Total
110 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2105 | 1 Jbl | 7 Boombox 2, Boombox 3, Flip 5 and 4 more | 2025-12-12 | 6.5 Medium |
| An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices. | ||||
| CVE-2025-59278 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2025-12-11 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59275 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2025-12-11 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58729 | 1 Microsoft | 31 Windows, Windows 10, Windows 10 1507 and 28 more | 2025-12-11 | 6.5 Medium |
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-59277 | 1 Microsoft | 28 Windows, Windows 10, Windows 10 1507 and 25 more | 2025-12-11 | 7.8 High |
| Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59259 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2025-12-11 | 6.5 Medium |
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-59257 | 1 Microsoft | 11 Windows, Windows 11, Windows 11 24h2 and 8 more | 2025-12-11 | 6.5 Medium |
| Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | ||||
| CVE-2025-55701 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2025-12-11 | 7.8 High |
| Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-4645 | 2 Axis, Axis Communications Ab | 234 A1210 \(-b\), A1214, A1601 and 231 more | 2025-12-11 | 6.7 Medium |
| An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-6298 | 2 Axis, Axis Communications Ab | 2 Axis Os, Axis Os | 2025-12-11 | 6.7 Medium |
| ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-8108 | 2 Axis, Axis Communications Ab | 234 A1210 \(-b\), A1214, A1601 and 231 more | 2025-12-11 | 6.7 Medium |
| An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-32901 | 1 Kde | 1 Kdeconnect | 2025-12-08 | 4.3 Medium |
| In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash. | ||||
| CVE-2025-20756 | 1 Mediatek | 38 Mt2735, Mt6833, Mt6833p and 35 more | 2025-12-04 | 5.3 Medium |
| In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673749; Issue ID: MSV-4643. | ||||
| CVE-2024-48858 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-12-01 | 7.5 High |
| Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec. | ||||
| CVE-2024-35213 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-12-01 | 9 Critical |
| An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause a denial-of-service condition or execute code in the context of the image processing process. | ||||
| CVE-2025-60633 | 1 Free5gc | 1 Free5gc | 2025-12-01 | 6.5 Medium |
| An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API. | ||||
| CVE-2025-12977 | 2 Fluentbit, Treasuredata | 2 Fluent Bit, Fluent Bit | 2025-11-28 | 9.1 Critical |
| Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing. | ||||
| CVE-2025-41729 | 2025-11-25 | 7.5 High | ||
| An unauthenticated remote attacker can send a specially crafted Modbus read command to the device which leads to a denial of service. | ||||
| CVE-2023-4522 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit. | ||||
| CVE-2023-3917 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 4.3 Medium |
| Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail. | ||||