VULNMAP - Security Vulnerabilities

CVE List - 2025 / December

Showing 2801 - 2900 of 3706 CVEs for December 2025 (Page 29 of 38)

CVE ID Date Title
CVE-2025-66133 2025-12-16 WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.7 - Broken Access Control vulnerability
CVE-2025-66134 2025-12-16 WordPress FileBird Pro plugin <= 6.4.9 - Broken Access Control vulnerability
CVE-2025-66147 2025-12-16 WordPress Coder for Elementor plugin <= 1.0.13 - Broken Access Control vulnerability
CVE-2025-66161 2025-12-16 WordPress Grider for Elementor plugin <= 1.0.8 - Broken Access Control vulnerability
CVE-2025-66162 2025-12-16 WordPress Spoter for Elementor plugin <= 1.04 - Broken Access Control vulnerability
CVE-2025-66163 2025-12-16 WordPress Masker for Elementor plugin <= 1.1.4 - Broken Access Control vulnerability
CVE-2025-66164 2025-12-16 WordPress Laser plugin <= 1.1.1 - Broken Access Control vulnerability
CVE-2025-66165 2025-12-16 WordPress Lottier for WPBakery plugin <= 1.1.7 - Broken Access Control vulnerability
CVE-2025-66166 2025-12-16 WordPress Lottier for Elementor plugin <= 1.0.9 - Broken Access Control vulnerability
CVE-2025-66167 2025-12-16 WordPress Lottier plugin <= 1.1.1 - Broken Access Control vulnerability
CVE-2025-67912 2025-12-16 WordPress Stars Testimonials plugin <= 3.3.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-67929 2025-12-16 WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Broken Access Control vulnerability
CVE-2025-67948 2025-12-16 WordPress SendPulse Email Marketing Newsletter plugin <= 2.2.1 - Sensitive Data Exposure vulnerability
CVE-2025-67950 2025-12-16 WordPress All In One SEO Pack plugin <= 4.9.1 - SQL Injection vulnerability
CVE-2025-67951 2025-12-16 WordPress WPZOOM Addons for Elementor plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability
CVE-2025-67962 2025-12-16 WordPress Broken Link Checker plugin <= 1.2.6 - SQL Injection vulnerability
CVE-2025-67965 2025-12-16 WordPress Homey Core plugin <= 2.4.3 - Broken Access Control vulnerability
CVE-2025-67976 2025-12-16 WordPress Watu Quiz plugin <= 3.4.5 - Broken Access Control vulnerability
CVE-2025-67983 2025-12-16 WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 8.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-67985 2025-12-16 WordPress Document Library Lite plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerability
CVE-2025-67986 2025-12-16 WordPress Document Library Lite plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability
CVE-2025-67989 2025-12-16 WordPress Kerge theme <= 4.1.3 - Server Side Request Forgery (SSRF) vulnerability
CVE-2025-67999 2025-12-16 WordPress Newsletter plugin <= 9.0.9 - SQL Injection vulnerability
CVE-2025-68053 2025-12-16 WordPress xPromoter plugin <= 1.3.4 - SQL Injection vulnerability
CVE-2025-68054 2025-12-16 WordPress CountDown With Image or Video Background plugin <= 1.5 - SQL Injection vulnerability
CVE-2025-68055 2025-12-16 WordPress Hydra Booking plugin <= 1.1.32 - SQL Injection vulnerability
CVE-2025-68056 2025-12-16 WordPress LBG Zoominoutslider plugin <= 5.4.5 - SQL Injection vulnerability
CVE-2025-68061 2025-12-16 WordPress EduMall theme <= 4.4.7 - Local File Inclusion vulnerability
CVE-2025-68062 2025-12-16 WordPress MinimogWP theme <= 3.9.6 - Local File Inclusion vulnerability
CVE-2025-68065 2025-12-16 WordPress Hub Core plugin <= 5.0.8 - Local File Inclusion vulnerability
CVE-2025-68066 2025-12-16 WordPress Soledad theme <= 8.7.0 - Local File Inclusion vulnerability
CVE-2025-68067 2025-12-16 WordPress Stockholm Core plugin <= 2.4.6 - Local File Inclusion vulnerability
CVE-2025-68068 2025-12-16 WordPress Stockholm theme <= 9.14.1 - Local File Inclusion vulnerability
CVE-2025-68070 2025-12-16 WordPress VK Google Job Posting Manager plugin <= 1.2.21 - Cross Site Scripting (XSS) vulnerability
CVE-2025-68071 2025-12-16 WordPress Essential Real Estate plugin <= 5.2.2 - Insecure Direct Object References (IDOR) vulnerability
CVE-2025-68076 2025-12-16 WordPress Stockholm Core plugin <= 2.4.6 - Cross Site Scripting (XSS) vulnerability
CVE-2025-68077 2025-12-16 WordPress Stockholm theme <= 9.14.1 - Cross Site Scripting (XSS) vulnerability
CVE-2025-68078 2025-12-16 WordPress Salient Portfolio theme <= 1.8.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-68079 2025-12-16 WordPress Salient Shortcodes plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability
CVE-2025-68080 2025-12-16 WordPress User Avatar - Reloaded plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-68082 2025-12-16 WordPress Semrush Content Toolkit plugin <= 1.1.32 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-68083 2025-12-16 WordPress Meks Quick Plugin Disabler plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2025-68084 2025-12-16 WordPress Ultimate Auction plugin <= 4.3.2 - Broken Access Control vulnerability
CVE-2025-68085 2025-12-16 WordPress Buttoner for Elementor plugin <= 1.0.6 - Settings Change vulnerability
CVE-2025-68086 2025-12-16 WordPress Reformer for Elementor plugin <= 1.0.6 - Broken Access Control vulnerability
CVE-2025-68087 2025-12-16 WordPress Modalier for Elementor plugin <= 1.0.6 - Broken Access Control vulnerability
CVE-2025-68088 2025-12-16 WordPress Huger for Elementor plugin <= 1.1.5 - Broken Access Control vulnerability
CVE-2025-13231 2025-12-16 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition
CVE-2025-14002 2025-12-16 WPCOM Member <= 1.7.16 - Authentication Bypass via Weak OTP
CVE-2025-0836 2025-12-16 XProtect MIP API Missing Authorization
CVE-2025-11220 2025-12-16 Elementor <= 3.33.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text Path
CVE-2025-13741 2025-12-16 Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.2 - Missing Authorization to Authenticated (Contributor+) Authors' Emails Exposure
CVE-2025-13474 2025-12-16 IDOR in Menulux Software's Mobile App
CVE-2025-14443 2025-12-16 Ose-openshift-apiserver: openshift api server: server-side request forgery (ssrf) vulnerability in imagestreamimport mechanism
CVE-2025-65074 2025-12-16 OS Command Injection via Path Traversal in WaveStore Server
CVE-2025-65075 2025-12-16 Arbitrary File Read and Delete via Path Traversal in WaveStore Server
CVE-2025-65076 2025-12-16 Arbitrary File Read and Delete via Path Traversal in WaveStore Server
CVE-2025-14780 2025-12-16 Xiongwei Smart Catering Cloud Platform dish_trade_detail_get sql injection
CVE-2025-40346 2025-12-16 arch_topology: Fix incorrect error check in topology_parse_cpu_capacity()
CVE-2025-40347 2025-12-16 net: enetc: fix the deadlock of enetc_mdio_lock
CVE-2025-40348 2025-12-16 slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts
CVE-2025-40349 2025-12-16 hfs: validate record offset in hfsplus_bmap_alloc
CVE-2025-40350 2025-12-16 net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ
CVE-2025-40351 2025-12-16 hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
CVE-2025-40352 2025-12-16 platform/mellanox: mlxbf-pmc: add sysfs_attr_init() to count_clock init
CVE-2025-40353 2025-12-16 arm64: mte: Do not warn if the page is already tagged in copy_highpage()
CVE-2025-40354 2025-12-16 drm/amd/display: increase max link count and fix link->enc NULL pointer access
CVE-2025-40355 2025-12-16 sysfs: check visibility before changing group attribute ownership
CVE-2025-40356 2025-12-16 spi: rockchip-sfc: Fix DMA-API usage
CVE-2025-40357 2025-12-16 net/smc: fix general protection fault in __smc_diag_dump
CVE-2025-40358 2025-12-16 riscv: stacktrace: Disable KASAN checks for non-current tasks
CVE-2025-40359 2025-12-16 perf/x86/intel: Fix KASAN global-out-of-bounds warning
CVE-2025-40360 2025-12-16 drm/sysfb: Do not dereference NULL pointer in plane reset
CVE-2025-40361 2025-12-16 fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock
CVE-2025-40362 2025-12-16 ceph: fix multifs mds auth caps issue
CVE-2025-40363 2025-12-16 net: ipv6: fix field-spanning memcpy warning in AH output
CVE-2025-68167 2025-12-16 gpiolib: fix invalid pointer access in debugfs
CVE-2025-68168 2025-12-16 jfs: fix uninitialized waitqueue in transaction manager
CVE-2025-68169 2025-12-16 netpoll: Fix deadlock in memory allocation under spinlock
CVE-2025-68170 2025-12-16 drm/radeon: Do not kfree() devres managed rdev
CVE-2025-68171 2025-12-16 x86/fpu: Ensure XFD state on signal delivery
CVE-2025-68172 2025-12-16 crypto: aspeed - fix double free caused by devm
CVE-2025-68173 2025-12-16 ftrace: Fix softlockup in ftrace_module_enable
CVE-2025-68174 2025-12-16 amd/amdkfd: enhance kfd process check in switch partition
CVE-2025-68175 2025-12-16 media: nxp: imx8-isi: Fix streaming cleanup on release
CVE-2025-68176 2025-12-16 PCI: cadence: Check for the existence of cdns_pcie::ops before using it
CVE-2025-68177 2025-12-16 cpufreq/longhaul: handle NULL policy in longhaul_exit
CVE-2025-68178 2025-12-16 blk-cgroup: fix possible deadlock while configuring policy
CVE-2025-68179 2025-12-16 s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP
CVE-2025-68180 2025-12-16 drm/amd/display: Fix NULL deref in debugfs odm_combine_segments
CVE-2025-68181 2025-12-16 drm/radeon: Remove calls to drm_put_dev()
CVE-2025-68182 2025-12-16 wifi: iwlwifi: fix potential use after free in iwl_mld_remove_link()
CVE-2025-68183 2025-12-16 ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr
CVE-2025-68184 2025-12-16 drm/mediatek: Disable AFBC support on Mediatek DRM driver
CVE-2025-68185 2025-12-16 nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing
CVE-2025-68186 2025-12-16 ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up
CVE-2025-68187 2025-12-16 net: mdio: Check regmap pointer returned by device_node_to_regmap()
CVE-2025-68188 2025-12-16 tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()
CVE-2025-68189 2025-12-16 drm/msm: Fix GEM free for imported dma-bufs
CVE-2025-68190 2025-12-16 drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()