Common Vulnerability Analyzer Last Full Sync: Fri Jan 09 2026 19:48:08 GMT+0000 (Coordinated Universal Time)
1. ID: CVE-2025-13941
Assigner: 14984358-7092-470d-8f34-ade47a7658a2
Description: A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in execution of arbitrary code with SYSTEM privileges.
Published Date: Fri Dec 19 2025 02:16:04 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Dec 23 2025 17:35:55 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Dec 23 2025 17:38:17 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 5 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 18 days ago
2. ID: CVE-2025-65041
Assigner: secure@microsoft.com
Description: Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network.
Published Date: Thu Dec 18 2025 22:16:01 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Jan 06 2026 16:05:51 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Jan 06 2026 16:07:42 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 19 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 10
Base Severity: CRITICAL
LAST MODIFIED: 4 days ago
3. ID: CVE-2025-20393
Assigner: psirt@cisco.com
Description: Cisco is aware of a potential vulnerability. Cisco is currently investigating and will update these details as appropriate as more information becomes available.
Published Date: Wed Dec 17 2025 17:15:48 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Dec 18 2025 15:41:16 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Dec 18 2025 15:52:17 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 23 hours
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 10
Base Severity: CRITICAL
LAST MODIFIED: 23 days ago
4. ID: CVE-2025-14765
Assigner: chrome-cve-admin@google.com
Description: Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Tue Dec 16 2025 23:15:44 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Dec 18 2025 19:53:39 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Dec 18 2025 19:55:29 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 22 days ago
5. ID: CVE-2025-14766
Assigner: chrome-cve-admin@google.com
Description: Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Tue Dec 16 2025 23:15:44 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Dec 23 2025 17:06:24 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Dec 23 2025 17:07:43 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 7 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 18 days ago
6. ID: CVE-2025-14174
Assigner: chrome-cve-admin@google.com
Description: Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Published Date: Fri Dec 12 2025 20:15:39 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Dec 15 2025 15:16:08 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Dec 15 2025 16:05:24 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 26 days ago
References:
7. ID: CVE-2025-64538
Assigner: psirt@adobe.com
Description: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must visit a crafted malicious page.
Published Date: Wed Dec 10 2025 19:16:15 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 19:58:16 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 19:59:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 9.3
Base Severity: CRITICAL
LAST MODIFIED: 28 days ago
8. ID: CVE-2025-64539
Assigner: psirt@adobe.com
Description: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must visit a crafted malicious page.
Published Date: Wed Dec 10 2025 19:16:15 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 19:58:13 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 19:59:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 9.3
Base Severity: CRITICAL
LAST MODIFIED: 28 days ago
9. ID: CVE-2025-64537
Assigner: psirt@adobe.com
Description: Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the victim's browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must visit a crafted malicious page.
Published Date: Wed Dec 10 2025 19:16:14 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 19:58:19 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 19:59:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 9.3
Base Severity: CRITICAL
LAST MODIFIED: 28 days ago
10. ID: CVE-2025-61808
Assigner: psirt@adobe.com
Description: ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could lead to arbitrary code execution by a high priviledged attacker. Exploitation of this issue does not require user interaction and scope is changed.
Published Date: Wed Dec 10 2025 00:16:09 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 19:04:17 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 19:05:20 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.1
Base Severity: CRITICAL
LAST MODIFIED: 29 days ago
11. ID: CVE-2025-61809
Assigner: psirt@adobe.com
Description: ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interaction and scope is unchanged.
Published Date: Wed Dec 10 2025 00:16:09 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 19:04:51 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 19:05:20 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 9.1
Base Severity: CRITICAL
LAST MODIFIED: 29 days ago
12. ID: CVE-2025-61810
Assigner: psirt@adobe.com
Description: ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could exploit this vulnerability by providing maliciously crafted serialized data to the application. Exploitation of this issue requires user interaction and scope is changed.
Published Date: Wed Dec 10 2025 00:16:09 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 19:05:29 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 19:07:30 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 29 days ago
13. ID: CVE-2025-61811
Assigner: psirt@adobe.com
Description: ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. A high privileged attacker could leverage this vulnerability to bypass security measures and execute malicious code. Exploitation of this issue does not require user interaction and scope is changed.
Published Date: Wed Dec 10 2025 00:16:09 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Dec 16 2025 16:15:58 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 19:07:30 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 25 days ago
14. ID: CVE-2025-61812
Assigner: psirt@adobe.com
Description: ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interaction.
Published Date: Wed Dec 10 2025 00:16:09 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 19:59:21 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 19:59:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: HIGH
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 28 days ago
15. ID: CVE-2025-61813
Assigner: psirt@adobe.com
Description: ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the server. Exploitation of this issue does not require user interaction and scope is changed.
Published Date: Wed Dec 10 2025 00:16:09 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 19:07:39 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 19:09:25 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: NONE
Availability Impact: LOW
Base Score: 8.2
Base Severity: HIGH
LAST MODIFIED: 29 days ago
16. ID: CVE-2025-64671
Assigner: secure@microsoft.com
Description: Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally.
Published Date: Tue Dec 09 2025 18:16:06 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 13:57:32 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 13:58:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 29 days ago
17. ID: CVE-2025-64672
Assigner: secure@microsoft.com
Description: Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Published Date: Tue Dec 09 2025 18:16:06 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 13:47:01 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 13:50:10 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 29 days ago
18. ID: CVE-2025-64678
Assigner: secure@microsoft.com
Description: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Published Date: Tue Dec 09 2025 18:16:06 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Dec 10 2025 19:02:35 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Dec 10 2025 19:05:14 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 31 days ago
19. ID: CVE-2025-64447
Assigner: psirt@fortinet.com
Description: A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.
Published Date: Tue Dec 09 2025 18:16:05 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Dec 09 2025 20:40:27 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Dec 09 2025 20:42:16 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 hours
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.1
Base Severity: HIGH
LAST MODIFIED: 31 days ago
20. ID: CVE-2025-62557
Assigner: secure@microsoft.com
Description: Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Published Date: Tue Dec 09 2025 18:16:01 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Dec 10 2025 15:41:46 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Dec 10 2025 15:47:01 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 22 hours
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 31 days ago
21. ID: CVE-2025-62550
Assigner: secure@microsoft.com
Description: Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.
Published Date: Tue Dec 09 2025 18:16:00 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Dec 10 2025 19:23:31 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Dec 10 2025 19:24:59 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 31 days ago
22. ID: CVE-2025-62554
Assigner: secure@microsoft.com
Description: Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Published Date: Tue Dec 09 2025 18:16:00 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Dec 10 2025 18:37:25 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Dec 10 2025 18:39:13 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 31 days ago
23. ID: CVE-2025-62549
Assigner: secure@microsoft.com
Description: Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Published Date: Tue Dec 09 2025 18:15:59 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Dec 24 2025 15:16:01 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 20:06:47 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 4 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 17 days ago
References:
24. ID: CVE-2025-62456
Assigner: secure@microsoft.com
Description: Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.
Published Date: Tue Dec 09 2025 18:15:57 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 20:03:27 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 20:04:48 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 4 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 28 days ago
25. ID: CVE-2025-59719
Assigner: psirt@fortinet.com
Description: An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
Published Date: Tue Dec 09 2025 18:15:55 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Dec 09 2025 19:59:29 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Dec 09 2025 20:01:03 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 hours
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 31 days ago
26. ID: CVE-2025-60024
Assigner: psirt@fortinet.com
Description: Multiple Improper Limitations of a Pathname to a Restricted Directory ('Path Traversal') vulnerabilities [CWE-22] vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 may allow a privileged authenticated attacker to write arbitrary files via specifically HTTP or HTTPS commands
Published Date: Tue Dec 09 2025 18:15:55 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Dec 09 2025 20:25:36 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Dec 09 2025 20:27:09 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 hours
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 31 days ago
27. ID: CVE-2025-59718
Assigner: psirt@fortinet.com
Description: A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
Published Date: Tue Dec 09 2025 18:15:54 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Dec 17 2025 13:54:45 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Dec 09 2025 20:07:02 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 hours
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 24 days ago
28. ID: CVE-2025-20386
Assigner: psirt@cisco.com
Description: In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.
Published Date: Wed Dec 03 2025 17:15:51 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 05 2025 17:51:41 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 05 2025 17:53:20 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8
Base Severity: HIGH
LAST MODIFIED: 36 days ago
29. ID: CVE-2025-64298
Assigner: ics-cert@hq.dhs.gov
Description: NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and configuration files, which can contain sensitive data.
Published Date: Tue Dec 02 2025 21:15:52 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Jan 02 2026 21:02:47 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Jan 02 2026 21:04:54 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 31 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.4
Base Severity: HIGH
LAST MODIFIED: 7 days ago
30. ID: CVE-2025-13638
Assigner: chrome-cve-admin@google.com
Description: Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Published Date: Tue Dec 02 2025 19:15:48 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Dec 04 2025 19:20:42 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Dec 04 2025 19:22:30 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 37 days ago
31. ID: CVE-2025-13639
Assigner: chrome-cve-admin@google.com
Description: Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)
Published Date: Tue Dec 02 2025 19:15:48 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Dec 08 2025 20:15:48 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Dec 04 2025 19:18:14 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Base Score: 8.1
Base Severity: HIGH
LAST MODIFIED: 32 days ago
32. ID: CVE-2025-13720
Assigner: chrome-cve-admin@google.com
Description: Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Published Date: Tue Dec 02 2025 19:15:48 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Dec 04 2025 18:06:43 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Dec 04 2025 18:08:55 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 37 days ago
33. ID: CVE-2025-13631
Assigner: chrome-cve-admin@google.com
Description: Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. (Chromium security severity: High)
Published Date: Tue Dec 02 2025 19:15:47 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Dec 04 2025 19:59:37 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Dec 04 2025 20:02:10 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 36 days ago
34. ID: CVE-2025-13633
Assigner: chrome-cve-admin@google.com
Description: Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Tue Dec 02 2025 19:15:47 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Dec 04 2025 19:54:44 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Dec 04 2025 19:55:25 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 36 days ago
35. ID: CVE-2025-13630
Assigner: chrome-cve-admin@google.com
Description: Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Tue Dec 02 2025 19:15:46 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Dec 04 2025 19:59:59 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Dec 04 2025 20:02:10 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 3 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 36 days ago
36. ID: CVE-2025-64656
Assigner: secure@microsoft.com
Description: Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network.
Published Date: Wed Nov 26 2025 01:16:07 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Dec 08 2025 15:16:23 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Dec 08 2025 15:18:32 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 13 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: LOW
Base Score: 9.4
Base Severity: CRITICAL
LAST MODIFIED: 33 days ago
37. ID: CVE-2025-64657
Assigner: secure@microsoft.com
Description: Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network.
Published Date: Wed Nov 26 2025 01:16:07 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Mon Dec 08 2025 15:16:43 GMT+0000 (Coordinated Universal Time)
Intake Date: Mon Dec 08 2025 15:18:32 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 13 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 33 days ago
38. ID: CVE-2025-62459
Assigner: secure@microsoft.com
Description: Microsoft Defender Portal Spoofing Vulnerability
Published Date: Thu Nov 20 2025 23:15:56 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Dec 10 2025 20:56:50 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Dec 10 2025 20:59:16 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 20 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: LOW
Base Score: 8.3
Base Severity: HIGH
LAST MODIFIED: 30 days ago
39. ID: CVE-2025-64655
Assigner: secure@microsoft.com
Description: Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network.
Published Date: Thu Nov 20 2025 23:15:56 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Dec 10 2025 20:55:07 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Dec 10 2025 20:57:04 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 20 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 30 days ago
40. ID: CVE-2025-62207
Assigner: secure@microsoft.com
Description: Azure Monitor Elevation of Privilege Vulnerability
Published Date: Thu Nov 20 2025 23:15:55 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Dec 16 2025 17:36:35 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Dec 16 2025 17:42:59 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 26 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: NONE
Availability Impact: NONE
Base Score: 8.6
Base Severity: HIGH
LAST MODIFIED: 25 days ago
41. ID: CVE-2025-59245
Assigner: secure@microsoft.com
Description: Microsoft SharePoint Online Elevation of Privilege Vulnerability
Published Date: Thu Nov 20 2025 23:15:52 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Nov 21 2025 19:16:22 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Nov 21 2025 19:17:32 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 21 hours
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 50 days ago
42. ID: CVE-2025-49752
Assigner: secure@microsoft.com
Description: Azure Bastion Elevation of Privilege Vulnerability
Published Date: Thu Nov 20 2025 23:15:51 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Nov 21 2025 19:16:04 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Nov 21 2025 19:17:32 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 21 hours
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: LOW
Base Score: 10
Base Severity: CRITICAL
LAST MODIFIED: 50 days ago
43. ID: CVE-2025-40604
Assigner: PSIRT@sonicwall.com
Description: Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.
Published Date: Thu Nov 20 2025 15:17:28 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Fri Dec 12 2025 15:44:04 GMT+0000 (Coordinated Universal Time)
Intake Date: Fri Dec 12 2025 15:45:43 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 23 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 29 days ago
44. ID: CVE-2025-13316
Assigner: cve@rapid7.com
Description: Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to Twonky Server.
Published Date: Wed Nov 19 2025 18:15:48 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Nov 25 2025 19:36:13 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Nov 25 2025 19:38:35 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 7 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.1
Base Severity: HIGH
LAST MODIFIED: 46 days ago
45. ID: CVE-2025-13315
Assigner: cve@rapid7.com
Description: Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.
Published Date: Wed Nov 19 2025 18:15:47 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Tue Dec 02 2025 16:42:19 GMT+0000 (Coordinated Universal Time)
Intake Date: Tue Dec 02 2025 16:45:54 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 13 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 9.8
Base Severity: CRITICAL
LAST MODIFIED: 39 days ago
46. ID: CVE-2025-58692
Assigner: psirt@fortinet.com
Description: An improper neutralization of special elements used in an SQL Command ("SQL Injection") vulnerability [CWE-89] in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests.
Published Date: Tue Nov 18 2025 17:16:06 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Thu Nov 20 2025 14:36:17 GMT+0000 (Coordinated Universal Time)
Intake Date: Thu Nov 20 2025 14:39:20 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: LOW
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 51 days ago
47. ID: CVE-2025-13229
Assigner: chrome-cve-admin@google.com
Description: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Tue Nov 18 2025 00:15:48 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Nov 19 2025 13:04:25 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Nov 19 2025 13:14:52 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 52 days ago
48. ID: CVE-2025-13230
Assigner: chrome-cve-admin@google.com
Description: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Tue Nov 18 2025 00:15:48 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Nov 19 2025 13:04:15 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Nov 19 2025 13:14:52 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 52 days ago
49. ID: CVE-2025-13226
Assigner: chrome-cve-admin@google.com
Description: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Tue Nov 18 2025 00:15:47 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Nov 19 2025 13:04:51 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Nov 19 2025 13:14:52 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 52 days ago
50. ID: CVE-2025-13227
Assigner: chrome-cve-admin@google.com
Description: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published Date: Tue Nov 18 2025 00:15:47 GMT+0000 (Coordinated Universal Time)
Last Modified Date: Wed Nov 19 2025 13:04:42 GMT+0000 (Coordinated Universal Time)
Intake Date: Wed Nov 19 2025 13:14:52 GMT+0000 (Coordinated Universal Time)
Analysis Latency: 2 days
Privileges Required: NONE
User Interaction: V31Deprecated
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Base Score: 8.8
Base Severity: HIGH
LAST MODIFIED: 52 days ago