Total
325097 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68163 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | 3.5 Low |
| In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page | ||||
| CVE-2025-68164 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | 2.7 Low |
| In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test | ||||
| CVE-2025-68165 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | 5.4 Medium |
| In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup | ||||
| CVE-2025-68166 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | 5.4 Medium |
| In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab | ||||
| CVE-2025-38237 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-18 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() In fimc_is_hw_change_mode(), the function changes camera modes without waiting for hardware completion, risking corrupted data or system hangs if subsequent operations proceed before the hardware is ready. Add fimc_is_hw_wait_intmsr0_intmsd0() after mode configuration, ensuring hardware state synchronization and stable interrupt handling. | ||||
| CVE-2025-68267 | 1 Jetbrains | 1 Teamcity | 2025-12-18 | 6.5 Medium |
| In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token | ||||
| CVE-2025-67174 | 1 Ritecms | 1 Ritecms | 2025-12-18 | 6.2 Medium |
| A local file inclusion (LFI) vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the admin_language_file and default_page_language_file in the admin.php component | ||||
| CVE-2025-67173 | 1 Ritecms | 1 Ritecms | 2025-12-18 | 6.8 Medium |
| A Cross-Site Request Forgery (CSRF) in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request. | ||||
| CVE-2025-67171 | 1 Ritecms | 1 Ritecms | 2025-12-18 | 7.5 High |
| Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal. | ||||
| CVE-2025-67170 | 1 Ritecms | 1 Ritecms | 2025-12-18 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload. | ||||
| CVE-2025-67168 | 1 Ritecms | 1 Ritecms | 2025-12-18 | 5.3 Medium |
| RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords. | ||||
| CVE-2025-67172 | 1 Ritecms | 1 Ritecms | 2025-12-18 | 7.2 High |
| RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the parse_special_tags() function. | ||||
| CVE-2025-67074 | 1 Tenda | 2 Ac10v4, Ac10v4 Firmware | 2025-12-18 | 6.5 Medium |
| A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan. | ||||
| CVE-2025-66953 | 1 Nardamiteq | 1 Upc2 | 2025-12-18 | 8.8 High |
| CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.17 allows a remote attacker to execute arbitrary code via the Web-based management interface and specifically the /system_setup.htm, /set_clock.htm, /receiver_setup.htm, /cal.htm?..., and /channel_setup.htm endpoints | ||||
| CVE-2025-53398 | 1 Portrait | 1 Dell Color Management Application | 2025-12-18 | 7.8 High |
| The Portrait Dell Color Management application 3.3.8 for Dell monitors has Insecure Permissions, | ||||
| CVE-2025-26794 | 1 Exim | 1 Exim | 2025-12-18 | 7.5 High |
| Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.) | ||||
| CVE-2024-46062 | 2 Anaconda, Apple | 2 Miniconda3, Macos | 2025-12-18 | 7.8 High |
| Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user. | ||||
| CVE-2024-46060 | 2 Anaconda, Apple | 2 Anaconda3, Macos | 2025-12-18 | 7.8 High |
| Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user. | ||||
| CVE-2023-53923 | 1 Ulicms | 1 Ulicms | 2025-12-18 | 9.8 Critical |
| UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST request to /dist/admin/index.php with specific parameters to generate a new admin user with full system access. | ||||
| CVE-2023-53917 | 1 Powerstonegh | 1 Affiliate Me | 2025-12-18 | 6.5 Medium |
| Affiliate Me version 5.0.1 contains a SQL injection vulnerability in the admin.php endpoint that allows authenticated administrators to manipulate database queries. Attackers can exploit the 'id' parameter with crafted union-based queries to extract sensitive user information including usernames and password hashes. | ||||