Total
4305 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47222 | 1 Keyfactor | 1 Signserver | 2025-12-17 | N/A | 6.5 MEDIUM |
| A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information about the classes loaded in the application or not to the clientside. | |||||
| CVE-2025-47221 | 1 Keyfactor | 1 Signserver | 2025-12-17 | N/A | 5.3 MEDIUM |
| An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISK_FILENAME-PATTERN, ARCHIVETODISK_PATH_BASE, ARCHIVETODISK_PATH_PATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admin access the possibility to write files in arbitrary directories in the server file system and potentially overwrite files accessible by the local user JBoss. | |||||
| CVE-2025-47220 | 1 Keyfactor | 1 Signserver | 2025-12-17 | N/A | 5.3 MEDIUM |
| A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLE_SIGNATURE_CUSTOM_IMAGE_PATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an existing file, readable by the user running the application server, but is not a recognized image format, it will return this as an error to the clientside, confirming the existences of the file. | |||||
| CVE-2025-55895 | 1 Totolink | 4 A3300r, A3300r Firmware, N200re and 1 more | 2025-12-17 | N/A | 9.1 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 and N200RE V9.3.5u.6448_B20240521 and V9.3.5u.6437_B20230519 are vulnerable to Incorrect Access Control. Attackers can send payloads to the interface without logging in (remote). | |||||
| CVE-2025-67715 | 1 Weblate | 1 Weblate | 2025-12-17 | N/A | 4.3 MEDIUM |
| Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue. | |||||
| CVE-2025-63363 | 1 Waveshare | 2 Rs232\/485 To Wifi Eth \(b\), Rs232\/485 To Wifi Eth \(b\) Firmware | 2025-12-16 | N/A | 7.5 HIGH |
| A lack of Management Frame Protection in Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to execute de-authentication attacks, allowing crafted deauthentication and disassociation frames to be broadcast without authentication or encryption. | |||||
| CVE-2025-14642 | 1 Carmelo | 1 Computer Laboratory System | 2025-12-16 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in code-projects Computer Laboratory System 1.0. Impacted is an unknown function of the file technical_staff_pic.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-14641 | 1 Carmelo | 1 Computer Laboratory System | 2025-12-16 | 5.8 MEDIUM | 4.7 MEDIUM |
| A flaw has been found in code-projects Computer Laboratory System 1.0. This issue affects some unknown processing of the file admin/admin_pic.php. This manipulation of the argument image causes unrestricted upload. The attack may be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2025-14530 | 1 Remyandrade | 1 Real Estate Property Listing App | 2025-12-16 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-40939 | 1 Siemens | 2 Simatic Cn 4100, Simatic Cn 4100 Firmware | 2025-12-16 | N/A | 4.6 MEDIUM |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device contains a USB port which allows unauthenticated connections. This could allow an attacker with physical access to the device to trigger reboot that could cause denial of service condition. | |||||
| CVE-2025-43404 | 1 Apple | 1 Macos | 2025-12-15 | N/A | 3.3 LOW |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. | |||||
| CVE-2025-43393 | 1 Apple | 1 Macos | 2025-12-15 | N/A | 5.2 MEDIUM |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to break out of its sandbox. | |||||
| CVE-2025-43351 | 1 Apple | 1 Macos | 2025-12-15 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data. | |||||
| CVE-2025-14528 | 1 Dlink | 2 Dir-803, Dir-803 Firmware | 2025-12-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-14660 | 2025-12-15 | 5.1 MEDIUM | 5.6 MEDIUM | ||
| A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 1.0.0-alpha.32 addresses this issue. Patch name: 5f7315e05852faf3a9c177c0a34f9ea9b0371d3d. It is recommended to upgrade the affected component. | |||||
| CVE-2025-62474 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2025-12-12 | N/A | 7.8 HIGH |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59517 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-12-12 | N/A | 7.8 HIGH |
| Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-64897 | 1 Adobe | 1 Coldfusion | 2025-12-12 | N/A | 5.6 MEDIUM |
| ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized write access potentially resulting in denial of service. Exploitation of this issue requires user interaction. | |||||
| CVE-2025-64669 | 1 Microsoft | 1 Windows Admin Center | 2025-12-12 | N/A | 7.8 HIGH |
| Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-25950 | 1 Serosoft | 1 Academia Student Information System | 2025-12-12 | N/A | 8.1 HIGH |
| Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account. | |||||