Total
323686 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14567 | 1 Stock Management System Project | 1 Stock Management System | 2025-12-18 | 5.3 Medium |
| A weakness has been identified in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This affects an unknown function of the file /api/employees. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-68460 | 1 Roundcube | 1 Webmail | 2025-12-18 | 7.2 High |
| Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer. | ||||
| CVE-2025-68461 | 1 Roundcube | 1 Webmail | 2025-12-18 | 7.2 High |
| Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document. | ||||
| CVE-2025-68462 | 1 Debian | 1 Freedombox | 2025-12-18 | 3.2 Low |
| Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases. | ||||
| CVE-2025-43455 | 1 Apple | 5 Ios, Ipados, Iphone Os and 2 more | 2025-12-18 | 5.5 Medium |
| A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, watchOS 26.1, macOS Tahoe 26.1, visionOS 26.1. A malicious app may be able to take a screenshot of sensitive information in embedded views. | ||||
| CVE-2025-43480 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-12-18 | 8.1 High |
| The issue was addressed with improved checks. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. A malicious website may exfiltrate data cross-origin. | ||||
| CVE-2025-43496 | 1 Apple | 7 Ios, Ipad Os, Ipados and 4 more | 2025-12-18 | 7.5 High |
| The issue was addressed by adding additional logic. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. Remote content may be loaded even when the 'Load Remote Images' setting is turned off. | ||||
| CVE-2025-43479 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-18 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-43378 | 1 Apple | 1 Macos | 2025-12-18 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to access sensitive user data. | ||||
| CVE-2025-43440 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2025-12-18 | 6.5 Medium |
| This issue was addressed with improved checks This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-43436 | 1 Apple | 8 Ios, Ipad Os, Ipados and 5 more | 2025-12-18 | 7.5 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to enumerate a user's installed apps. | ||||
| CVE-2025-43338 | 1 Apple | 5 Ios, Ipados, Iphone Os and 2 more | 2025-12-18 | 7.1 High |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26, macOS Sonoma 14.8.2. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | ||||
| CVE-2025-43391 | 1 Apple | 7 Ios, Ipad Os, Ipados and 4 more | 2025-12-18 | 5.5 Medium |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2, iOS 26.1 and iPadOS 26.1. An app may be able to access sensitive user data. | ||||
| CVE-2025-43450 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2025-12-18 | 7.5 High |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to learn information about the current camera view before being granted camera access. | ||||
| CVE-2025-43503 | 1 Apple | 6 Ios, Ipados, Iphone Os and 3 more | 2025-12-18 | 4.3 Medium |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Visiting a malicious website may lead to user interface spoofing. | ||||
| CVE-2025-43411 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-18 | 5.5 Medium |
| This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to access user-sensitive data. | ||||
| CVE-2025-43493 | 1 Apple | 5 Ios, Ipados, Iphone Os and 2 more | 2025-12-18 | 4.3 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Visiting a malicious website may lead to address bar spoofing. | ||||
| CVE-2025-67875 | 1 Churchcrm | 1 Churchcrm | 2025-12-18 | 5.4 Medium |
| ChurchCRM is an open-source church management system. A privilege escalation vulnerability exists in ChurchCRM prior to version 6.5.3. An authenticated user with specific mid-level permissions ("Edit Records" and "Manage Properties and Classifications") can inject a persistent Cross-Site Scripting (XSS) payload into an administrator's profile. The payload executes when the administrator views their own profile page, allowing the attacker to hijack the administrator's session, perform administrative actions, and achieve a full account takeover. This vulnerability is a combination of two separate flaws: an Insecure Direct Object Reference (IDOR) that allows any user to view any other user's profile, and a Broken Access Control vulnerability that allows a user with general edit permissions to modify any other user's record properties. Version 6.5.3 fixes the issue. | ||||
| CVE-2025-43447 | 1 Apple | 5 Ios, Ipados, Iphone Os and 2 more | 2025-12-18 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 26.1 and iPadOS 26.1, watchOS 26.1, macOS Tahoe 26.1, visionOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory. | ||||
| CVE-2025-67876 | 1 Churchcrm | 1 Churchcrm | 2025-12-18 | 5.4 Medium |
| ChurchCRM is an open-source church management system. A stored cross-site scripting (XSS) vulnerability exists in ChurchCRM versions 6.4.0 and prior that allows a low-privilege user with the “Manage Groups” permission to inject persistent JavaScript into group role names. The payload is saved in the database and executed whenever any user (including administrators) views a page that displays that role, such as GroupView.php or PersonView.php. This allows full session hijacking and account takeover. As of time of publication, no known patched versions are available. | ||||