Total
3550 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14642 | 1 Carmelo | 1 Computer Laboratory System | 2025-12-16 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in code-projects Computer Laboratory System 1.0. Impacted is an unknown function of the file technical_staff_pic.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-14641 | 1 Carmelo | 1 Computer Laboratory System | 2025-12-16 | 5.8 MEDIUM | 4.7 MEDIUM |
| A flaw has been found in code-projects Computer Laboratory System 1.0. This issue affects some unknown processing of the file admin/admin_pic.php. This manipulation of the argument image causes unrestricted upload. The attack may be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2025-14530 | 1 Remyandrade | 1 Real Estate Property Listing App | 2025-12-16 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-40939 | 1 Siemens | 2 Simatic Cn 4100, Simatic Cn 4100 Firmware | 2025-12-16 | N/A | 4.6 MEDIUM |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device contains a USB port which allows unauthenticated connections. This could allow an attacker with physical access to the device to trigger reboot that could cause denial of service condition. | |||||
| CVE-2025-43404 | 1 Apple | 1 Macos | 2025-12-15 | N/A | 3.3 LOW |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. | |||||
| CVE-2025-43393 | 1 Apple | 1 Macos | 2025-12-15 | N/A | 5.2 MEDIUM |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to break out of its sandbox. | |||||
| CVE-2025-43351 | 1 Apple | 1 Macos | 2025-12-15 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data. | |||||
| CVE-2025-14528 | 1 Dlink | 2 Dir-803, Dir-803 Firmware | 2025-12-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-14660 | 2025-12-15 | 5.1 MEDIUM | 5.6 MEDIUM | ||
| A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 1.0.0-alpha.32 addresses this issue. Patch name: 5f7315e05852faf3a9c177c0a34f9ea9b0371d3d. It is recommended to upgrade the affected component. | |||||
| CVE-2025-62474 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2025-12-12 | N/A | 7.8 HIGH |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59517 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-12-12 | N/A | 7.8 HIGH |
| Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-64897 | 1 Adobe | 1 Coldfusion | 2025-12-12 | N/A | 5.6 MEDIUM |
| ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized write access potentially resulting in denial of service. Exploitation of this issue requires user interaction. | |||||
| CVE-2025-64669 | 1 Microsoft | 1 Windows Admin Center | 2025-12-12 | N/A | 7.8 HIGH |
| Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-25950 | 1 Serosoft | 1 Academia Student Information System | 2025-12-12 | N/A | 8.1 HIGH |
| Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account. | |||||
| CVE-2025-14082 | 2025-12-12 | N/A | 2.7 LOW | ||
| A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint. | |||||
| CVE-2025-63739 | 1 Rockoa | 1 Rockoa | 2025-12-12 | N/A | 4.3 MEDIUM |
| An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint. | |||||
| CVE-2025-63214 | 1 Bridgetech | 5 Vb120, Vb220, Vb330 and 2 more | 2025-12-11 | N/A | 6.5 MEDIUM |
| An issue was discovered in bridgetech VBC Server & Element Manager, firmware version 6.5.0-10 , 6.5.0-9, allowing unauthorized attackers to delete and create arbitrary accounts. | |||||
| CVE-2025-65594 | 1 Os4ed | 1 Opensis | 2025-12-11 | N/A | 8.1 HIGH |
| OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform unauthorized database write operations relating to the data of other users. | |||||
| CVE-2025-9398 | 1 Wanglongcn | 1 Yifang | 2025-12-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A security vulnerability has been detected in YiFang CMS up to 2.0.5. Affected by this vulnerability is the function exportInstallTable of the file app/utils/base/database/Migrate.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9400 | 1 Wanglongcn | 1 Yifang | 2025-12-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in YiFang CMS up to 2.0.5. This affects the function mergeMultipartUpload of the file app/utils/base/plugin/P_file.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||