Common Vulnerabilities and Exposures (CVE)

CVE-2025-43501

Dec 19, 2025 04:55:31 UTC

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may...

CVE-2025-37164

Dec 19, 2025 04:55:30 UTC

A remote code execution issue exists in HPE OneView.

CVE-2025-14940

Dec 19, 2025 04:02:08 UTC

A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. This manipulation of the argument ID causes sql injection. It is possible to initi...

CVE-2025-14939

Dec 19, 2025 04:02:06 UTC

A vulnerability was found in code-projects Online Appointment Booking System 1.0. Impacted is an unknown function of the file /admin/deletemanager.php. The manipulation of the argument managername results in sql injection. The attack may be...

CVE-2025-54515

Dec 19, 2025 03:40:17 UTC

The Secure Flag passed to Versal™ Adaptive SoC’s Trusted Firmware for Cortex®-A processors (TF-A) for Arm’s Power State Coordination Interface (PSCI) commands were incorrectly set to secure instead of using the processor’s actual security s...

CVE-2025-48507

Dec 19, 2025 03:37:39 UTC

The security state of the calling processor into Arm® Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystem...

CVE-2025-62004

Dec 19, 2025 03:37:17 UTC

BullWall Server Intrusion Protection services are initialized after login services. An authenticated attacker with administrative permissions can log in after boot and bypass MFA. SIP service does not retroactively enforce the challenge or ...

CVE-2025-62003

Dec 19, 2025 03:36:58 UTC

BullWall Server Intrusion Protection has a noticeable delay before the MFA check when connecting via RDP. A remote authenticated attacker with administrative privileges can potentially bypass detection during this window. Versions 4.6.0.0, ...

CVE-2025-62002

Dec 19, 2025 03:36:37 UTC

BullWall Ransomware Containment relies on the number of file modifications to trigger detection. An authenticated attacker could encrypt a single large file without triggering a detection alert. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1...

CVE-2025-62001

Dec 19, 2025 03:36:14 UTC

BullWall Ransomware Containment contains excluded file paths, such as '$recycle.bin' that are not monitored. An attacker with file write permissions could bypass detection by renaming a directory. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6...

CVE-2025-62000

Dec 19, 2025 03:35:44 UTC

BullWall Ransomware Containment does not entirely inspect a file to determine if it is ransomware. An authenticated attacker could bypass detection by encrypting a file and leaving the first four bytes unaltered. Versions 4.6.0.0, 4.6.0.6, ...

CVE-2019-3863

Dec 19, 2025 03:02:32 UTC

A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is ...

CVE-2025-13941

Dec 19, 2025 02:30:02 UTC

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low p...

CVE-2025-67846

Dec 19, 2025 02:01:11 UTC

The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can ident...

CVE-2025-67845

Dec 19, 2025 02:00:22 UTC

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences.