Total
323680 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50361 | 1 Smallbasic | 1 Smallbasic | 2025-12-18 | 5.1 Medium |
| Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL Before v12_28, and commit sha:298a1d495355959db36451e90a0ac74bcc5593fe in the function main.cpp, which can lead to potential information leakage and crash. | ||||
| CVE-2025-67794 | 1 Drivelock | 1 Drivelock | 2025-12-18 | 8.4 High |
| An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent. | ||||
| CVE-2025-67793 | 1 Drivelock | 1 Drivelock | 2025-12-18 | 9.8 Critical |
| An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the Administrator role. This issue mainly affects cloud multi-tenant deployments; on-prem single-tenant installations are typically not impacted because local admins usually already have Supervisor privileges. | ||||
| CVE-2025-67792 | 2 Drivelock, Microsoft | 2 Drivelock, Windows | 2025-12-18 | 7.8 High |
| An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows computers. | ||||
| CVE-2025-67791 | 1 Drivelock | 1 Drivelock | 2025-12-18 | 9.8 Critical |
| An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete configuration (agent authentication) in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES (DriveLock Enterprise Service). | ||||
| CVE-2025-67790 | 2 Drivelock, Microsoft | 2 Drivelock, Windows | 2025-12-18 | 9.8 Critical |
| An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen Of Death (BSOD) on Windows computers by using an IOCTL and an unterminated string. | ||||
| CVE-2025-66126 | 1 Wordpress | 1 Wordpress | 2025-12-18 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in wowpress.host Fix Media Library wow-media-library-fix allows Retrieve Embedded Sensitive Data.This issue affects Fix Media Library: from n/a through <= 2.0. | ||||
| CVE-2025-65754 | 1 Algernon Project | 1 Algernon | 2025-12-18 | 6.1 Medium |
| Cross Site Scripting vulnerability in Algernon v1.17.4 allows attackers to execute arbitrary code via injecting a crafted payload into a filename. | ||||
| CVE-2025-64634 | 2 Theme-fusion, Wordpress | 2 Avada, Wordpress | 2025-12-18 | 8.8 High |
| Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from n/a through <= 7.13.1. | ||||
| CVE-2025-63094 | 1 Openxiangshan | 1 Xiangshan | 2025-12-18 | 7.5 High |
| XiangShan Nanhu V2 and XiangShan Kunmighu V3 were discovered to use speculative execution and indirect branch prediction, allowing attackers to access sensitive information via side-channel analysis of the data cache. | ||||
| CVE-2025-56431 | 1 Fearlessgeekmedia | 1 Fearlesscms | 2025-12-18 | 7.5 High |
| Directory Traversal vulnerability in Fearless Geek Media FearlessCMS v.0.0.2-15 allows a remote attacker to cause a denial of service via the plugin-handler.php and the file_get_contents() function. | ||||
| CVE-2025-56430 | 1 Fearlessgeekmedia | 1 Fearlesscms | 2025-12-18 | 7.5 High |
| Directory Traversal vulnerability in Fearless Geek Media FearlessCMS v.0.0.2-15 allows a remote attacker to cause a denial of service via the plugin-handler.php and the deleteDirectory function. | ||||
| CVE-2025-56429 | 1 Fearlessgeekmedia | 1 Fearlesscms | 2025-12-18 | 6.1 Medium |
| Cross Site Scripting vulnerability in Fearless Geek Media FearlessCMS v.0.0.2-15 allows a remote attacker to obtain sensitive information via the login.php component. | ||||
| CVE-2025-46292 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2025-12-18 | 5.5 Medium |
| This issue was addressed with additional entitlement checks. This issue is fixed in iOS 26.2 and iPadOS 26.2, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to access user-sensitive data. | ||||
| CVE-2025-46291 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-18 | 9.8 Critical |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may bypass Gatekeeper checks. | ||||
| CVE-2025-46288 | 1 Apple | 9 Ios, Ipad Os, Ipados and 6 more | 2025-12-18 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2, macOS Tahoe 26.2. An app may be able to access sensitive payment tokens. | ||||
| CVE-2025-46283 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-18 | 5.5 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-46282 | 1 Apple | 3 Macos, Macos Tahoe, Safari | 2025-12-18 | 5.5 Medium |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-46281 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-18 | 8.4 High |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of its sandbox. | ||||
| CVE-2025-46279 | 1 Apple | 11 Ios, Ipad Os, Ipados and 8 more | 2025-12-18 | 9.8 Critical |
| A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. An app may be able to identify what other apps a user has installed. | ||||