Lista CVE - 2025 / Dicembre
Visualizzazione 501 - 600 di 3706 CVE per Dicembre 2025 (Pagina 6 di 38)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-40245 | 2025-12-04 | nios2: ensure that memblock.current_limit is set when setting pfn limits |
| CVE-2025-40246 | 2025-12-04 | xfs: fix out of bounds memory read error in symlink repair |
| CVE-2025-40247 | 2025-12-04 | drm/msm: Fix pgtable prealloc error path |
| CVE-2025-40248 | 2025-12-04 | vsock: Ignore signal/timeout on connect() if already established |
| CVE-2025-40249 | 2025-12-04 | gpio: cdev: make sure the cdev fd is still active before emitting events |
| CVE-2025-40250 | 2025-12-04 | net/mlx5: Clean up only new IRQ glue on request_irq() failure |
| CVE-2025-40251 | 2025-12-04 | devlink: rate: Unset parent pointer in devl_rate_nodes_destroy |
| CVE-2025-40252 | 2025-12-04 | net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() |
| CVE-2025-40253 | 2025-12-04 | s390/ctcm: Fix double-kfree |
| CVE-2025-40254 | 2025-12-04 | net: openvswitch: remove never-working support for setting nsh fields |
| CVE-2025-40255 | 2025-12-04 | net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() |
| CVE-2025-40256 | 2025-12-04 | xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added |
| CVE-2025-40257 | 2025-12-04 | mptcp: fix a race in mptcp_pm_del_add_timer() |
| CVE-2025-40258 | 2025-12-04 | mptcp: fix race condition in mptcp_schedule_work() |
| CVE-2025-40259 | 2025-12-04 | scsi: sg: Do not sleep in atomic context |
| CVE-2025-40260 | 2025-12-04 | sched_ext: Fix scx_enable() crash on helper kthread creation failure |
| CVE-2025-40261 | 2025-12-04 | nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() |
| CVE-2025-40262 | 2025-12-04 | Input: imx_sc_key - fix memory corruption on unload |
| CVE-2025-40263 | 2025-12-04 | Input: cros_ec_keyb - fix an invalid memory access |
| CVE-2025-40264 | 2025-12-04 | be2net: pass wrb_params in case of OS2BMC |
| CVE-2025-40265 | 2025-12-04 | vfat: fix missing sb_min_blocksize() return value checks |
| CVE-2025-40266 | 2025-12-04 | KVM: arm64: Check the untrusted offset in FF-A memory share |
| CVE-2025-66516 | 2025-12-04 | Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected |
| CVE-2025-66287 | 2025-12-04 | Webkitgtk: processing maliciously crafted web content may lead to an unexpected process crash |
| CVE-2025-14011 | 2025-12-04 | JIZHICMS Add Display Name Field addcomment.html commentlist sql injection |
| CVE-2025-14012 | 2025-12-04 | JIZHICMS Batch Delete Comments deleteAll.html delete sql injection |
| CVE-2025-9127 | 2025-12-04 | PX Enterprise Improper Sanitization Vulnerability |
| CVE-2025-14013 | 2025-12-04 | JIZHICMS Comment addcomment.html cross site scripting |
| CVE-2025-13488 | 2025-12-04 | Nexus Repository 3 - Stored Cross-Site Scripting (XSS) |
| CVE-2025-14015 | 2025-12-04 | H3C Magic B0 aspForm EditWlanMacList buffer overflow |
| CVE-2025-14016 | 2025-12-04 | macrozheng mall-swarm delete improper authorization |
| CVE-2025-65945 | 2025-12-04 | auth0/node-jws improper HMAC signature verification vulnerability |
| CVE-2025-12097 | 2025-12-04 | There is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure. Successful exploitation requires an attacker to send a specially crafted request... |
| CVE-2025-65958 | 2025-12-04 | Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web |
| CVE-2025-12994 | 2025-12-04 | Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This... |
| CVE-2025-12995 | 2025-12-04 | Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances.... |
| CVE-2025-12996 | 2025-12-04 | Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects... |
| CVE-2025-12997 | 2025-12-04 | Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint... |
| CVE-2025-13543 | 2025-12-04 | PostGallery <= 1.12.5 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2025-27935 | 2025-12-04 | Authentication Bypass in OTP (One-time Passcode) IdP Adapter Integration Kit |
| CVE-2023-53734 | 2025-12-04 | dawa-pharma-1.0 - SQL Injection via Email Parameter |
| CVE-2023-53735 | 2025-12-04 | WEBIGniter 28.7.23 Cross-Site Scripting (XSS) in User Creation Process |
| CVE-2024-58275 | 2025-12-04 | Easywall 0.3.1 - Authentication Bypass via Command Injection in /ports-save Endpoint |
| CVE-2024-58276 | 2025-12-04 | Obi08-Enrollment System 1.0 login.php SQL Injection |
| CVE-2024-58277 | 2025-12-04 | R Radio Network FM Transmitter 1.07 System Settings Disclosure |
| CVE-2024-58278 | 2025-12-04 | IndigoSTAR Software - perl2exe <= V30.10C - Arbitrary Code Execution |
| CVE-2025-66555 | 2025-12-04 | AirKeyboard iOS App 1.0.5 - Remote Input Injection |
| CVE-2025-66571 | 2025-12-04 | UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection |
| CVE-2025-66572 | 2025-12-04 | Loaded Commerce 6.6 Client-Side Template Injection(CSTI) |
| CVE-2025-66573 | 2025-12-04 | Solstice Pod API Session Key Extraction via API Endpoint |
| CVE-2025-66574 | 2025-12-04 | TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) |
| CVE-2025-66575 | 2025-12-04 | VeeVPN 1.6.1 - Unquoted Service Path Remote Code Execution |
| CVE-2025-66576 | 2025-12-04 | Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE) |
| CVE-2025-65959 | 2025-12-04 | Open WebUI vulnerable to Stored DOM XSS via Note 'Download PDF' |
| CVE-2025-66479 | 2025-12-04 | Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing |
| CVE-2025-66237 | 2025-12-04 | Sunbird DCIM dcTrack and Power IQ Use of Hard-coded Credentials |
| CVE-2025-66238 | 2025-12-04 | Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel |
| CVE-2025-13932 | 2025-12-04 | The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by altering... |
| CVE-2025-10285 | 2025-12-04 | Simplcity Device Manager exposes NTLMv2 hash |
| CVE-2025-12026 | 2025-12-04 | WatchGuard Firebox Authenticated Out of Bounds Write in certd |
| CVE-2025-12195 | 2025-12-04 | WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI IPSec Configuration |
| CVE-2025-53704 | 2025-12-04 | MAXHUB Pivot Weak Password Recovery Mechanism for Forgotten Password |
| CVE-2025-12196 | 2025-12-04 | WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI Ping Command |
| CVE-2025-13936 | 2025-12-04 | WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Tigerpaw Technology Integration Configuration |
| CVE-2025-13937 | 2025-12-04 | WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technology Integration Configuration |
| CVE-2025-13938 | 2025-12-04 | WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Autotask Technology Integration Configuration |
| CVE-2025-13939 | 2025-12-04 | WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Gateway Wireless Controller |
| CVE-2025-13940 | 2025-12-04 | WatchGuard Firebox Boot Time System Integrity Check Bypass |
| CVE-2025-11838 | 2025-12-04 | WatchGuard Firebox iked Memory Corruption Vulnerability |
| CVE-2025-1545 | 2025-12-04 | WatchGuard Firebox XPath Injection Vulnerability in Web CGI |
| CVE-2025-6946 | 2025-12-04 | WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in IPS Configuration |
| CVE-2025-12986 | 2025-12-04 | Denial of Service Vulnerability in Silicon Labs WF200 and WGM160P Devices |
| CVE-2025-1910 | 2025-12-04 | WatchGuard Mobile VPN with SSL Local Privilege Escalation via Update Package |
| CVE-2025-66506 | 2025-12-04 | Fulcio allocates excessive memory during token parsing |
| CVE-2025-66509 | 2025-12-04 | LaraDashboard: 1-Click Pre-Auth RCE via Host Header + Module Installation Chain |
| CVE-2025-1547 | 2025-12-04 | WatchGuard Firebox Authenticated Stack Overflow in Certificate Request Command |
| CVE-2025-66559 | 2025-12-04 | Taiko Alethia Pacaya inbox verification pointer corruption |
| CVE-2025-66561 | 2025-12-04 | SysReptor Vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2025-14051 | 2025-12-04 | youlaitech youlai-mall addresses deleteAddress improper control of dynamically-identified variables |
| CVE-2025-66563 | 2025-12-04 | Monkeytype vulnerable to stored XSS in approve quotes page |
| CVE-2025-66564 | 2025-12-04 | Sigstore Timestamp Authority allocates excessive memory during request parsing |
| CVE-2025-13373 | 2025-12-04 | Advantech iView SQL Injection |
| CVE-2016-20023 | 2025-12-05 | In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided. |
| CVE-2025-32898 | 2025-12-05 | The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop,... |
| CVE-2025-32899 | 2025-12-05 | In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over broadcast UDP. |
| CVE-2025-32900 | 2025-12-05 | In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE... |
| CVE-2025-32901 | 2025-12-05 | In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash. |
| CVE-2025-64052 | 2025-12-05 | An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to execute arbitrary system commands. |
| CVE-2025-64053 | 2025-12-05 | A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint. |
| CVE-2025-64054 | 2025-12-05 | A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to... |
| CVE-2025-64056 | 2025-12-05 | File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store arbitrary files on the filesystem. |
| CVE-2025-64057 | 2025-12-05 | Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified... |
| CVE-2025-65730 | 2025-12-05 | Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a hardcoded secret for signing JWT tokens used for authentication. |
| CVE-2025-65878 | 2025-12-05 | The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint `/file/showImageByPath` does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary... |
| CVE-2025-65879 | 2025-12-05 | Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOAD_PATH and passed to... |
| CVE-2025-65897 | 2025-12-05 | zdh_web is a data collection, processing, monitoring, scheduling, and management platform. In zdh_web thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write... |
| CVE-2025-66270 | 2025-12-05 | The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE... |
| CVE-2025-66644 | 2025-12-05 | Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025. |
| CVE-2025-14052 | 2025-12-05 | youlaitech youlai-mall members getMemberById access control |
| CVE-2025-62223 | 2025-12-05 | Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability |