| CVE-2025-12029 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
11.12.2025 |
8 |
| CVE-2025-12734 |
Improper Encoding or Escaping of Output in GitLab |
11.12.2025 |
3.5 |
| CVE-2025-14512 |
Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow |
11.12.2025 |
|
| CVE-2025-67738 |
|
11.12.2025 |
8.5 |
| CVE-2025-11247 |
Authorization Bypass Through User-Controlled Key in GitLab |
11.12.2025 |
4.3 |
| CVE-2025-11984 |
Authentication Bypass Using an Alternate Path or Channel in GitLab |
11.12.2025 |
6.8 |
| CVE-2025-4097 |
Allocation of Resources Without Limits or Throttling in GitLab |
11.12.2025 |
6.5 |
| CVE-2025-8405 |
Improper Encoding or Escaping of Output in GitLab |
11.12.2025 |
8.7 |
| CVE-2025-67686 |
|
11.12.2025 |
|
| CVE-2025-67687 |
|
11.12.2025 |
|
| CVE-2025-67688 |
|
11.12.2025 |
|
| CVE-2025-67689 |
|
11.12.2025 |
|
| CVE-2025-67690 |
|
11.12.2025 |
|
| CVE-2025-67691 |
|
11.12.2025 |
|
| CVE-2025-67692 |
|
11.12.2025 |
|
| CVE-2025-67693 |
|
11.12.2025 |
|
| CVE-2025-67694 |
|
11.12.2025 |
|
| CVE-2025-10163 |
List Category Posts <= 0.91.0 - Authenticated (Contributor+) SQL Injection via Plugin's Shortcode |
11.12.2025 |
6.5 |
| CVE-2025-12562 |
Allocation of Resources Without Limits or Throttling in GitLab |
11.12.2025 |
7.5 |
| CVE-2025-12716 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
11.12.2025 |
8.7 |
| CVE-2025-13978 |
Generation of Error Message Containing Sensitive Information in GitLab |
11.12.2025 |
4.3 |
| CVE-2025-14157 |
Allocation of Resources Without Limits or Throttling in GitLab |
11.12.2025 |
6.5 |
| CVE-2025-9436 |
Widgets for Google Reviews <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode |
11.12.2025 |
6.4 |
| CVE-2025-14485 |
EFM ipTIME A3004T Administrator Password timepro.cgi show_debug_screen command injection |
11.12.2025 |
|
| CVE-2025-11467 |
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 5.1.1 - Unauthenticated Blind Server-Side Request Forgery |
11.12.2025 |
5.8 |
| CVE-2025-13764 |
WP CarDealer <= 1.2.16 - Unauthenticated Privilege Escalation |
11.12.2025 |
9.8 |
| CVE-2025-67719 |
Ibexa User Bundle is missing password change validation |
11.12.2025 |
|
| CVE-2025-67720 |
Pyrofork has a Path Traversal in download_media Method |
11.12.2025 |
6.5 |
| CVE-2025-67718 |
Formio improperly authorized permission elevation through specially crafted request path |
11.12.2025 |
|
| CVE-2025-67716 |
Auth0 Next.js SDK has Improper Validation of Query Parameters |
11.12.2025 |
5.7 |
| CVE-2025-67717 |
Zitadel Discloses the Total Number of Instance Users |
11.12.2025 |
|
| CVE-2025-67713 |
Miniflux 2 has an Open Redirect via protocol-relative `redirect_url` |
11.12.2025 |
|
| CVE-2025-67648 |
Shopware's inproper input validation can lead to Reflected XSS through Storefront Login Page |
10.12.2025 |
7.1 |
| CVE-2025-67646 |
TableProgressTracking's missing CSRF protection allows unauthorized state changes |
10.12.2025 |
3.5 |
| CVE-2025-67644 |
LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method |
10.12.2025 |
7.3 |
| CVE-2025-67512 |
|
10.12.2025 |
|
| CVE-2025-67514 |
|
10.12.2025 |
|
| CVE-2025-67511 |
Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool |
10.12.2025 |
9.7 |
| CVE-2025-67509 |
MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write |
10.12.2025 |
8.2 |
| CVE-2025-67510 |
MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”) |
10.12.2025 |
9.4 |
| CVE-2025-67513 |
FreePBX Endpoint Manager's Weak Default Password Allows Unauthenticated Access in Endpoint Module REST API |
10.12.2025 |
|
| CVE-2025-12731 |
|
10.12.2025 |
|
| CVE-2025-13923 |
|
10.12.2025 |
|
| CVE-2025-67490 |
Auth0 Next.js SDK has Improper Request Caching Lookup |
10.12.2025 |
5.4 |
| CVE-2025-67505 |
Race condition in the Okta Java SDK |
10.12.2025 |
8.4 |
| CVE-2025-66628 |
ImageMagick is vulnerable to an Integer Overflow in TIM decoder leading to out of bounds read (32-bit only) |
10.12.2025 |
7.5 |
| CVE-2025-66474 |
XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection |
10.12.2025 |
|
| CVE-2025-65296 |
|
10.12.2025 |
|
| CVE-2025-65297 |
|
10.12.2025 |
|
| CVE-2025-66473 |
XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis |
10.12.2025 |
|
| CVE-2025-65295 |
|
10.12.2025 |
|
| CVE-2025-66033 |
Improper Memory Cleanup in the Okta Java SDK |
10.12.2025 |
5.3 |
| CVE-2025-66472 |
XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication |
10.12.2025 |
|
| CVE-2025-65292 |
|
10.12.2025 |
|
| CVE-2025-65293 |
|
10.12.2025 |
|
| CVE-2025-65294 |
|
10.12.2025 |
|
| CVE-2023-53775 |
Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness |
10.12.2025 |
|
| CVE-2023-53776 |
Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness |
10.12.2025 |
|
| CVE-2024-58279 |
appRain CMF 4.0.5 Authenticated Remote Code Execution via Filemanager Upload |
10.12.2025 |
|
| CVE-2024-58280 |
CMSimple 5.15 Remote Command Execution via Extensions Configuration |
10.12.2025 |
|
| CVE-2024-58281 |
Dotclear 2.29 Remote Code Execution via Authenticated File Upload |
10.12.2025 |
|
| CVE-2024-58282 |
Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload |
10.12.2025 |
|
| CVE-2024-58283 |
WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload |
10.12.2025 |
|
| CVE-2024-58284 |
PopojiCMS 2.0.1 Remote Command Execution via Authenticated Metadata Settings |
10.12.2025 |
|
| CVE-2024-58285 |
Chyrp 2.5.2 Stored Cross-Site Scripting Vulnerability via Post Title |
10.12.2025 |
|
| CVE-2025-65290 |
|
10.12.2025 |
|
| CVE-2025-65291 |
|
10.12.2025 |
|
| CVE-2020-36897 |
QiHang Media Web Digital Signage 3.0.9 Unauthenticated Remote Code Execution |
10.12.2025 |
|
| CVE-2020-36898 |
QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion |
10.12.2025 |
|
| CVE-2020-36899 |
QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Disclosure |
10.12.2025 |
|
| CVE-2020-36900 |
All-Dynamics Digital Signage System 2.0.2 Cross-Site Request Forgery via User Management |
10.12.2025 |
|
| CVE-2020-36901 |
UBICOD Medivision Digital Signage 1.5.1 Cross-Site Request Forgery via User Management |
10.12.2025 |
|
| CVE-2020-36902 |
UBICOD Medivision Digital Signage 1.5.1 Authorization Bypass via User Privileges |
10.12.2025 |
|
| CVE-2023-53740 |
Screen SFT DAB 1.9.3 Authentication Bypass via Admin Password Change |
10.12.2025 |
|
| CVE-2023-53741 |
Screen SFT DAB 1.9.3 Authentication Bypass via IP Session Management |
10.12.2025 |
|
| CVE-2020-36892 |
Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated Privilege Escalation |
10.12.2025 |
|
| CVE-2020-36893 |
Eibiz i-Media Server Digital Signage 3.8.0 Directory Traversal Vulnerability |
10.12.2025 |
|
| CVE-2020-36894 |
Eibiz i-Media Server Digital Signage 3.8.0 Unauthenticated User Creation Vulnerability |
10.12.2025 |
|
| CVE-2020-36895 |
EIBIZ i-Media Server Digital Signage 3.8.0 Unauthenticated Configuration Disclosure |
10.12.2025 |
|
| CVE-2020-36896 |
QiHang Media Web Digital Signage 3.0.9 Cleartext Credentials Disclosure |
10.12.2025 |
|
| CVE-2020-36883 |
SpinetiX Fusion Digital Signage 3.4.8 Authenticated Path Traversal via File Operations |
10.12.2025 |
|
| CVE-2020-36884 |
BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF |
10.12.2025 |
|
| CVE-2020-36885 |
Sony IPELA Network Camera 1.82.01 Remote Stack Buffer Overflow via ftpclient.cgi |
10.12.2025 |
|
| CVE-2020-36886 |
SpinetiX Fusion Digital Signage 3.4.8 Cross-Site Request Forgery via User Creation |
10.12.2025 |
|
| CVE-2020-36887 |
SpinetiX Fusion Digital Signage 3.4.8 Unauthenticated Database Backup Disclosure |
10.12.2025 |
|
| CVE-2020-36888 |
SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration via Login Script |
10.12.2025 |
|
| CVE-2025-65829 |
|
10.12.2025 |
|
| CVE-2025-65830 |
|
10.12.2025 |
|
| CVE-2025-65831 |
|
10.12.2025 |
|
| CVE-2025-65832 |
|
10.12.2025 |
|
| CVE-2025-24857 |
|
10.12.2025 |
7.6 |
| CVE-2025-62181 |
Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration where during user authentication process, a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. |
10.12.2025 |
5.3 |
| CVE-2025-65820 |
|
10.12.2025 |
|
| CVE-2025-65821 |
|
10.12.2025 |
|
| CVE-2025-65822 |
|
10.12.2025 |
|
| CVE-2025-65823 |
|
10.12.2025 |
|
| CVE-2025-65824 |
|
10.12.2025 |
|
| CVE-2025-65825 |
|
10.12.2025 |
|
| CVE-2025-65826 |
|
10.12.2025 |
|
| CVE-2025-65827 |
|
10.12.2025 |
|
| CVE-2025-65828 |
|
10.12.2025 |
|
| CVE-2025-65950 |
WBCE CMS is Vulnerable to Time-Based Blind SQL Injection through groups[] Parameter |
10.12.2025 |
|
| CVE-2025-67460 |
Zoom Rooms for Windows - Software Downgrade Protection Mechanism Failure |
10.12.2025 |
7.8 |
| CVE-2025-67461 |
Zoom Rooms for macOS - External Control of File Name or Path |
10.12.2025 |
5 |
| CVE-2025-65512 |
|
10.12.2025 |
|
| CVE-2025-65602 |
|
10.12.2025 |
|
| CVE-2025-63895 |
|
10.12.2025 |
|
| CVE-2025-56431 |
|
10.12.2025 |
|
| CVE-2025-56429 |
|
10.12.2025 |
|
| CVE-2025-56430 |
|
10.12.2025 |
|
| CVE-2025-34427 |
MailEnable < 10.54 Cleartext Credential Storage in AUTH.TAB |
10.12.2025 |
|
| CVE-2025-34428 |
MailEnable < 10.54 Cleartext Credential Storage in AUTH.SAV |
10.12.2025 |
|
| CVE-2025-34429 |
1Panel CSRF Web Port Configuration Change |
10.12.2025 |
|
| CVE-2025-34430 |
1Panel CSRF Panel Name Modification |
10.12.2025 |
|
| CVE-2025-64537 |
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
11.12.2025 |
9.3 |
| CVE-2025-64538 |
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
11.12.2025 |
9.3 |
| CVE-2025-64539 |
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
11.12.2025 |
9.3 |
| CVE-2025-64541 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64543 |
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64544 |
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64545 |
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64546 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64547 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64548 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64549 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64550 |
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64551 |
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64553 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64554 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64555 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64556 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64557 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64558 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64559 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64560 |
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64562 |
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64563 |
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64564 |
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64565 |
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64566 |
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64569 |
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64572 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64574 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64575 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64576 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64577 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64578 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64579 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64580 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64581 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64582 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64583 |
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64585 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64586 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64590 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64591 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64592 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64593 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64594 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64596 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64597 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64598 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64599 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64600 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64601 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64602 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64603 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64604 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64605 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64606 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64607 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64609 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64611 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64612 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64613 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64614 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64615 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64616 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64619 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64620 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64622 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64623 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64626 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64627 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64789 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64790 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64791 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64792 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64793 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64794 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64796 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64797 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64799 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64800 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64801 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64802 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64803 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64804 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64808 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64814 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64817 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64820 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64821 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64822 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64823 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64825 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64826 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64827 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64829 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64833 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64839 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64840 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64841 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64845 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64847 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64850 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64852 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64853 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64857 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64858 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64861 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64863 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64869 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64872 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
4.8 |
| CVE-2025-64873 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64875 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64881 |
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64887 |
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-64888 |
Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
10.12.2025 |
5.4 |
| CVE-2025-65199 |
Windscribe for Linux 'changeMTU' local privilege escalation |
10.12.2025 |
7.8 |
| CVE-2025-5467 |
Ubuntu Apport Insecure File Permissions Vulnerability |
10.12.2025 |
|
| CVE-2025-65754 |
|
10.12.2025 |
|
| CVE-2025-63094 |
|
10.12.2025 |
|
| CVE-2025-13607 |
D-Link CCTV camera model DCS-F5614-L1 Missing Authentication for Critical Function |
10.12.2025 |
|
| CVE-2025-52493 |
|
10.12.2025 |
|
| CVE-2025-67635 |
|
10.12.2025 |
|
| CVE-2025-67636 |
|
10.12.2025 |
|
| CVE-2025-67637 |
|
10.12.2025 |
|
| CVE-2025-67638 |
|
10.12.2025 |
|
| CVE-2025-67639 |
|
10.12.2025 |
|
| CVE-2025-67640 |
|
10.12.2025 |
|
| CVE-2025-67641 |
|
10.12.2025 |
|
| CVE-2025-67642 |
|
10.12.2025 |
|
| CVE-2025-67643 |
|
10.12.2025 |
|
| CVE-2025-65792 |
|
10.12.2025 |
|
| CVE-2025-65814 |
|
10.12.2025 |
|
| CVE-2025-65815 |
|
10.12.2025 |
|
| CVE-2025-34410 |
1Panel CSRF in Change Username Functionality Allows Account Lockout |
10.12.2025 |
|
| CVE-2025-34416 |
MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIPO.DLL |
10.12.2025 |
|
| CVE-2025-34417 |
MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAISO.DLL |
10.12.2025 |
|
| CVE-2025-34418 |
MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIMF.DLL |
10.12.2025 |
|
| CVE-2025-34419 |
MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAISM.DLL |
10.12.2025 |
|
| CVE-2025-34420 |
MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAM.DLL |
10.12.2025 |
|
| CVE-2025-34421 |
MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAISP.DLL |
10.12.2025 |
|
| CVE-2025-34422 |
MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIPC.DLL |
10.12.2025 |
|
| CVE-2025-34423 |
MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAU.DLL |
10.12.2025 |
|
| CVE-2025-34424 |
MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIDP.DLL |
10.12.2025 |
|
| CVE-2025-34392 |
Barracuda RMM < 2025.1.1 Service Center Absolute Path Traversal RCE |
10.12.2025 |
|
| CVE-2025-34393 |
Barracuda RMM < 2025.1.1 Service Center Insecure Reflection RCE |
10.12.2025 |
|
| CVE-2025-34394 |
Barracuda RMM < 2025.1.1 Service Center .NET Remoting Deserialization RCE |
10.12.2025 |
|
| CVE-2025-34395 |
Barracuda RMM < 2025.1.1 Service Center .NET Remoting Path Traversal RCE |
10.12.2025 |
|
| CVE-2025-65803 |
|
10.12.2025 |
|
| CVE-2025-65807 |
|
10.12.2025 |
|
| CVE-2025-12046 |
|
10.12.2025 |
|
| CVE-2025-13125 |
IDOR in Im Park's DijiDemi |
10.12.2025 |
4.3 |
| CVE-2025-13152 |
|
10.12.2025 |
|
| CVE-2025-13155 |
|
10.12.2025 |
|
| CVE-2025-13127 |
XSS in TACAS Consulting's GoldenHorn |
10.12.2025 |
3.5 |
| CVE-2025-8110 |
File overwrite in file update API in Gogs |
11.12.2025 |
|
| CVE-2024-2104 |
JBL: Improper BLE security configurations and lack of authentication on the device's GATT server |
10.12.2025 |
8.8 |
| CVE-2024-2105 |
JBL: Improper validation of ICM field in connection requests |
10.12.2025 |
6.5 |
| CVE-2025-13184 |
Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password |
10.12.2025 |
|
| CVE-2025-13953 |
Bypass in the authentication method of the GTT Sistema de Información Tributario application |
10.12.2025 |
|
| CVE-2025-41358 |
Direct reference to insecure objects (IDOR) in CronosWeb from CronosWeb i2A |
10.12.2025 |
|
| CVE-2025-41730 |
Stack-based buffer overflow via unsafe sscanf in check_account() |
10.12.2025 |
8.8 |
| CVE-2025-41732 |
Stack-based buffer overflow via unsafe sscanf in check_cookie() |
10.12.2025 |
8.8 |
| CVE-2025-66675 |
Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS) - version ranges fixed |
10.12.2025 |
|
| CVE-2025-7073 |
Local Privilege Escalation via Arbitrary File Operation in Bitdefender Total Security |
11.12.2025 |
|
| CVE-2025-14390 |
Video Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload |
10.12.2025 |
8.8 |
| CVE-2025-14082 |
Keycloak-services: keycloak admin rest api: improper access control leads to sensitive role metadata information disclosure |
10.12.2025 |
|
| CVE-2025-1161 |
Improper Authorization in Nomysoft Informatics' Nomysem |
10.12.2025 |
7.1 |
| CVE-2025-66004 |
Local privilege escalation in usbmuxd from arbitrary local user to usbmux |
10.12.2025 |
|
| CVE-2025-14087 |
Glib: glib: buffer underflow in gvariant parser leads to heap corruption |
10.12.2025 |
|
| CVE-2025-13954 |
Hard-coded cryptographic keys in EZCast Pro II Dongle |
10.12.2025 |
|
| CVE-2025-13955 |
Predictable Default Wi-Fi Password in EZCast Pro II Dongle |
10.12.2025 |
|
| CVE-2025-9315 |
Unauthenticated Device Registration Vulnerability in MXsecurity Series |
10.12.2025 |
|