CVE List - 2025 / December
Showing 3101 - 3200 of 3706 CVEs for December 2025 (Page 32 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-67790 | 2025-12-17 | An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen Of Death (BSOD) on Windows... |
| CVE-2025-67791 | 2025-12-17 | An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete configuration (agent authentication) in DriveLock tenant allows attackers to impersonate any DriveLock... |
| CVE-2025-67792 | 2025-12-17 | An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows... |
| CVE-2025-67793 | 2025-12-17 | An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC... |
| CVE-2025-67794 | 2025-12-17 | An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing... |
| CVE-2025-14701 | 2025-12-17 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller |
| CVE-2025-14700 | 2025-12-17 | Improper Neutralization of Special Elements Used in a Template Engine in Crafty Controller |
| CVE-2025-53524 | 2025-12-17 | Fuji Electric Monitouch V-SFT-6 Out-of-bounds Write |
| CVE-2025-11009 | 2025-12-17 | Information Disclosure Vulnerability in GT Designer3 |
| CVE-2025-11369 | 2025-12-17 | Essential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure |
| CVE-2025-14801 | 2025-12-17 | xiweicheng TMS create createComment cross site scripting |
| CVE-2025-14302 | 2025-12-17 | GIGABYTE|Motherboard - Protection Mechanism Failure |
| CVE-2025-14303 | 2025-12-17 | MSI|Motherboard - Protection Mechanism Failure |
| CVE-2025-13977 | 2025-12-17 | Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-14304 | 2025-12-17 | ASRock, ASRockRack, ASRockInd|Motherboard - Protection Mechanism Failure |
| CVE-2025-14305 | 2025-12-17 | Acer|ListCheck.exe - Local Privilege Escalation |
| CVE-2025-64700 | 2025-12-17 | Cross-site request forgery vulnerability exists in GROWI v7.3.3 and earlier. If a user views a malicious page while logged in, the user may be tricked to do unintended operations. |
| CVE-2025-11901 | 2025-12-17 | An uncontrolled resource consumption vulnerability affects certain ASUS motherboards using Intel B460, B560, B660, B760, H410, H510, H610, H470, Z590, Z690, Z790, W480, W680 series chipsets. Exploitation requires physical access... |
| CVE-2025-11775 | 2025-12-17 | An out-of-bounds read vulnerability has been identified in the asComSvc service. This vulnerability can be triggered by sending specially crafted requests, which may lead to a service crash or partial... |
| CVE-2025-59374 | 2025-12-17 | "UNSUPPORTED WHEN ASSIGNED" Certain versions of the ASUS Live Update client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific... |
| CVE-2025-13861 | 2025-12-17 | HTML Forms – Simple WordPress Forms Plugin <= 1.6.0 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-13880 | 2025-12-17 | WP Social Ninja - Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 4.0.1 - Missing Authorization to Unauthenticated Plugin's Settings Disclosure And Modification |
| CVE-2025-14385 | 2025-12-17 | WP Recipe Maker <= 10.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-14154 | 2025-12-17 | Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.10.2 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2025-14817 | 2025-12-17 | Factory Mode App Exists Privilege Escalation Issue Allowing Third-Party Apps to Open ADB |
| CVE-2025-14061 | 2025-12-17 | Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) : WP Cookie Consent <= 4.0.7 - Missing Authorization to Unauthenticated Arbitrary Post Deletion |
| CVE-2025-13750 | 2025-12-17 | Converter for Media <= 6.3.2 - Missing Authorization to Authenticated (Subscriber+) Optimized Image Deletion via regenerate-attachment REST Endpoint |
| CVE-2025-11924 | 2025-12-17 | Ninja Forms – The Contact Form Builder That Grows With You <= 3.13.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token |
| CVE-2025-12496 | 2025-12-17 | Zephyr Project Manager <= 3.3.203 - Authenticated (Custom+) Arbitrary File Read And Server-Side Request Forgery |
| CVE-2025-14399 | 2025-12-17 | Download Plugins and Themes from Dashboard <= 1.9.6 - Cross-Site Request Forgery to Bulk Plugin/Theme Archival |
| CVE-2025-14347 | 2025-12-17 | Reflected XSS in Proliz's OBS |
| CVE-2025-14101 | 2025-12-17 | IDOR in GG Soft's PaperWork |
| CVE-2025-14095 | 2025-12-17 | Privilege boundary violation in Radiometer Products |
| CVE-2025-67895 | 2025-12-17 | Apache Airflow Providers Edge3: Edge3 Worker RPC RCE on Airflow 2 |
| CVE-2025-62190 | 2025-12-17 | CSRF Allows Call Initiation and Message Delivery |
| CVE-2025-13352 | 2025-12-17 | Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking |
| CVE-2025-62690 | 2025-12-17 | Open redirect in error page when link opened in new tab |
| CVE-2025-14096 | 2025-12-17 | Credential Disclosure vulnerability in Radiometer Products |
| CVE-2025-14097 | 2025-12-17 | Remote Code Execution Vulnerability in Radiometer Products |
| CVE-2025-61736 | 2025-12-17 | iSTAR- Improper Validation of Certificate Expiration |
| CVE-2025-14266 | 2025-12-17 | CSRF in Ercom Cryptobox administration console |
| CVE-2025-44005 | 2025-12-17 | An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks. |
| CVE-2025-14727 | 2025-12-17 | NGINX Ingress Controller vulnerability |
| CVE-2025-43873 | 2025-12-17 | iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - setFaultDebounce |
| CVE-2025-26381 | 2025-12-17 | OpenBlue Mobile Web Application configuration issue for optional for OpenBlue Workplace (formerly FM Systems) |
| CVE-2025-20393 | 2025-12-17 | Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability |
| CVE-2025-12689 | 2025-12-17 | DoS in Calls plugin via malformed UTF-8 in WebSocket request |
| CVE-2025-13321 | 2025-12-17 | Mattermost Desktop App logging sensitive information and fails to clear data on server deletion |
| CVE-2025-13324 | 2025-12-17 | Mattermost Remote Cluster Invite Token Replay |
| CVE-2025-13326 | 2025-12-17 | Mattermost Desktop App fails to enable Hardened Runtime when packaged for Mac App Store |
| CVE-2025-13217 | 2025-12-17 | Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value' |
| CVE-2025-13537 | 2025-12-17 | Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2025-14081 | 2025-12-17 | Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass |
| CVE-2025-62521 | 2025-12-17 | ChurchCRM has unauthenticated RCE in its Install Wizard |
| CVE-2025-66395 | 2025-12-17 | SQL Injection in Event List via `WhichType` Parameter |
| CVE-2025-66396 | 2025-12-17 | ChurchCRM has SQL Injection in User Editor via `type` Parameter Key |
| CVE-2025-66397 | 2025-12-17 | ChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access Control |
| CVE-2025-66646 | 2025-12-17 | RIOT-OS has NULL pointer dereference in gnrc_ipv6_ext_frag_reass |
| CVE-2025-34441 | 2025-12-17 | AVideo < 20.0 User Information Disclosure via Public API |
| CVE-2025-34442 | 2025-12-17 | AVideo < 20.0 System Path Disclosure via Public API |
| CVE-2025-34440 | 2025-12-17 | AVideo < 20.0 Open Redirect via siteRedirectUri Parameter |
| CVE-2025-34439 | 2025-12-17 | AVideo < 20.0 Open Redirect via cancelUri Parameter |
| CVE-2025-34434 | 2025-12-17 | AVideo < 20.0 ImageGallery Plugin Unauthenticated File Upload and Deletion |
| CVE-2025-34436 | 2025-12-17 | AVideo < 20.0 IDOR Arbitrary File Upload |
| CVE-2025-34435 | 2025-12-17 | AVideo < 20.0 IDOR Arbitrary File Deletion |
| CVE-2025-34437 | 2025-12-17 | AVideo < 20.0 IDOR Arbitrary Comment Image Upload |
| CVE-2025-34438 | 2025-12-17 | AVideo < 20.0 IDOR Arbitrary Video Rotation |
| CVE-2025-14759 | 2025-12-17 | Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts... |
| CVE-2025-14760 | 2025-12-17 | Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different... |
| CVE-2025-14761 | 2025-12-17 | Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different... |
| CVE-2025-14762 | 2025-12-17 | Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different... |
| CVE-2025-14763 | 2025-12-17 | Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts... |
| CVE-2025-14764 | 2025-12-17 | Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts... |
| CVE-2025-66647 | 2025-12-17 | RIOT OS has buffer overflow in gnrc_ipv6_ext_frag_reass |
| CVE-2025-53000 | 2025-12-17 | nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows |
| CVE-2025-59849 | 2025-12-17 | HCL BigFix Remote Control is vulnerable to an insecure CSP configuration |
| CVE-2025-46277 | 2025-12-17 | A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2. An app may be able to... |
| CVE-2025-46282 | 2025-12-17 | The issue was addressed with additional permissions checks. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. An app may be able to access sensitive user data. |
| CVE-2025-43501 | 2025-12-17 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2,... |
| CVE-2025-43541 | 2025-12-17 | A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2,... |
| CVE-2025-46283 | 2025-12-17 | A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may be able to access sensitive user data. |
| CVE-2025-43428 | 2025-12-17 | A configuration issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Photos in the Hidden Photos Album may... |
| CVE-2025-43536 | 2025-12-17 | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing... |
| CVE-2025-46292 | 2025-12-17 | This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26.2 and iPadOS 26.2, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to access... |
| CVE-2025-55254 | 2025-12-17 | HCL BigFix Remote Control is vulnerable to a Path-relative stylesheet import (PRSSI) |
| CVE-2025-43531 | 2025-12-17 | A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe... |
| CVE-2025-46288 | 2025-12-17 | A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2, macOS Tahoe 26.2. An app may be able... |
| CVE-2025-43526 | 2025-12-17 | This issue was addressed with improved URL validation. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. On a Mac with Lockdown Mode enabled, web content opened via a... |
| CVE-2025-43475 | 2025-12-17 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data. |
| CVE-2025-43529 | 2025-12-17 | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe... |
| CVE-2025-43533 | 2025-12-17 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. A... |
| CVE-2025-46291 | 2025-12-17 | A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may bypass Gatekeeper checks. |
| CVE-2025-43535 | 2025-12-17 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2.... |
| CVE-2025-46279 | 2025-12-17 | A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2,... |
| CVE-2025-46278 | 2025-12-17 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data. |
| CVE-2025-46281 | 2025-12-17 | A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of its sandbox. |
| CVE-2025-43514 | 2025-12-17 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data. |
| CVE-2025-67493 | 2025-12-17 | Homarr issing input sanitization and possible privilege escalation through ldap search query injection |
| CVE-2025-67873 | 2025-12-17 | Capstone doesn't check Skipdata length, leading to cs_insn.bytes heap buffer overflow |
| CVE-2025-68114 | 2025-12-17 | Capstone doesn't check vsnprintf return in SStream_concat, allows stack buffer underflow and overflow |