Total
9862 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29839 | 1 Cs-technologies | 1 Evolution | 2025-12-10 | 7.5 High |
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_CARD, allowing for an unauthenticated attacker to return the card value data of any user | ||||
| CVE-2024-38030 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2025-12-09 | 6.5 Medium |
| Windows Themes Spoofing Vulnerability | ||||
| CVE-2024-38020 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-12-09 | 6.5 Medium |
| Microsoft Outlook Spoofing Vulnerability | ||||
| CVE-2024-38017 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2025-12-09 | 5.5 Medium |
| Microsoft Message Queuing Information Disclosure Vulnerability | ||||
| CVE-2024-38041 | 1 Microsoft | 17 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 14 more | 2025-12-09 | 5.5 Medium |
| Windows Kernel Information Disclosure Vulnerability | ||||
| CVE-2024-30081 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2025-12-09 | 7.1 High |
| Windows NTLM Spoofing Vulnerability | ||||
| CVE-2025-59240 | 1 Microsoft | 9 365, 365 Apps, Excel and 6 more | 2025-12-09 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-62206 | 1 Microsoft | 2 365, Dynamics 365 | 2025-12-09 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-58279 | 1 Huawei | 1 Harmonyos | 2025-12-09 | 4.4 Medium |
| Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-66330 | 1 Huawei | 1 Harmonyos | 2025-12-09 | 4.9 Medium |
| App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-58255 | 1 Huawei | 2 Enzoh-w5611t, Enzoh-w5611t Firmware | 2025-12-08 | 5 Medium |
| EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. | ||||
| CVE-2024-58256 | 1 Huawei | 2 Enzoh-w5611t, Enzoh-w5611t Firmware | 2025-12-08 | 4.5 Medium |
| EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. | ||||
| CVE-2024-58257 | 1 Huawei | 2 Enzoh-w5611t, Enzoh-w5611t Firmware | 2025-12-08 | 5.7 Medium |
| EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. | ||||
| CVE-2024-38647 | 1 Qnap | 1 Ai Core | 2025-12-08 | 7.5 High |
| An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP AI Core 3.4.1 and later | ||||
| CVE-2024-12426 | 3 Debian, Libreoffice, The Document Foundation | 3 Debian Linux, Libreoffice, Libreoffice | 2025-12-08 | 6.5 Medium |
| Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links. This issue affects LibreOffice: from 24.8 before < 24.8.4. | ||||
| CVE-2025-13494 | 1 Wordpress | 1 Wordpress | 2025-12-08 | 5.3 Medium |
| The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location (wp-content/uploads/ssp-debug/ssp-debug.log) without any access controls. This makes it possible for unauthenticated attackers to view sensitive debugging information including full URLs, client IP addresses, User-Agent strings, WordPress user IDs, and internal filesystem paths. | ||||
| CVE-2025-13006 | 2 Wordpress, Wpeka-club | 2 Wordpress, Surveyfunnel | 2025-12-08 | 5.3 Medium |
| The SurveyFunnel – Survey Plugin for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via several unprotected /wp-json/surveyfunnel/v2/ REST API endpoints. This makes it possible for unauthenticated attackers to extract sensitive data from survey responses. | ||||
| CVE-2025-10285 | 1 Silabs | 1 Simplicity Device Manager | 2025-12-08 | N/A |
| The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password. | ||||
| CVE-2025-14197 | 1 Verysync | 1 Verysync | 2025-12-08 | 5.3 Medium |
| A security vulnerability has been detected in Verysync 微力同步 up to 2.21.3. The impacted element is an unknown function of the file /rest/f/api/resources/f96956469e7be39d of the component Web Administration Module. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-66623 | 1 Strimzi | 1 Kafka-operator | 2025-12-08 | 7.4 High |
| Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 and prior to 0.49.1, in some situations, Strimzi creates an incorrect Kubernetes Role which grants the Apache Kafka Connect and Apache Kafka MirrorMaker 2 operands the GET access to all Kubernetes Secrets that exist in the given Kubernetes namespace. The issue is fixed in Strimzi 0.49.1. | ||||