CVE List - 2025 / December
Showing 801 - 900 of 3706 CVEs for December 2025 (Page 9 of 38)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2025-14189 | 2025-12-07 | Chanjet CRM jxf_dump_table_demo.php sql injection |
| CVE-2025-14190 | 2025-12-07 | Chanjet TPlus sql injection |
| CVE-2025-14191 | 2025-12-07 | UTT 进取 512W formP2PLimitConfig strcpy buffer overflow |
| CVE-2025-14192 | 2025-12-07 | RashminDungrani online-banking auth_login.php sql injection |
| CVE-2025-14193 | 2025-12-07 | code-projects Employee Profile Management System view_personnel.php sql injection |
| CVE-2025-14194 | 2025-12-07 | code-projects Employee Profile Management System view_personnel.php cross site scripting |
| CVE-2025-14195 | 2025-12-07 | code-projects Employee Profile Management System add_file_query.php unrestricted upload |
| CVE-2025-14196 | 2025-12-07 | H3C Magic B1 aspForm sub_44de0 buffer overflow |
| CVE-2025-14197 | 2025-12-07 | Verysync 微力同步 Web Administration f96956469e7be39d information disclosure |
| CVE-2025-14198 | 2025-12-07 | Verysync 微力同步 Web Administration download information disclosure |
| CVE-2025-14199 | 2025-12-07 | Verysync 微力同步 Web Administration text.txt unrestricted upload |
| CVE-2025-14200 | 2025-12-07 | alokjaiswal Hotel-Management-services-using-MYSQL-and-php Request Pending usersub.php cross site scripting |
| CVE-2025-14201 | 2025-12-07 | alokjaiswal Hotel-Management-services-using-MYSQL-and-php dishsub.php cross site scripting |
| CVE-2025-14203 | 2025-12-07 | code-projects Question Paper Generator selectquestionuser.php sql injection |
| CVE-2025-14204 | 2025-12-07 | TykoDev cherry-studio-TykoFork OAuth Server Discovery oauth-authorization-server redirectToAuthorization os command injection |
| CVE-2025-14205 | 2025-12-07 | code-projects Chamber of Commerce Membership Management System Your Info membership_profile.php cross site scripting |
| CVE-2025-59391 | 2025-12-08 | A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or... |
| CVE-2025-60912 | 2025-12-08 | phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump... |
| CVE-2025-61318 | 2025-12-08 | Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering... |
| CVE-2025-63721 | 2025-12-08 | HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and take over the server. |
| CVE-2025-64081 | 2025-12-08 | SQL injection vulnerability in /php/api_patient_schedule.php in SourceCodester Patients Waiting Area Queue Management System v1 allows attackers to execute arbitrary SQL commands via the appointmentID parameter. |
| CVE-2025-65228 | 2025-12-08 | A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller (firmware 1.5.1799). |
| CVE-2025-65229 | 2025-12-08 | A stored cross-site scripting (XSS) vulnerability exists in the web interface of Lyrion Music Server <= 9.0.3. An authenticated user with access to Settings Player can save arbitrary HTML/JavaScript in... |
| CVE-2025-65230 | 2025-12-08 | Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting (XSS) vulnerability in the Web UI Configuration Streaming Destination input. |
| CVE-2025-65231 | 2025-12-08 | Barix Instreamer v04.06 and earlier is vulnerable to Cross Site Scripting (XSS) in the Web UI I/O & Serial configuration page, specifically the CTS close command user-input field which is... |
| CVE-2025-65271 | 2025-12-08 | Client-side template injection (CSTI) in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins... |
| CVE-2025-65363 | 2025-12-08 | Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1.x) allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the... |
| CVE-2025-65548 | 2025-12-08 | NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell (cashubtc/nuts) before 0.18.0 do not validate the size of preimage when the token is spent. The preimage... |
| CVE-2025-65795 | 2025-12-08 | Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request. |
| CVE-2025-65796 | 2025-12-08 | Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos. |
| CVE-2025-65797 | 2025-12-08 | Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover... |
| CVE-2025-65798 | 2025-12-08 | Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users. |
| CVE-2025-65799 | 2025-12-08 | A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal. |
| CVE-2025-65804 | 2025-12-08 | Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE). |
| CVE-2025-65849 | 2025-12-08 | A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version 0.8.0 and later allows for remote visitors to recover the Proof-of-Work nonce in constant time via mathematical deduction. NOTE: this is... |
| CVE-2025-14206 | 2025-12-08 | SourceCodester Online Student Clearance System Fee Table delete-fee.php improper authorization |
| CVE-2025-40290 | 2025-12-08 | xsk: avoid data corruption on cq descriptor number |
| CVE-2025-14207 | 2025-12-08 | tushar-2223 Hotel-Management-System invoiceprint.php sql injection |
| CVE-2025-40291 | 2025-12-08 | io_uring: fix regbuf vector size truncation |
| CVE-2025-40292 | 2025-12-08 | virtio-net: fix received length check in big packets |
| CVE-2025-40293 | 2025-12-08 | iommufd: Don't overflow during division for dirty tracking |
| CVE-2025-40294 | 2025-12-08 | Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() |
| CVE-2025-40295 | 2025-12-08 | fscrypt: fix left shift underflow when inode->i_blkbits > PAGE_SHIFT |
| CVE-2025-40296 | 2025-12-08 | platform/x86: int3472: Fix double free of GPIO device during unregister |
| CVE-2025-40297 | 2025-12-08 | net: bridge: fix use-after-free due to MST port state bypass |
| CVE-2025-40298 | 2025-12-08 | gve: Implement settime64 with -EOPNOTSUPP |
| CVE-2025-40299 | 2025-12-08 | gve: Implement gettimex64 with -EOPNOTSUPP |
| CVE-2025-40301 | 2025-12-08 | Bluetooth: hci_event: validate skb length for unknown CC opcode |
| CVE-2025-40302 | 2025-12-08 | media: videobuf2: forbid remove_bufs when legacy fileio is active |
| CVE-2025-40303 | 2025-12-08 | btrfs: ensure no dirty metadata is written back for an fs with errors |
| CVE-2025-40304 | 2025-12-08 | fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds |
| CVE-2025-40305 | 2025-12-08 | 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN |
| CVE-2025-40306 | 2025-12-08 | orangefs: fix xattr related buffer overflow... |
| CVE-2025-40307 | 2025-12-08 | exfat: validate cluster allocation bits of the allocation bitmap |
| CVE-2025-40308 | 2025-12-08 | Bluetooth: bcsp: receive data only if registered |
| CVE-2025-40309 | 2025-12-08 | Bluetooth: SCO: Fix UAF on sco_conn_free |
| CVE-2025-40310 | 2025-12-08 | amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw |
| CVE-2025-40311 | 2025-12-08 | accel/habanalabs: support mapping cb with vmalloc-backed coherent memory |
| CVE-2025-40312 | 2025-12-08 | jfs: Verify inode mode when loading from disk |
| CVE-2025-40313 | 2025-12-08 | ntfs3: pretend $Extend records as regular files |
| CVE-2025-40314 | 2025-12-08 | usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget |
| CVE-2025-40315 | 2025-12-08 | usb: gadget: f_fs: Fix epfile null pointer access after ep enable. |
| CVE-2025-40316 | 2025-12-08 | drm/mediatek: Fix device use-after-free on unbind |
| CVE-2025-40317 | 2025-12-08 | regmap: slimbus: fix bus_context pointer in regmap init calls |
| CVE-2025-40318 | 2025-12-08 | Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once |
| CVE-2025-40319 | 2025-12-08 | bpf: Sync pending IRQ work before freeing ring buffer |
| CVE-2025-40320 | 2025-12-08 | smb: client: fix potential cfid UAF in smb2_query_info_compound |
| CVE-2025-40321 | 2025-12-08 | wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode |
| CVE-2025-40322 | 2025-12-08 | fbdev: bitblit: bound-check glyph index in bit_putcs* |
| CVE-2025-40323 | 2025-12-08 | fbcon: Set fb_display[i]->mode to NULL when the mode is released |
| CVE-2025-40324 | 2025-12-08 | NFSD: Fix crash in nfsd4_read_release() |
| CVE-2025-40326 | 2025-12-08 | NFSD: Define actions for the new time_deleg FATTR4 attributes |
| CVE-2025-14208 | 2025-12-08 | D-Link DIR-823X set_wan_settings sub_415028 command injection |
| CVE-2022-50583 | 2025-12-08 | md/raid0, raid10: Don't set discard sectors for request queue |
| CVE-2022-50614 | 2025-12-08 | misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic |
| CVE-2022-50615 | 2025-12-08 | perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() |
| CVE-2022-50616 | 2025-12-08 | regulator: core: Use different devices for resource allocation and DT lookup |
| CVE-2022-50617 | 2025-12-08 | drm/amdgpu/powerplay/psm: Fix memory leak in power state init |
| CVE-2022-50618 | 2025-12-08 | mmc: meson-gx: fix return value check of mmc_add_host() |
| CVE-2022-50619 | 2025-12-08 | drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() |
| CVE-2022-50620 | 2025-12-08 | f2fs: fix to invalidate dcc->f2fs_issue_discard in error path |
| CVE-2022-50621 | 2025-12-08 | dm: verity-loadpin: Only trust verity targets with enforcement |
| CVE-2022-50622 | 2025-12-08 | ext4: fix potential memory leak in ext4_fc_record_modified_inode() |
| CVE-2022-50623 | 2025-12-08 | fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() |
| CVE-2022-50624 | 2025-12-08 | net: netsec: fix error handling in netsec_register_mdio() |
| CVE-2022-50625 | 2025-12-08 | serial: amba-pl011: avoid SBSA UART accessing DMACR register |
| CVE-2022-50626 | 2025-12-08 | media: dvb-usb: fix memory leak in dvb_usb_adapter_init() |
| CVE-2022-50627 | 2025-12-08 | wifi: ath11k: fix monitor mode bringup crash |
| CVE-2022-50628 | 2025-12-08 | drm/gud: Fix UBSAN warning |
| CVE-2022-50629 | 2025-12-08 | wifi: rsi: Fix memory leak in rsi_coex_attach() |
| CVE-2022-50630 | 2025-12-08 | mm: hugetlb: fix UAF in hugetlb_handle_userfault |
| CVE-2023-53742 | 2025-12-08 | kcsan: Avoid READ_ONCE() in read_instrumented_memory() |
| CVE-2023-53743 | 2025-12-08 | PCI: Free released resource after coalescing |
| CVE-2023-53744 | 2025-12-08 | soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe |
| CVE-2023-53745 | 2025-12-08 | um: vector: Fix memory leak in vector_config |
| CVE-2023-53746 | 2025-12-08 | s390/vfio-ap: fix memory leak in vfio_ap device driver |
| CVE-2023-53747 | 2025-12-08 | vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF |
| CVE-2023-53748 | 2025-12-08 | media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup |
| CVE-2023-53749 | 2025-12-08 | x86: fix clear_user_rep_good() exception handling annotation |
| CVE-2023-53750 | 2025-12-08 | pinctrl: freescale: Fix a memory out of bounds when num_configs is 1 |