Latest CVE Feed
-
5.5
MEDIUMCVE-2025-64896
Creative Cloud Desktop versions 6.4.0.361 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to disr... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2025-43388
An injection issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2025-36929
In AreFencesRegistered of gxp_fence_manager.cc, there is a possible information leak due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for explo... Read more
Affected Products : android- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-15154
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of le... Read more
Affected Products : pbootcms- Published: Dec. 28, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2025-43523
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3. An app may be able to access sensitive user data.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-58279
Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more
Affected Products : harmonyos- Published: Dec. 08, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-66334
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-48604
In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitati... Read more
Affected Products : android- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2025-48622
In ProcessArea of dng_misc_opcodes.cpp, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more
Affected Products : android- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-66333
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-66323
Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Dec. 08, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2025-66332
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-48590
In verifyAndGetBypass of AppOpsService.java, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to resource exhaustion. This could lead to local denial of service with no additional executi... Read more
Affected Products : android- Published: Dec. 08, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-48584
In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interac... Read more
Affected Products : android- Published: Dec. 08, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-48591
In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitati... Read more
Affected Products : android- Published: Dec. 08, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2025-13945
HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service... Read more
Affected Products : wireshark- Published: Dec. 03, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-64894
DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this issue to cause the application to crash or become unresponsive. Exploitatio... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-63401
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives... Read more
Affected Products : dragon- Published: Dec. 03, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2025-48600
In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio... Read more
Affected Products : android- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-66331
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Denial of Service