Lista CVE - 2025 / Dicembre
Visualizzazione 3501 - 3600 di 3706 CVE per Dicembre 2025 (Pagina 36 di 38)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2025-66074 | 2025-12-18 | WordPress WP Webhooks plugin <= 3.3.8 - Arbitrary File Upload vulnerability |
| CVE-2025-66078 | 2025-12-18 | WordPress Hotel Booking Lite plugin <= 5.2.3 - Remote Code Execution (RCE) vulnerability |
| CVE-2025-66088 | 2025-12-18 | WordPress PropertyHive plugin <= 2.1.12 - Broken Access Control vulnerability |
| CVE-2025-66100 | 2025-12-18 | WordPress RestroPress plugin <= 3.2.3.5 - Broken Access Control vulnerability |
| CVE-2025-66102 | 2025-12-18 | WordPress FV Antispam plugin <= 2.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-66104 | 2025-12-18 | WordPress Offload, AI & Optimize with Cloudflare Images plugin <= 1.9.5 - Broken Access Control vulnerability |
| CVE-2025-66116 | 2025-12-18 | WordPress Ultimate Member Widgets for Elementor plugin <= 2.3 - Sensitive Data Exposure vulnerability |
| CVE-2025-66117 | 2025-12-18 | WordPress Easy Form plugin <= 2.7.8 - Broken Access Control vulnerability |
| CVE-2025-66118 | 2025-12-18 | WordPress Sprout Clients plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-66119 | 2025-12-18 | WordPress Hostel plugin <= 1.1.5.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-67546 | 2025-12-18 | WordPress WP ERP plugin <= 1.16.6 - Sensitive Data Exposure vulnerability |
| CVE-2025-14318 | 2025-12-18 | Improper access validation in M-Files Server |
| CVE-2025-14874 | 2025-12-18 | Nodemailer: nodemailer: denial of service via crafted email address header |
| CVE-2025-64997 | 2025-12-18 | Insufficient permission validation when showing agent information |
| CVE-2025-13641 | 2025-12-18 | Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 3.59.12 - Authenticated (Contributor+) Local File Inclusion via 'template' |
| CVE-2025-13730 | 2025-12-18 | OpenID Connect Generic Client <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2025-14364 | 2025-12-18 | Demo Importer Plus <= 2.0.8 - Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege Escalation |
| CVE-2025-40602 | 2025-12-18 | A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC). |
| CVE-2025-10910 | 2025-12-18 | Gaining remote control over Govee devices |
| CVE-2025-14277 | 2025-12-18 | Prime Slider – Addons for Elementor <= 4.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery |
| CVE-2025-14618 | 2025-12-18 | Sweet Energy Efficiency <= 1.0.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Graph Deletion |
| CVE-2025-14437 | 2025-12-18 | Hummingbird <= 3.18.0 - Unauthenticated Sensitive Information Exposure via Log File |
| CVE-2025-13110 | 2025-12-18 | HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr' |
| CVE-2025-40891 | 2025-12-18 | HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0 |
| CVE-2025-40892 | 2025-12-18 | Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0 |
| CVE-2025-40893 | 2025-12-18 | HTML injection in Asset List in Guardian/CMC before 25.5.0 |
| CVE-2025-40898 | 2025-12-18 | Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0 |
| CVE-2025-65000 | 2025-12-18 | Exposure of SSH Private Keys in Remote Alert Handlers (Linux) Rule |
| CVE-2025-9787 | 2025-12-18 | Stored XSS |
| CVE-2025-1029 | 2025-12-18 | Hardcoded Credentials in Utarit Informatics' SoliClub |
| CVE-2025-14744 | 2025-12-18 | Filename spoofing via Unicode Right-to-Left Override in Firefox for iOS |
| CVE-2025-14860 | 2025-12-18 | Use-after-free in the Disability Access APIs component |
| CVE-2025-14861 | 2025-12-18 | Memory safety bugs fixed in Firefox 146.0.1 |
| CVE-2025-64461 | 2025-12-18 | Out of Bounds Write in mgocre_SH_25_3!RevBL() in NI LabVIEW |
| CVE-2025-1030 | 2025-12-18 | Sensitive Data Exposure in Utarit Informatics' SoliClub |
| CVE-2025-64462 | 2025-12-18 | Out-of-Bounds Read in LVResFile::RGetMemFileHandle() in NI LabVIEW |
| CVE-2025-1031 | 2025-12-18 | IDOR in Utarit Informatics' SoliClub |
| CVE-2025-64463 | 2025-12-18 | Out-of-Bounds Read in LVResource::DetachResource() in NI LabVIEW |
| CVE-2025-64464 | 2025-12-18 | Out-of-Bounds Read in lvre!VisaWriteFromFile() in NI LabVIEW |
| CVE-2025-64465 | 2025-12-18 | Out-of-Bounds Read in lvre!DataSizeTDR() in NI LabVIEW |
| CVE-2025-64466 | 2025-12-18 | Out-of-Bounds Read in lvre!ExecPostedProcRecPost() in NI LabVIEW |
| CVE-2025-64467 | 2025-12-18 | Out-of-Bounds Read in LVResFile::FindRsrcListEntry() in NI LabVIEW |
| CVE-2025-7047 | 2025-12-18 | Missing Authorization in Utarit Informatics' SoliClub |
| CVE-2025-7358 | 2025-12-18 | Use of Hard-coded Credentials in Utarit Informatics' SoliClub |
| CVE-2025-64468 | 2025-12-18 | Use-after-Free in sentry!sentry_span_set_data() in NI LabVIEW |
| CVE-2025-64469 | 2025-12-18 | Stack-based Buffer Overflow in LVResource::DetachResource() in NI LabVIEW |
| CVE-2025-68323 | 2025-12-18 | usb: typec: ucsi: fix use-after-free caused by uec->work |
| CVE-2025-68324 | 2025-12-18 | scsi: imm: Fix use-after-free bug caused by unfinished delayed work |
| CVE-2025-68325 | 2025-12-18 | net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop |
| CVE-2025-65007 | 2025-12-18 | Missing Authentication for Critical Function in WODESYS WD-R608U router |
| CVE-2025-65008 | 2025-12-18 | OS Command Injection in WODESYS WD-R608U router |
| CVE-2025-65009 | 2025-12-18 | Insecure Password Storage in WODESYS WD-R608U router |
| CVE-2025-65010 | 2025-12-18 | Missing authorizations for admin panel password change in WODESYS WD-R608U router |
| CVE-2025-65011 | 2025-12-18 | Unauthorized Access to files in WODESYS WD-R608U router |
| CVE-2025-64723 | 2025-12-18 | Arduino IDE for macOS has TCC Bypass via Dynamic Library Injection |
| CVE-2025-64724 | 2025-12-18 | Arduino IDE for macOS has Insecure File Permissions |
| CVE-2025-68278 | 2025-12-18 | tinacms vulnerable to arbitrary code execution |
| CVE-2025-68469 | 2025-12-18 | ImageMagick vulnerable to heap-buffer-overflow |
| CVE-2025-14823 | 2025-12-18 | Certificate Signing Extension Returns Encrypted Values |
| CVE-2025-14877 | 2025-12-18 | Campcodes Supplier Management System add_retailer.php sql injection |
| CVE-2025-14878 | 2025-12-18 | Tenda WH450 HTTP Request wirelessRestart stack-based overflow |
| CVE-2025-66058 | 2025-12-18 | WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.17 - Broken Access Control vulnerability |
| CVE-2025-64355 | 2025-12-18 | WordPress JetElements For Elementor plugin <= 2.7.12 - Cross Site Scripting (XSS) vulnerability |
| CVE-2025-64282 | 2025-12-18 | WordPress Radius Blocks plugin <= 2.2.1 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2025-14896 | 2025-12-18 | due to insufficient sanitazation in Vega’s `convert()` function when `safeMode` is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will... |
| CVE-2025-64236 | 2025-12-18 | WordPress Tuturn plugin < 3.6 - Broken Authentication vulnerability |
| CVE-2025-64235 | 2025-12-18 | WordPress Tuturn plugin < 3.6 - Arbitrary File Download vulnerability |
| CVE-2025-63043 | 2025-12-18 | WordPress Post Grid and Gutenberg Blocks plugin <= 2.3.19 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2025-63002 | 2025-12-18 | WordPress Sermon Manager plugin <= 2.30.0 - Broken Access Control vulnerability |
| CVE-2025-62998 | 2025-12-18 | WordPress WP AI CoPilot plugin <= 1.2.7 - Sensitive Data Exposure vulnerability |
| CVE-2025-62961 | 2025-12-18 | WordPress Sparkle FSE theme <= 1.0.9 - Broken Access Control vulnerability |
| CVE-2025-62960 | 2025-12-18 | WordPress Construction Light theme <= 1.6.7 - Broken Access Control vulnerability |
| CVE-2025-14879 | 2025-12-18 | Tenda WH450 HTTP Request onSSIDChange stack-based overflow |
| CVE-2025-14884 | 2025-12-18 | D-Link DIR-605 Firmware Update Service command injection |
| CVE-2025-14737 | 2025-12-18 | Command Injection Vulnerability in TP-Link WA850RE |
| CVE-2025-14738 | 2025-12-18 | Configuration Disclosure Vulnerability in TP-Link WA850RE |
| CVE-2025-14739 | 2025-12-18 | Uninitialized Pointer Vulnerability in TP-Link WR940N and WR941ND |
| CVE-2025-59949 | 2025-12-18 | FreshRSS has Logout CSRF that Leads to DoS via <track src> |
| CVE-2025-14885 | 2025-12-18 | SourceCodester Client Database Management System Leads Generation user_leads.php unrestricted upload |
| CVE-2025-67745 | 2025-12-18 | Myhoard logs backup encryption key in plain text |
| CVE-2025-64400 | 2025-12-18 | Insufficient permission checks when pre-enrolling users Summary |
| CVE-2019-25228 | 2025-12-18 | Kentico Xperience <= 12.0.47 Virtual Context Information Disclosure |
| CVE-2019-25229 | 2025-12-18 | Kentico Xperience <= 12.0.29 MVC Forms Unrestricted File Upload |
| CVE-2019-25230 | 2025-12-18 | Kentico Xperience <= 12.0.0 User Widget Information Disclosure |
| CVE-2020-36889 | 2025-12-18 | Kentico Xperience <= 12.0.90 Administration Interface Stored XSS |
| CVE-2020-36890 | 2025-12-18 | Kentico Xperience <= 10 Administrator Access Control Bypass |
| CVE-2020-36891 | 2025-12-18 | Kentico Xperience <= 12.0.49 File Upload Stored XSS |
| CVE-2021-47711 | 2025-12-18 | Kentico Xperience <= 13.0.52 Online Marketing Macros SQL Injection |
| CVE-2021-47712 | 2025-12-18 | Kentico Xperience <= 12.0.102 URL Hashing Cryptography Vulnerability |
| CVE-2022-50680 | 2025-12-18 | Kentico Xperience <= 13.0.92 Email Marketing Stored XSS |
| CVE-2022-50681 | 2025-12-18 | Kentico Xperience <= 13.0.88 Rich Text Editor Reflected XSS |
| CVE-2022-50682 | 2025-12-18 | Kentico Xperience <= 13.0.79 Routing Engine CRLF Injection |
| CVE-2022-50683 | 2025-12-18 | Kentico Xperience <= 13.0.74 Form Configuration Stored XSS |
| CVE-2022-50684 | 2025-12-18 | Kentico Xperience <= 13.0.71 Form Emails HTML Injection |
| CVE-2022-50685 | 2025-12-18 | Kentico Xperience <= 13.0.56 File Upload Stored XSS |
| CVE-2022-50686 | 2025-12-18 | Kentico Xperience <= 12.0 Portal Engine Form Control Information Disclosure |
| CVE-2023-53736 | 2025-12-18 | Kentico Xperience <= 13.0.120 Administration Interface Reflected XSS |
| CVE-2023-53737 | 2025-12-18 | Kentico Xperience <= 13.0.101 Localization Application Stored XSS |
| CVE-2023-53738 | 2025-12-18 | Kentico Xperience <= 13.0.109 Page Preview Reflected XSS |
| CVE-2023-53934 | 2025-12-18 | Kentico Xperience <= 12.0.98 GetResource Handler Denial of Service |