Total
325392 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68145 | 1 Modelcontextprotocol | 1 Servers | 2025-12-18 | N/A |
| In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within that configured path. This could allow tool calls to operate on other repositories accessible to the server process. The fix adds path validation that resolves both the configured repository and the requested path (following symlinks) and verifies the requested path is within the allowed repository before executing any git operations. Users are advised to upgrade to 2025.12.17 upon release to remediate this issue. | ||||
| CVE-2025-67073 | 1 Tenda | 2 Ac10v4, Ac10v4 Firmware | 2025-12-18 | 9.8 Critical |
| A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan. | ||||
| CVE-2025-65203 | 1 Keepassxc | 1 Keepassxc-browser | 2025-12-18 | 7.1 High |
| KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directive and iframe attribute sandbox, allowing attacker-controlled script in the sandboxed document to access populated form fields and exfiltrate credentials. | ||||
| CVE-2025-67165 | 1 Pagekit | 1 Pagekit | 2025-12-18 | 9.8 Critical |
| An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges. | ||||
| CVE-2025-67164 | 1 Pagekit | 1 Pagekit | 2025-12-18 | 9.9 Critical |
| An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2025-53919 | 1 Portrait | 1 Dell Color Management Application | 2025-12-18 | 7.8 High |
| An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevation of privileges. | ||||
| CVE-2025-44005 | 1 Smallstep | 1 Step-ca | 2025-12-18 | 10 Critical |
| An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks. | ||||
| CVE-2022-23851 | 1 Netaxis | 1 Apio | 2025-12-18 | 9.8 Critical |
| Netaxis API Orchestrator (APIO) before 0.19.3 allows server side template injection (SSTI). | ||||
| CVE-2025-65233 | 1 Slims | 1 Slims 9 Bulian | 2025-12-18 | 6.1 Medium |
| Reflected cross-site scripting (XSS) in SLiMS (slims9_bulian) before 9.6.0 via improper handling of $_SERVER['PHP_SELF' ] in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path. | ||||
| CVE-2025-65185 | 1 Entrinsik | 1 Informer | 2025-12-18 | 2.8 Low |
| There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an OTP code and new password then reviewing application responses. | ||||
| CVE-2025-47387 | 1 Qualcomm | 1 Snapdragon | 2025-12-18 | 7.8 High |
| Memory Corruption when processing IOCTLs for JPEG data without verification. | ||||
| CVE-2025-47382 | 1 Qualcomm | 1 Snapdragon | 2025-12-18 | 7.8 High |
| Memory corruption while loading an invalid firmware in boot loader. | ||||
| CVE-2025-47322 | 1 Qualcomm | 1 Snapdragon | 2025-12-18 | 7.8 High |
| Memory corruption while handling IOCTL calls to set mode. | ||||
| CVE-2025-14762 | 1 Amazon | 1 Aws Sdk Ruby | 2025-12-18 | 5.3 Medium |
| Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for Ruby to version 1.208.0 or later. | ||||
| CVE-2025-61736 | 1 Johnsoncontrols | 5 Istar Edge, Istar Ultra, Istar Ultra Lt and 2 more | 2025-12-18 | N/A |
| Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires. | ||||
| CVE-2025-68118 | 2 Freerdp, Microsoft | 2 Freerdp, Windows | 2025-12-18 | N/A |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.0, a vulnerability exists in FreeRDP’s certificate handling code on Windows platforms. The function `freerdp_certificate_data_hash_ uses` the Microsoft-specific `_snprintf` function to format certificate cache filenames without guaranteeing NUL termination when truncation occurs. According to Microsoft documentation, `_snprintf` does not append a terminating NUL byte if the formatted output exceeds the destination buffer size. If an attacker controls the hostname value (for example via server redirection or a crafted .rdp file), the resulting filename buffer may not be NUL-terminated. Subsequent string operations performed on this buffer may read beyond the allocated memory region, resulting in a heap-based out-of-bounds read. In default configurations, the connection is typically terminated before sensitive data can be meaningfully exposed, but unintended memory read or a client crash may still occur under certain conditions. Version 3.20.0 has a patch for the issue. | ||||
| CVE-2025-66647 | 1 Riot-os | 1 Riot | 2025-12-18 | N/A |
| RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When copying the contents of the first fragment (offset=0) into the reassembly buffer, no size check is performed. It is possible to force the creation of a small reassembly buffer by first sending a shorter fragment (also with offset=0). Overflowing the reassembly buffer corrupts the state of other packet buffers which an attacker might be able to used to achieve further memory corruption (potentially resulting in remote code execution). To trigger the vulnerability, the `gnrc_ipv6_ext_frag` module must be included and the attacker must be able to send arbitrary IPv6 packets to the victim. Version 2025.10 fixes the issue. | ||||
| CVE-2025-47323 | 1 Qualcomm | 1 Snapdragon | 2025-12-18 | 7.8 High |
| Memory corruption while routing GPR packets between user and root when handling large data packet. | ||||
| CVE-2023-53904 | 1 Xenforo | 1 Xenforo | 2025-12-18 | 4.6 Medium |
| Xenforo 2.2.13 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the smilie category title parameter. Attackers can create a smilie category with a malicious script that will execute when the admin panel is loaded, potentially enabling further client-side attacks. | ||||
| CVE-2025-43873 | 1 Johnsoncontrols | 6 Edge G2, Istar Edge G2, Istar Ultra and 3 more | 2025-12-18 | N/A |
| Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device. | ||||