Total
34461 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58302 | 1 Huawei | 2 Emui, Harmonyos | 2025-12-02 | N/A | 8.4 HIGH |
| Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-64315 | 1 Huawei | 1 Harmonyos | 2025-12-02 | N/A | 4.4 MEDIUM |
| Configuration defect vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity. | |||||
| CVE-2025-64313 | 1 Huawei | 1 Harmonyos | 2025-12-02 | N/A | 5.3 MEDIUM |
| Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-64311 | 1 Huawei | 1 Harmonyos | 2025-12-02 | N/A | 5.1 MEDIUM |
| Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-58316 | 1 Huawei | 1 Harmonyos | 2025-12-02 | N/A | 7.3 HIGH |
| DoS vulnerability in the video-related system service module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-58315 | 1 Huawei | 1 Harmonyos | 2025-12-02 | N/A | 5.5 MEDIUM |
| Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-58312 | 1 Huawei | 1 Harmonyos | 2025-12-02 | N/A | 5.1 MEDIUM |
| Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-58309 | 1 Huawei | 1 Harmonyos | 2025-12-02 | N/A | 6.8 MEDIUM |
| Permission control vulnerability in the startup recovery module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | |||||
| CVE-2025-58294 | 1 Huawei | 1 Harmonyos | 2025-12-02 | N/A | 6.2 MEDIUM |
| Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-48983 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-12-01 | N/A | 9.9 CRITICAL |
| A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user. | |||||
| CVE-2025-48982 | 1 Veeam | 1 Veeam Agent For Windows | 2025-12-01 | N/A | 7.8 HIGH |
| This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file. | |||||
| CVE-2025-43422 | 1 Apple | 2 Ipados, Iphone Os | 2025-12-01 | N/A | 4.6 MEDIUM |
| The issue was addressed by adding additional logic. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a device may be able to disable Stolen Device Protection. | |||||
| CVE-2025-43360 | 1 Apple | 2 Ipados, Iphone Os | 2025-12-01 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved UI. This issue is fixed in iOS 26 and iPadOS 26. Password fields may be unintentionally revealed. | |||||
| CVE-2025-12762 | 1 Pgadmin | 1 Pgadmin 4 | 2025-12-01 | N/A | 9.1 CRITICAL |
| pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data. | |||||
| CVE-2025-11131 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-01 | N/A | 7.5 HIGH |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | |||||
| CVE-2020-13956 | 4 Apache, Netapp, Oracle and 1 more | 17 Httpclient, Active Iq Unified Manager, Snapcenter and 14 more | 2025-12-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. | |||||
| CVE-2024-23683 | 1 Ls1intum | 1 Artemis Java Test Sandbox | 2025-11-28 | N/A | 8.2 HIGH |
| Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. | |||||
| CVE-2024-23682 | 1 Ls1intum | 1 Artemis Java Test Sandbox | 2025-11-28 | N/A | 8.2 HIGH |
| Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. | |||||
| CVE-2023-30804 | 1 Sangfor | 1 Next-gen Application Firewall | 2025-11-28 | N/A | 4.9 MEDIUM |
| The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803. | |||||
| CVE-2025-12978 | 1 Treasuredata | 1 Fluent Bit | 2025-11-28 | N/A | 5.4 MEDIUM |
| Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed access to these input endpoints can exploit this behavior to manipulate tags and redirect records to unintended destinations. This compromises the authenticity of ingested logs and can allow injection of forged data, alert flooding and routing manipulation. | |||||