CVE List - 2025 / December
Showing 201 - 300 of 3706 CVEs for December 2025 (Page 3 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-20757 | 2025-12-02 | In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base... |
| CVE-2025-20756 | 2025-12-02 | In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base... |
| CVE-2025-20752 | 2025-12-02 | In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue... |
| CVE-2025-20791 | 2025-12-02 | In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base... |
| CVE-2025-20751 | 2025-12-02 | In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue... |
| CVE-2025-20750 | 2025-12-02 | In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base... |
| CVE-2025-20763 | 2025-12-02 | In mmdvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already... |
| CVE-2025-20764 | 2025-12-02 | In smi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already... |
| CVE-2025-20765 | 2025-12-02 | In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the... |
| CVE-2025-20766 | 2025-12-02 | In display, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System... |
| CVE-2025-20767 | 2025-12-02 | In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained... |
| CVE-2025-20768 | 2025-12-02 | In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already... |
| CVE-2025-20769 | 2025-12-02 | In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already... |
| CVE-2025-20770 | 2025-12-02 | In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System... |
| CVE-2025-20771 | 2025-12-02 | In display, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the... |
| CVE-2025-20772 | 2025-12-02 | In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System... |
| CVE-2025-20773 | 2025-12-02 | In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System... |
| CVE-2025-20774 | 2025-12-02 | In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already... |
| CVE-2025-20775 | 2025-12-02 | In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System... |
| CVE-2025-20776 | 2025-12-02 | In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already... |
| CVE-2025-20777 | 2025-12-02 | In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already... |
| CVE-2025-20788 | 2025-12-02 | In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User... |
| CVE-2025-20789 | 2025-12-02 | In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2025-13387 | 2025-12-02 | Kadence WooCommerce Email Designer <= 1.5.17 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-13606 | 2025-12-02 | Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure |
| CVE-2025-13000 | 2025-12-02 | DB Access <= 0.8.7 - Subscriber+ SQLi |
| CVE-2025-13001 | 2025-12-02 | Donation <= 1.0 - Admin+ SQLi |
| CVE-2025-13007 | 2025-12-02 | WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 3.20.3 - Unauthenticated Stored Cross-Site Scripting via External Content Import |
| CVE-2025-13685 | 2025-12-02 | Photo Gallery by Ays <= 6.4.8 - Cross-Site Request Forgery to Bulk Actions |
| CVE-2025-13140 | 2025-12-02 | SurveyJS: Drag & Drop WordPress Form Builder <= 1.12.20 - Cross-Site Request Forgery to Survey Deletion |
| CVE-2025-12483 | 2025-12-02 | Visualizer: Tables and Charts Manager for WordPress <= 3.11.12 - Authenticated (Contributor+) SQL Injection |
| CVE-2025-13696 | 2025-12-02 | Zigaform <= 7.6.5 - Unauthenticated Form Submission Data Disclosure in rocket_front_payment_seesummary AJAX Endpoint |
| CVE-2025-11726 | 2025-12-02 | Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Global Preset Modification |
| CVE-2025-10971 | 2025-12-02 | Insecure Storage of Sensitive Information |
| CVE-2025-10543 | 2025-12-02 | In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead... |
| CVE-2025-13534 | 2025-12-02 | ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.2 - Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action |
| CVE-2025-13724 | 2025-12-02 | VikRentCar Car Rental Management System <= 1.4.4 - Authenticated (Author+) SQL Injection via 'month' Parameter |
| CVE-2025-13516 | 2025-12-02 | SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers <= 1.9.0 - Unauthenticated Arbitrary File Upload |
| CVE-2025-13870 | 2025-12-02 | Unauthorized access and subscription vulnerability in Boards |
| CVE-2025-13871 | 2025-12-02 | The feature to manage resources is prone to Cross-Site Request Forgery attacks |
| CVE-2025-13872 | 2025-12-02 | Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio |
| CVE-2025-13873 | 2025-12-02 | The feature to import a survey is prone to stored Cross-Site Script attacks |
| CVE-2025-41744 | 2025-12-02 | Sprecher Automation: SPRECON-E series has static default key material for TLS connections |
| CVE-2025-41743 | 2025-12-02 | Sprecher Automation: SPRECON-E series prone to weak encryption of update files |
| CVE-2025-41742 | 2025-12-02 | Sprecher Automation: SPRECON-E series has a critical vulnerability due to the use of static cryptographic keys in system components |
| CVE-2025-13353 | 2025-12-02 | gokey allows secret recovery from a seed file without the master password |
| CVE-2025-13090 | 2025-12-02 | WP Directory Kit <= 1.4.6 - Authenticated (Admin+) SQL Injection |
| CVE-2025-12465 | 2025-12-02 | Blind SQL Injection in QuickCMS |
| CVE-2025-13879 | 2025-12-02 | Directory traversal vulnerability in EfficientIP's SOLIDserver IPAM |
| CVE-2025-11778 | 2025-12-02 | Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50 |
| CVE-2025-11779 | 2025-12-02 | Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50 |
| CVE-2025-11780 | 2025-12-02 | Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50 |
| CVE-2025-11781 | 2025-12-02 | Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 |
| CVE-2025-11782 | 2025-12-02 | Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 |
| CVE-2025-11783 | 2025-12-02 | Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 |
| CVE-2025-11784 | 2025-12-02 | Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 |
| CVE-2025-11785 | 2025-12-02 | Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 |
| CVE-2025-11786 | 2025-12-02 | Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 |
| CVE-2025-11787 | 2025-12-02 | Command injection vulnerability in Circutor SGE-PLC1000/SGE-PLC50 |
| CVE-2025-11788 | 2025-12-02 | Heap-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 |
| CVE-2025-11789 | 2025-12-02 | Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 |
| CVE-2025-40700 | 2025-12-02 | Reflected Cross-Site Scripting (XSS) in Governalia by IDI Eikon |
| CVE-2025-41012 | 2025-12-02 | Unauthorized access vulnerability in TCMAN GIM |
| CVE-2025-41013 | 2025-12-02 | SQL injection vulnerability in TCMAN GIM |
| CVE-2025-41014 | 2025-12-02 | User Enumeration vulnerability in TCMAN GIM |
| CVE-2025-41015 | 2025-12-02 | User Enumeration vulnerability in TCMAN GIM |
| CVE-2025-41086 | 2025-12-02 | Authorization bypass in GAMS from GAMS Development Corp. |
| CVE-2025-13295 | 2025-12-02 | Sensitive Data Exposure in ArgusTech's BILGER |
| CVE-2025-13731 | 2025-12-02 | Nexter Extension <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-41066 | 2025-12-02 | Disclosure of sensitive information in Horde Groupware |
| CVE-2025-13505 | 2025-12-02 | Stored XSS in Datateam's Datactive |
| CVE-2025-13875 | 2025-12-02 | Yohann0617 oci-helper OCI Configuration Upload OciServiceImpl.java addCfg path traversal |
| CVE-2025-13876 | 2025-12-02 | Rareprob HD Video Player All Formats App com.rocks.music.videoplayer path traversal |
| CVE-2025-13372 | 2025-12-02 | Potential SQL injection in FilteredRelation column aliases on PostgreSQL |
| CVE-2025-64460 | 2025-12-02 | Potential denial-of-service vulnerability in XML serializer text extraction |
| CVE-2025-58113 | 2025-12-02 | An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.7.3.401. By using a specially crafted EMF file, an attacker could exploit this vulnerability to... |
| CVE-2025-12630 | 2025-12-02 | Upload.am File Hosting VPN < 1.0.1 - Contributor+ Arbitrary Option Disclosure |
| CVE-2025-13877 | 2025-12-02 | nocobase JWT Service jwt-service.ts hard-coded key |
| CVE-2025-13827 | 2025-12-02 | GrapesJsBuilder File Upload allows all file uploads |
| CVE-2025-13828 | 2025-12-02 | Mautic user without privileged access to the Marketplace can install and uninstall composer packages |
| CVE-2025-64750 | 2025-12-02 | Singluarity ineffectively applies of selinux / apparmor LSM process labels |
| CVE-2025-65105 | 2025-12-02 | Apptainer ineffective application of selinux and apparmor --security options |
| CVE-2025-66399 | 2025-12-02 | SNMP Command Injection leads to RCE in Cacti |
| CVE-2025-52622 | 2025-12-02 | HCL BigFix SaaS Remediate is affected by a security vulnerability |
| CVE-2025-66409 | 2025-12-02 | ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling |
| CVE-2025-66414 | 2025-12-02 | DNS Rebinding Protection Disabled by Default in Model Context Protocol TypeScript SDK for Servers Running on Localhost |
| CVE-2025-66416 | 2025-12-02 | DNS Rebinding Protection Disabled by Default in Model Context Protocol Python SDK for Servers Running on Localhost |
| CVE-2025-66454 | 2025-12-02 | Arcade MCP Default Hardcoded Worker Secret Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints |
| CVE-2025-66458 | 2025-12-02 | Lookyloo has multiple XSS due to unsafe use of f-strings in Markup |
| CVE-2025-66459 | 2025-12-02 | Lookyloo vulnerable to XSS due to unescaped error message passed to innerHTML |
| CVE-2025-66460 | 2025-12-02 | Lookyloo vulnerable to XSS due to lack of escaping in HTML elements passed to Datatables |
| CVE-2025-34352 | 2025-12-02 | JumpCloud Remote Assist < 0.317.0 Arbitrary File Write/Delete via Insecure Temp Directory |
| CVE-2025-66468 | 2025-12-02 | Aimeos GrapesJS CMS extension possible stores XSS exploitable by authenticated editors |
| CVE-2025-57850 | 2025-12-02 | Codeready-ws: privilege escalation via excessive /etc/passwd permissions |
| CVE-2025-61729 | 2025-12-02 | Excessive resource consumption when printing error string for host certificate validation in crypto/x509 |
| CVE-2025-13630 | 2025-12-02 | Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-13631 | 2025-12-02 | Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. (Chromium security severity: High) |
| CVE-2025-13632 | 2025-12-02 | Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a... |
| CVE-2025-13634 | 2025-12-02 | Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. (Chromium security severity:... |
| CVE-2025-13635 | 2025-12-02 | Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |