Latest CVE Feed
-
5.5
MEDIUMCVE-2025-48622
In ProcessArea of dng_misc_opcodes.cpp, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more
Affected Products : android- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-66329
Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
- Published: Dec. 08, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-14010
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access t... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-63401
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives... Read more
Affected Products : dragon- Published: Dec. 03, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2025-48584
In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interac... Read more
Affected Products : android- Published: Dec. 08, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-59529
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowin... Read more
Affected Products : avahi- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-43406
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-43471
The issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-14198
A vulnerability was detected in Verysync 微力同步 2.21.3. This affects an unknown function of the file /safebrowsing/clientreport/download?key=dummytoken of the component Web Administration Module. Performing manipulation results in information disclosure. Th... Read more
Affected Products : verysync- Published: Dec. 07, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-66453
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption ... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-14965
A vulnerability was found in 1541492390c yougou-mall up to 0a771fa817c924efe52c8fe0a9a6658eee675f9f. This impacts the function Upload of the file src/main/java/per/ccm/ygmall/extra/controller/ResourceController.java. Performing manipulation results in pat... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2025-48576
In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges need... Read more
Affected Products : android- Published: Dec. 08, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-36889
In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more
Affected Products : android- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-58304
Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more
Affected Products : harmonyos- Published: Nov. 28, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-43470
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. A standard user may be able to view files made from a disk image belonging to an administrator.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-43475
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data.... Read more
- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-43473
This issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-43351
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-43381
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to delete protected user data.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2025-14696
A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The manipulation leads to wea... Read more
Affected Products :- Published: Dec. 15, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Authentication