Total
29768 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-47325 | 1 Linux | 1 Linux Kernel | 2025-12-10 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Fix arm_smmu_device refcount leak in address translation The reference counting issue happens in several exception handling paths of arm_smmu_iova_to_phys_hard(). When those error scenarios occur, the function forgets to decrease the refcount of "smmu" increased by arm_smmu_rpm_get(), causing a refcount leak. Fix this issue by jumping to "out" label when those error scenarios occur. | ||||
| CVE-2024-38070 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-12-09 | 7.8 High |
| Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability | ||||
| CVE-2024-38058 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-12-09 | 6.8 Medium |
| BitLocker Security Feature Bypass Vulnerability | ||||
| CVE-2024-38112 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-12-09 | 7.5 High |
| Windows MSHTML Platform Spoofing Vulnerability | ||||
| CVE-2024-38100 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-12-09 | 7.8 High |
| Windows File Explorer Elevation of Privilege Vulnerability | ||||
| CVE-2024-38061 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-12-09 | 7.5 High |
| DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability | ||||
| CVE-2025-61318 | 2 Emlog, Emlog Pro Project | 2 Emlog, Emlog Pro | 2025-12-09 | 5.3 Medium |
| Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. They fail to perform path verification and dangerous code filtering for deletion parameters, allowing attackers to exploit this feature for directory traversal. | ||||
| CVE-2022-29873 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2025-12-09 | 9.8 Critical |
| A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device. | ||||
| CVE-2025-48628 | 1 Google | 1 Android | 2025-12-09 | 7.8 High |
| In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-34671 | 1 Samsung | 1 Internet | 2025-12-06 | 3.3 Low |
| Use of implicit intent for sensitive communication in translation혻in Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability. | ||||
| CVE-2025-21080 | 2 Google, Samsung | 4 Android, Android, Dynamic Lockscreen and 1 more | 2025-12-05 | 6.2 Medium |
| Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege. | ||||
| CVE-2025-20383 | 1 Splunk | 4 Splunk, Splunk Cloud Platform, Splunk Enterprise and 1 more | 2025-12-05 | 4.3 Medium |
| In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive notifications that disclose the title and description of the report or alert even if they do not have access to view the report or alert. | ||||
| CVE-2007-1399 | 2 Pecl Zip, Php | 2 1.8.3, Php | 2025-12-05 | N/A |
| Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback. | ||||
| CVE-2025-20994 | 1 Samsung | 1 Internet | 2025-12-04 | 4.5 Medium |
| Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files. | ||||
| CVE-2025-20995 | 1 Samsung | 1 Internet | 2025-12-04 | 4.9 Medium |
| Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to read and write arbitrary files. | ||||
| CVE-2025-58483 | 2 Google, Samsung | 4 Android, Galaxy Store, Galaxy Watch and 1 more | 2025-12-04 | 5.9 Medium |
| Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store. | ||||
| CVE-2022-50309 | 1 Linux | 1 Linux Kernel | 2025-12-04 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. | ||||
| CVE-2022-50311 | 1 Linux | 1 Linux Kernel | 2025-12-04 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: cxl: Fix refcount leak in cxl_calc_capp_routing of_get_next_parent() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. This function only calls of_node_put() in normal path, missing it in the error path. Add missing of_node_put() to avoid refcount leak. | ||||
| CVE-2022-50318 | 1 Linux | 1 Linux Kernel | 2025-12-04 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() pci_get_device() will increase the reference count for the returned 'dev'. We need to call pci_dev_put() to decrease the reference count. Since 'dev' is only used in pci_read_config_dword(), let's add pci_dev_put() right after it. | ||||
| CVE-2022-50337 | 1 Linux | 1 Linux Kernel | 2025-12-04 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ocxl: fix pci device refcount leak when calling get_function_0() get_function_0() calls pci_get_domain_bus_and_slot(), as comment says, it returns a pci device with refcount increment, so after using it, pci_dev_put() needs be called. Get the device reference when get_function_0() is not called, so pci_dev_put() can be called in the error path and callers unconditionally. And add comment above get_dvsec_vendor0() to tell callers to call pci_dev_put(). | ||||