/admin/common_quick_config.lua. |
| CVE-2025-56108 | 2025-12-11 | OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua. |
| CVE-2025-56109 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_wireless in file /usr/lib/lua/luci/control/admin/wireless.lua. |
| CVE-2025-56110 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_deal_update in file /usr/lib/lua/luci/controller/api/rcmsAPI.lua. |
| CVE-2025-56111 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the network_set_wan_conf in file /usr/lib/lua/luci/controller/admin/netport.lua. |
| CVE-2025-56113 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP_3.0(1)B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua. |
| CVE-2025-56114 | 2025-12-11 | OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua. |
| CVE-2025-56117 | 2025-12-11 | OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua. |
| CVE-2025-56118 | 2025-12-11 | OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua. |
| CVE-2025-56120 | 2025-12-11 | OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua. |
| CVE-2025-56122 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. |
| CVE-2025-56123 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. |
| CVE-2025-56124 | 2025-12-11 | OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. |
| CVE-2025-56127 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR600W allowing attackers to execute arbitrary commands via a crafted POST request to the get_wanobj in file /usr/lib/lua/luci/controller/admin/common.lua. |
| CVE-2025-56129 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_diagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua. |
| CVE-2025-56130 | 2025-12-11 | OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH_3.0(1)B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the module_update in file /usr/local/lua/dev_config/ace_sw.lua. |
| CVE-2025-59802 | 2025-12-11 | Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included... |
| CVE-2025-59803 | 2025-12-11 | Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When... |
| CVE-2025-65471 | 2025-12-11 | An arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2025-65472 | 2025-12-11 | A Cross-Site Request Forgery (CSRF) in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious web page. |
| CVE-2025-65473 | 2025-12-11 | An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into... |
| CVE-2025-65474 | 2025-12-11 | An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format. |
| CVE-2025-66429 | 2025-12-11 | An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege... |
| CVE-2025-66918 | 2025-12-11 | edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting (XSS) in admin/add-session.php via the "title" parameter. |
| CVE-2025-67713 | 2025-12-11 | Miniflux 2 has an Open Redirect via protocol-relative `redirect_url` |
| CVE-2025-67716 | 2025-12-11 | Auth0 Next.js SDK has Improper Validation of Query Parameters |
| CVE-2025-67717 | 2025-12-11 | Zitadel Discloses the Total Number of Instance Users |
| CVE-2025-67718 | 2025-12-11 | Formio improperly authorized permission elevation through specially crafted request path |
| CVE-2025-67719 | 2025-12-11 | Ibexa User Bundle is missing password change validation |
| CVE-2025-67720 | 2025-12-11 | Pyrofork has a Path Traversal in download_media Method |
| CVE-2025-11467 | 2025-12-11 | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery |
| CVE-2025-13764 | 2025-12-11 | WP CarDealer <= 1.2.16 - Unauthenticated Privilege Escalation |
| CVE-2025-14485 | 2025-12-11 | EFM ipTIME A3004T Administrator Password timepro.cgi show_debug_screen command injection |
| CVE-2025-10163 | 2025-12-11 | List Category Posts <= 0.91.0 - Authenticated (Contributor+) SQL Injection via Plugin's Shortcode |
| CVE-2025-9436 | 2025-12-11 | Widgets for Google Reviews <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode |
| CVE-2025-14157 | 2025-12-11 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-13978 | 2025-12-11 | Generation of Error Message Containing Sensitive Information in GitLab |
| CVE-2025-12716 | 2025-12-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2025-12562 | 2025-12-11 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-11984 | 2025-12-11 | Authentication Bypass Using an Alternate Path or Channel in GitLab |
| CVE-2025-11247 | 2025-12-11 | Authorization Bypass Through User-Controlled Key in GitLab |
| CVE-2025-8405 | 2025-12-11 | Improper Encoding or Escaping of Output in GitLab |
| CVE-2025-4097 | 2025-12-11 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2025-67738 | 2025-12-11 | squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module and its Cache Manager feature are available, and an untrusted party is able... |
| CVE-2025-14512 | 2025-12-11 | Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow |
| CVE-2025-12734 | 2025-12-11 | Improper Encoding or Escaping of Output in GitLab |
| CVE-2025-12029 | 2025-12-11 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2025-64701 | 2025-12-11 | QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to a Windows system with the affected product to gain administrator... |
| CVE-2025-12687 | 2025-12-11 | Denial-of-Service Vulnerability in NomadBranch.exe |
| CVE-2025-44016 | 2025-12-11 | File Hash Validation Bypass in NomadBranch.exe |
| CVE-2025-46266 | 2025-12-11 | Unauthenticated Transmission of Data in NomadBranch.exe |
| CVE-2025-64986 | 2025-12-11 | Command Injection in 1E-Explorer-TachyonCore-DevicesListeningOnAPort Instruction |
| CVE-2025-64987 | 2025-12-11 | Command Injection in 1E-Explorer-TachyonCore-CheckSimpleIoC Instruction |
| CVE-2025-64988 | 2025-12-11 | Command Injection in 1E-Nomad-GetCmContentLocations Instruction |
| CVE-2025-64989 | 2025-12-11 | Command Injection in 1E-Explorer-TachyonCore-FindFileBySizeAndHash Instruction |
| CVE-2025-64990 | 2025-12-11 | Command Injection in 1E-Explorer-TachyonCore-LogoffUser Instruction |
| CVE-2025-64991 | 2025-12-11 | Command Injection in 1E-PatchInsights-Deploy Instruction |
| CVE-2025-64992 | 2025-12-11 | Command Injection in 1E-Nomad-PauseNomadJobQueue Instruction |
| CVE-2025-64993 | 2025-12-11 | Command Injection in 1E-ConfigMgrConsoleExtensions Instructions |
| CVE-2025-64994 | 2025-12-11 | Privilege Escalation via Uncontrolled Search Path in 1E-Nomad-SetWorkRate instruction |
| CVE-2025-64995 | 2025-12-11 | Privilege Escalation via Process Hijacking in 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction |
| CVE-2025-14514 | 2025-12-11 | Campcodes Supplier Management System add_distributor.php sql injection |
| CVE-2025-14515 | 2025-12-11 | Campcodes Supplier Management System add_unit.php sql injection |
| CVE-2025-13003 | 2025-12-11 | IDOR in Aksis Computer's AxOnboard |
| CVE-2025-14523 | 2025-12-11 | Libsoup: libsoup: duplicate host header handling causes host-parsing discrepancy (first- vs last-value wins) |
| CVE-2025-14516 | 2025-12-11 | Yalantis uCrop URL com.yalantis.ucrop.task.BitmapLoadTask.java downloadFile server-side request forgery |
| CVE-2025-14517 | 2025-12-11 | Yalantis uCrop AndroidManifest.xml UCropActivity improper export of android application components |
| CVE-2024-40593 | 2025-12-11 | A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through... |
| CVE-2025-14265 | 2025-12-11 | Improper server-side validation in ScreenConnect extension framework |
| CVE-2025-13124 | 2025-12-11 | IDOR in Netiket''s ApplyLogic |
| CVE-2025-14518 | 2025-12-11 | PowerJob Network Request PingPongUtils.java checkConnectivity server-side request forgery |
| CVE-2025-14519 | 2025-12-11 | baowzh hfly advtext add cross site scripting |
| CVE-2025-67739 | 2025-12-11 | In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure |
| CVE-2025-67740 | 2025-12-11 | In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata |
| CVE-2025-67741 | 2025-12-11 | In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute |
| CVE-2025-67742 | 2025-12-11 | In JetBrains TeamCity before 2025.11 path traversal was possible via file upload |
| CVE-2025-14520 | 2025-12-11 | baowzh hfly delfile path traversal |