Total
4343 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-65779 | 1 Wekan Project | 1 Wekan | 2025-12-18 | 7.5 High |
| An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Unauthenticated attackers can update a board's "sort" value (Boards.allow returns true without verifying userId), allowing arbitrary reordering of boards. | ||||
| CVE-2025-65780 | 1 Wekan Project | 1 Wekan | 2025-12-18 | 8.8 High |
| An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authenticated users can update their entire user document (beyond profile fields), including orgs/teams and loginDisabled, due to missing server-side authorization checks; this enables privilege escalation and unauthorized access to other teams/orgs. | ||||
| CVE-2025-63221 | 1 Axeltechnology | 1 Puma | 2025-12-17 | 9.1 Critical |
| The Axel Technology puma devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device. | ||||
| CVE-2024-29060 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-12-17 | 6.7 Medium |
| Visual Studio Elevation of Privilege Vulnerability | ||||
| CVE-2025-24989 | 1 Microsoft | 1 Power Pages | 2025-12-17 | 8.2 High |
| An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you. | ||||
| CVE-2025-24042 | 1 Microsoft | 2 Visual Studio Code, Vscode-js-debug | 2025-12-17 | 7.3 High |
| Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability | ||||
| CVE-2025-21359 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2025-12-17 | 7.8 High |
| Windows Kernel Security Feature Bypass Vulnerability | ||||
| CVE-2025-21337 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2025-12-17 | 3.3 Low |
| Windows NTFS Elevation of Privilege Vulnerability | ||||
| CVE-2025-26645 | 1 Microsoft | 28 Remote Desktop, Remote Desktop Client, Windows 10 1507 and 25 more | 2025-12-17 | 8.8 High |
| Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-24994 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 3 more | 2025-12-17 | 7.3 High |
| Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24076 | 1 Microsoft | 9 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 6 more | 2025-12-17 | 7.3 High |
| Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-43518 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-17 | 3.3 Low |
| A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3. An app may be able to inappropriately access files through the spellcheck API. | ||||
| CVE-2025-43513 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-17 | 5.5 Medium |
| A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to read sensitive location information. | ||||
| CVE-2025-43502 | 1 Apple | 5 Ios, Ipados, Iphone Os and 2 more | 2025-12-17 | 7.5 High |
| A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, Safari 26.1. An app may be able to bypass certain Privacy preferences. | ||||
| CVE-2025-43476 | 1 Apple | 1 Macos | 2025-12-17 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to break out of its sandbox. | ||||
| CVE-2025-43416 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-17 | 9.8 Critical |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access protected user data. | ||||
| CVE-2025-43412 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-17 | 6.3 Medium |
| A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to break out of its sandbox. | ||||
| CVE-2025-43408 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-17 | 2.4 Low |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An attacker with physical access may be able to access contacts from the lock screen. | ||||
| CVE-2025-43337 | 1 Apple | 1 Macos | 2025-12-17 | 5.5 Medium |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26, macOS Sequoia 15.7.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-43294 | 1 Apple | 1 Macos | 2025-12-17 | 3.3 Low |
| An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in tvOS 26.1, macOS Tahoe 26, watchOS 26.1, iOS 26.1 and iPadOS 26.1. An app may be able to access sensitive user data. | ||||