Total
324650 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14081 | 2 Ultimatemember, Wordpress | 2 Ultimate Member, Wordpress | 2025-12-18 | 4.3 Medium |
| The Ultimate Member plugin for WordPress is vulnerable to Profile Privacy Setting Bypass in all versions up to, and including, 2.11.0. This is due to a flaw in the secure fields mechanism where field keys are stored in the allowed fields list before the `required_perm` check is applied during rendering. This makes it possible for authenticated attackers with Subscriber-level access to modify their profile privacy settings (e.g., setting profile to "Only me") via direct parameter manipulation, even when the administrator has explicitly disabled the option for their role. | ||||
| CVE-2025-14266 | 1 Ercom | 1 Cryptobox | 2025-12-18 | N/A |
| CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires the administrator to browse a malicious web site or to click a link while he has an open session on the administration console. | ||||
| CVE-2025-14759 | 1 Amazon | 1 Aws S3 Encryption Client Dotnet | 2025-12-18 | 5.3 Medium |
| Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for .NET to version 3.2.0 or later. | ||||
| CVE-2025-14760 | 1 Amazon | 1 Aws Sdk Cpp | 2025-12-18 | 5.3 Medium |
| Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for C++ to version 1.11.712 or later | ||||
| CVE-2025-14763 | 1 Amazon | 1 Aws S3 Encryption Client Java | 2025-12-18 | 5.3 Medium |
| Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for Java to version 4.0.0 or later. | ||||
| CVE-2025-14764 | 1 Amazon | 1 Aws S3 Encryption Client Go | 2025-12-18 | 5.3 Medium |
| Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for Go to version 4.0 or later. | ||||
| CVE-2025-26381 | 1 Johnsoncontrols | 1 Openblue Workplace | 2025-12-18 | N/A |
| Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information. | ||||
| CVE-2025-59849 | 1 Hcltech | 1 Bigfix Remote Control | 2025-12-18 | 4.7 Medium |
| Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages. | ||||
| CVE-2025-66029 | 1 Osc | 1 Open Ondemand | 2025-12-18 | 7.6 High |
| Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin servers. This means malicious users can create an origin server on a compute node that record these headers when unsuspecting users connect to it. Maintainers anticipate a patch in a 4.1 release. Workarounds exist for 4.0.x versions. Using `custom_location_directives` in `ood_portal.yml` in version 4.0.x (not available for versions below 4.0) centers can unset and or edit these headers. Note that `OIDCPassClaimsAs both` is the default and centers can set `OIDCPassClaimsAs ` to `none` or `environment` to stop passing these headers to the client. Centers that have an OIDC provider with the `OIDCPassClaimsAs` with `none` or `environment` settings can adjust the settings using guidance provided in GHSA-2cwp-8g29-9q32 to unset the mod_auth_openidc_session cookies. | ||||
| CVE-2025-66646 | 1 Riot-os | 1 Riot | 2025-12-18 | N/A |
| RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When receiving an fragmented IPv6 packet with fragment offset 0 and an empty payload, the payload pointer is set to NULL. However, the implementation still tries to copy the payload into the reassembly buffer, resulting in a NULL pointer dereference which crashes the OS (DoS). To trigger the vulnerability, the `gnrc_ipv6_ext_frag` module must be enabled and the attacker must be able to send arbitrary IPv6 packets to the victim. RIOT OS v2025.10 fixes the issue. | ||||
| CVE-2025-67285 | 1 Itsourcecode | 1 Covid Tracking System | 2025-12-18 | 7.3 High |
| A SQL injection vulnerability was found in the '/cts/admin/?page=zone' file of ITSourcecode COVID Tracking System Using QR-Code v1.0. The reason for this issue is that attackers inject malicious code from the parameter 'id' and use it directly in SQL queries without the need for appropriate cleaning or validation. | ||||
| CVE-2025-67781 | 2 Drivelock, Microsoft | 2 Drivelock, Windows | 2025-12-18 | 9.9 Critical |
| An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate privileged processes to gain more privileges on Windows computers. | ||||
| CVE-2025-68129 | 1 Auth0 | 1 Auth0-php | 2025-12-18 | 6.8 Medium |
| Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if they use Auth0-PHP SDK versions between v8.0.0 and v8.17.0, or applications using the following SDKs that rely on the Auth0-PHP SDK versions between v8.0.0 and v8.17.0: Auth0/symfony versions between 5.0.0 and 5.5.0, Auth0/laravel-auth0 versions between 7.0.0 and 7.19.0, and/or Auth0/wordpress plugin versions between 5.0.0-BETA0 and 5.4.0. Auth0/Auth0-PHP version 8.18.0 contains a patch for the issue. | ||||
| CVE-2025-68143 | 1 Modelcontextprotocol | 1 Servers | 2025-12-18 | N/A |
| Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2025.9.25, the git_init tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, git_init could operate on any directory accessible to the server process, making those directories eligible for subsequent git operations. The tool was removed entirely, as the server is intended to operate on existing repositories only. Users are advised to upgrade to 2025.9.25 or newer to remediate this issue. | ||||
| CVE-2025-68144 | 1 Modelcontextprotocol | 1 Servers | 2025-12-18 | N/A |
| In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` for `git_diff`) would be interpreted as command-line options rather than git refs, enabling arbitrary file overwrites. The fix adds validation that rejects arguments starting with - and verifies the argument resolves to a valid git ref via rev_parse before execution. Users are advised to update to 2025.12.17 resolve this issue when it is released. | ||||
| CVE-2025-12885 | 2 Awsm, Wordpress | 2 Embed Any Document, Wordpress | 2025-12-18 | 6.4 Medium |
| The Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sanitize_pdf_src function regex bypass in all versions up to, and including, 2.7.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-14841 | 1 Offis | 1 Dcmtk | 2025-12-18 | 3.3 Low |
| A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null pointer dereference. The attack requires local access. Upgrading to version 3.7.0 is sufficient to resolve this issue. Patch name: ffb1a4a37d2c876e3feeb31df4930f2aed7fa030. You should upgrade the affected component. | ||||
| CVE-2025-14856 | 1 Y Project | 1 Ruoyi | 2025-12-18 | 6.3 Medium |
| A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment leads to code injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-27063 | 1 Qualcomm | 1 Snapdragon | 2025-12-18 | 7.8 High |
| Memory corruption during video playback when video session open fails with time out error. | ||||
| CVE-2025-47319 | 1 Qualcomm | 1 Snapdragon | 2025-12-18 | 6.7 Medium |
| Information disclosure while exposing internal TA-to-TA communication APIs to HLOS | ||||