Lista CVE - 2025 / Dicembre
Visualizzazione 1301 - 1400 di 3706 CVE per Dicembre 2025 (Pagina 14 di 38)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-56838 | 2025-12-09 | A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple... |
| CVE-2024-56839 | 2025-12-09 | A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding).... |
| CVE-2024-56840 | 2025-12-09 | A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage... |
| CVE-2025-40800 | 2025-12-09 | A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D (All versions... |
| CVE-2025-40801 | 2025-12-09 | A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), JT Bi-Directional Translator for STEP (All versions), NX V2412 (All versions < V2412.8900 with Cloud Entitlement... |
| CVE-2025-40806 | 2025-12-09 | A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated... |
| CVE-2025-40807 | 2025-12-09 | A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already... |
| CVE-2025-40818 | 2025-12-09 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing... |
| CVE-2025-40819 | 2025-12-09 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications do not properly validate license restrictions against the database, allowing direct modification of... |
| CVE-2025-40820 | 2025-12-09 | Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere... |
| CVE-2025-40830 | 2025-12-09 | A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application does not have proper authorization checks for the file_transfer feature in ssmctl-client command. This... |
| CVE-2025-40831 | 2025-12-09 | A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application lacks input validation of date parameter in report generation functionality. This could allow an... |
| CVE-2025-40935 | 2025-12-09 | A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.1), RUGGEDCOM RS900 (32M)... |
| CVE-2025-40937 | 2025-12-09 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application do not properly validate input parameters in its REST API, resulting in improper handling... |
| CVE-2025-40938 | 2025-12-09 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device stores sensitive information in the firmware. This could allow an attacker to access and... |
| CVE-2025-40939 | 2025-12-09 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device contains a USB port which allows unauthenticated connections. This could allow an attacker with... |
| CVE-2025-40940 | 2025-12-09 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability and unreliable configuration handling across... |
| CVE-2025-40941 | 2025-12-09 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected devices exposes server information in its responses. This could allow an attacker with network access... |
| CVE-2025-11022 | 2025-12-09 | CSRF in Panilux |
| CVE-2024-56464 | 2025-12-09 | IBM QRadar SIEM is affected by an information disclosure vulnerability |
| CVE-2025-14321 | 2025-12-09 | Use-after-free in the WebRTC: Signaling component |
| CVE-2025-14322 | 2025-12-09 | Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component |
| CVE-2025-14323 | 2025-12-09 | Privilege escalation in the DOM: Notifications component |
| CVE-2025-14324 | 2025-12-09 | JIT miscompilation in the JavaScript Engine: JIT component |
| CVE-2025-14325 | 2025-12-09 | JIT miscompilation in the JavaScript Engine: JIT component |
| CVE-2025-14326 | 2025-12-09 | Use-after-free in the Audio/Video: GMP component |
| CVE-2025-14327 | 2025-12-09 | Spoofing issue in the Downloads Panel component |
| CVE-2025-14328 | 2025-12-09 | Privilege escalation in the Netmonitor component |
| CVE-2025-14329 | 2025-12-09 | Privilege escalation in the Netmonitor component |
| CVE-2025-14330 | 2025-12-09 | JIT miscompilation in the JavaScript Engine: JIT component |
| CVE-2025-14331 | 2025-12-09 | Same-origin policy bypass in the Request Handling component |
| CVE-2025-14332 | 2025-12-09 | Memory safety bugs fixed in Firefox 146 and Thunderbird 146 |
| CVE-2025-14333 | 2025-12-09 | Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 |
| CVE-2025-6924 | 2025-12-09 | Reflected XSS in TalentSoft's e-BAP |
| CVE-2025-12381 | 2025-12-09 | Privilege Escalation via Misconfigured Sudoers Entry for Local Users in AlgoSec Firewall Analyzer |
| CVE-2025-10876 | 2025-12-09 | XSS in TalentSoft's e-Bap |
| CVE-2025-12705 | 2025-12-09 | Social Reviews & Recommendations <= 2.5 - Unauthenticated Stored Cross-Site Scripting via Social Media Reviews |
| CVE-2025-12558 | 2025-12-09 | Beaver Builder – WordPress Page Builder <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure |
| CVE-2025-12807 | 2025-12-09 | FactoryTalk® DataMosaix™ Private Cloud SQL Injection |
| CVE-2025-9368 | 2025-12-09 | 432ES-IG3 Series A Denial-of-Service Vulnerability |
| CVE-2025-64254 | 2025-12-09 | WordPress Photo Block plugin <= 1.5.1 - Broken Access Control vulnerability |
| CVE-2025-64255 | 2025-12-09 | WordPress Admin and Site Enhancements (ASE) plugin <= 8.0.8 - Broken Access Control vulnerability |
| CVE-2025-64256 | 2025-12-09 | WordPress Simple Folio plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-64257 | 2025-12-09 | WordPress My Tickets plugin <= 2.1.0 - Broken Access Control vulnerability |
| CVE-2025-66525 | 2025-12-09 | WordPress Elastic Email Sender plugin <= 1.2.20 - Broken Access Control vulnerability |
| CVE-2025-66526 | 2025-12-09 | WordPress Tablesome plugin <= 1.1.34 - Broken Access Control vulnerability |
| CVE-2025-66527 | 2025-12-09 | WordPress Lobo theme <= 2.8.6 - Broken Access Control vulnerability |
| CVE-2025-66528 | 2025-12-09 | WordPress Thank You Page Customizer for WooCommerce plugin <= 1.1.8 - Broken Access Control vulnerability |
| CVE-2025-66529 | 2025-12-09 | WordPress Chartify plugin <= 3.6.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-66530 | 2025-12-09 | WordPress Webba Booking plugin <= 6.2.1 - Broken Access Control vulnerability |
| CVE-2025-66531 | 2025-12-09 | WordPress Salon booking system plugin <= 10.30.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-66532 | 2025-12-09 | WordPress Powerlift theme < 3.2.1 - Broken Access Control vulnerability |
| CVE-2025-66534 | 2025-12-09 | WordPress The Aisle theme <= 2.9 - Broken Access Control vulnerability |
| CVE-2025-67465 | 2025-12-09 | WordPress Simple Link Directory plugin <= 8.8.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67466 | 2025-12-09 | WordPress Trinity Audio plugin <= 5.23.3 - Broken Access Control vulnerability |
| CVE-2025-67468 | 2025-12-09 | WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.6 - Broken Access Control vulnerability |
| CVE-2025-67469 | 2025-12-09 | WordPress PDF Thumbnail Generator plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67470 | 2025-12-09 | WordPress Portfolio and Projects plugin <= 1.5.5 - Sensitive Data Exposure vulnerability |
| CVE-2025-67471 | 2025-12-09 | WordPress Quick Contact Form plugin <= 8.2.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67472 | 2025-12-09 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5.5 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67473 | 2025-12-09 | WordPress CWW Companion plugin <= 1.3.2 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67474 | 2025-12-09 | WordPress ForumWP plugin <= 2.1.4 - Broken Access Control vulnerability |
| CVE-2025-67515 | 2025-12-09 | WordPress Wilmër theme < 3.5 - Local File Inclusion vulnerability |
| CVE-2025-67516 | 2025-12-09 | WordPress Store Locator WordPress plugin <= 1.6.2 - SQL Injection vulnerability |
| CVE-2025-67517 | 2025-12-09 | WordPress ArtPlacer Widget plugin <= 2.22.9.2 - SQL Injection vulnerability |
| CVE-2025-67518 | 2025-12-09 | WordPress Accordion Slider PRO plugin <= 1.2 - SQL Injection vulnerability |
| CVE-2025-67519 | 2025-12-09 | WordPress Ninja Tables plugin <= 5.2.3 - SQL Injection vulnerability |
| CVE-2025-67520 | 2025-12-09 | WordPress Media Library Tools plugin <= 1.6.15 - SQL Injection vulnerability |
| CVE-2025-67521 | 2025-12-09 | WordPress Select Core plugin < 2.6 - Local File Inclusion vulnerability |
| CVE-2025-67522 | 2025-12-09 | WordPress Jobmonster theme <= 4.8.2 - Local File Inclusion vulnerability |
| CVE-2025-67523 | 2025-12-09 | WordPress Exhibz theme <= 3.0.9 - Local File Inclusion vulnerability |
| CVE-2025-67524 | 2025-12-09 | WordPress Jobmonster Elementor Addon plugin <= 1.1.4 - Local File Inclusion vulnerability |
| CVE-2025-67525 | 2025-12-09 | WordPress ekommart theme < 4.3.1 - Local File Inclusion vulnerability |
| CVE-2025-67526 | 2025-12-09 | WordPress Sailing theme < 4.4.6 - Local File Inclusion vulnerability |
| CVE-2025-67527 | 2025-12-09 | WordPress Digiqole theme < 2.2.7 - Local File Inclusion vulnerability |
| CVE-2025-67528 | 2025-12-09 | WordPress Urna theme <= 2.5.12 - Local File Inclusion vulnerability |
| CVE-2025-67529 | 2025-12-09 | WordPress Fashion theme < 5.3.0 - Local File Inclusion vulnerability |
| CVE-2025-67530 | 2025-12-09 | WordPress Besa theme <= 2.3.15 - Local File Inclusion vulnerability |
| CVE-2025-67531 | 2025-12-09 | WordPress Turitor theme < 1.5.3 - Local File Inclusion vulnerability |
| CVE-2025-67532 | 2025-12-09 | WordPress Hara theme <= 1.2.17 - Local File Inclusion vulnerability |
| CVE-2025-67533 | 2025-12-09 | WordPress Themify Portfolio Post plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67534 | 2025-12-09 | WordPress Rencontre plugin <= 3.13.7 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2025-67535 | 2025-12-09 | WordPress WP Maps plugin <= 4.8.6 - PHP Object Injection vulnerability |
| CVE-2025-67536 | 2025-12-09 | WordPress LearnPress plugin <= 4.2.9.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67537 | 2025-12-09 | WordPress ThirstyAffiliates plugin <= 3.11.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67538 | 2025-12-09 | WordPress JNews Gallery plugin < 12.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67539 | 2025-12-09 | WordPress Select Core plugin < 2.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67540 | 2025-12-09 | WordPress Animation Addons for Elementor plugin <= 2.4.5 - Arbitrary Content Deletion vulnerability |
| CVE-2025-67541 | 2025-12-09 | WordPress WP-ShowHide plugin <= 1.05 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67542 | 2025-12-09 | WordPress Multi-Step Checkout for WooCommerce plugin <= 2.33 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67543 | 2025-12-09 | WordPress Essential Widgets plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67544 | 2025-12-09 | WordPress Shopkeeper Extender plugin < 7.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67545 | 2025-12-09 | WordPress FireBox plugin <= 3.1.0-free - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67548 | 2025-12-09 | WordPress WP Delicious plugin <= 1.9.1 - Broken Access Control vulnerability |
| CVE-2025-67549 | 2025-12-09 | WordPress oik plugin <= 4.15.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67550 | 2025-12-09 | WordPress Donation Thermometer plugin <= 2.2.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67551 | 2025-12-09 | WordPress Wappointment plugin <= 2.6.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67552 | 2025-12-09 | WordPress Walker Core plugin <= 1.3.17 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67553 | 2025-12-09 | WordPress Advanced FAQ Manager plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67554 | 2025-12-09 | WordPress Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.5.8 - Cross Site Scripting (XSS) vulnerability |