Total
34343 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-62570 | 1 Microsoft | 3 Windows 11 24h2, Windows 11 25h2, Windows Server 2025 | 2025-12-10 | N/A | 7.1 HIGH |
| Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-0514 | 1 Libreoffice | 1 Libreoffice | 2025-12-10 | N/A | 7.8 HIGH |
| Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5. | |||||
| CVE-2025-62571 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2025-12-10 | N/A | 7.8 HIGH |
| Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-64670 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 23h2 and 5 more | 2025-12-10 | N/A | 6.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network. | |||||
| CVE-2025-64673 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-12-10 | N/A | 7.8 HIGH |
| Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-1080 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2025-12-10 | N/A | 7.8 HIGH |
| LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments. This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1. | |||||
| CVE-2024-23301 | 4 Fedoraproject, Redhat, Relax-and-recover and 1 more | 4 Fedora, Enterprise Linux, Relax-and-recover and 1 more | 2025-12-10 | N/A | 5.5 MEDIUM |
| Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. | |||||
| CVE-2022-36127 | 1 Apache | 1 Skywalking Nodejs Agent | 2025-12-10 | N/A | 7.5 HIGH |
| A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection. | |||||
| CVE-2025-32328 | 1 Google | 1 Android | 2025-12-09 | N/A | 7.8 HIGH |
| In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32329 | 1 Google | 1 Android | 2025-12-09 | N/A | 7.8 HIGH |
| In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48565 | 1 Google | 1 Android | 2025-12-09 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to bypass the cross profile intent filter due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48588 | 1 Google | 1 Android | 2025-12-09 | N/A | 7.8 HIGH |
| In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48633 | 1 Google | 1 Android | 2025-12-09 | N/A | 5.5 MEDIUM |
| In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-66324 | 1 Huawei | 1 Harmonyos | 2025-12-09 | N/A | 8.4 HIGH |
| Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity. | |||||
| CVE-2025-58279 | 1 Huawei | 1 Harmonyos | 2025-12-09 | N/A | 4.4 MEDIUM |
| Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-66325 | 1 Huawei | 2 Emui, Harmonyos | 2025-12-09 | N/A | 6.2 MEDIUM |
| Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-66329 | 1 Huawei | 2 Emui, Harmonyos | 2025-12-09 | N/A | 4.0 MEDIUM |
| Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-66557 | 1 Nextcloud | 1 Deck | 2025-12-09 | N/A | 5.4 MEDIUM |
| Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This vulnerability is fixed in 1.14.6 and 1.15.2. | |||||
| CVE-2025-48627 | 1 Google | 1 Android | 2025-12-08 | N/A | 7.8 HIGH |
| In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48626 | 1 Google | 1 Android | 2025-12-08 | N/A | 9.8 CRITICAL |
| In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||