Total
4323 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62570 | 1 Microsoft | 5 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 2 more | 2025-12-16 | 7.1 High |
| Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-62474 | 1 Microsoft | 22 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 19 more | 2025-12-16 | 7.8 High |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59517 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2025-12-16 | 7.8 High |
| Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-64669 | 1 Microsoft | 1 Windows Admin Center | 2025-12-16 | 7.8 High |
| Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-64673 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2025-12-16 | 7.8 High |
| Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-67715 | 2025-12-16 | 4.3 Medium | ||
| Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue. | ||||
| CVE-2025-43404 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-15 | 3.3 Low |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. | ||||
| CVE-2025-43393 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-15 | 5.2 Medium |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to break out of its sandbox. | ||||
| CVE-2025-43351 | 1 Apple | 2 Macos, Macos Tahoe | 2025-12-15 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data. | ||||
| CVE-2025-14641 | 1 Code-projects | 1 Computer Laboratory System | 2025-12-15 | 4.7 Medium |
| A flaw has been found in code-projects Computer Laboratory System 1.0. This issue affects some unknown processing of the file admin/admin_pic.php. This manipulation of the argument image causes unrestricted upload. The attack may be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2025-14642 | 1 Code-projects | 1 Computer Laboratory System | 2025-12-15 | 4.7 Medium |
| A vulnerability has been found in code-projects Computer Laboratory System 1.0. Impacted is an unknown function of the file technical_staff_pic.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-14660 | 1 Decocms | 1 Mesh | 2025-12-15 | 5.6 Medium |
| A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 1.0.0-alpha.32 addresses this issue. Patch name: 5f7315e05852faf3a9c177c0a34f9ea9b0371d3d. It is recommended to upgrade the affected component. | ||||
| CVE-2025-14528 | 1 Dlink | 2 Dir-803, Dir-803 Firmware | 2025-12-15 | 5.3 Medium |
| A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-43518 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-15 | 3.3 Low |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to inappropriately access files through the spellcheck API. | ||||
| CVE-2025-14582 | 1 Campcodes | 1 Online Student Enrollment System | 2025-12-15 | 4.7 Medium |
| A vulnerability was detected in campcodes Online Student Enrollment System 1.0. This affects an unknown function of the file /admin/index.php?page=user-profile. Performing manipulation of the argument userphoto results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2025-66430 | 1 Plesk | 1 Plesk | 2025-12-14 | 9.1 Critical |
| Plesk 18.0 has Incorrect Access Control. | ||||
| CVE-2025-14583 | 1 Campcodes | 1 Online Student Enrollment System | 2025-12-14 | 7.3 High |
| A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2025-61811 | 1 Adobe | 1 Coldfusion | 2025-12-12 | 8.4 High |
| ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnerability to bypass security measures and execute malicious code. Exploitation of this issue does not require user interaction and scope is changed. | ||||
| CVE-2025-64897 | 1 Adobe | 1 Coldfusion | 2025-12-12 | 5.6 Medium |
| ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized write access potentially resulting in denial of service. Exploitation of this issue requires user interaction. | ||||
| CVE-2025-25950 | 1 Serosoft | 1 Academia Student Information System | 2025-12-12 | 8.1 High |
| Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account. | ||||