Total
4359 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29060 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-12-17 | 6.7 Medium |
| Visual Studio Elevation of Privilege Vulnerability | ||||
| CVE-2025-24989 | 1 Microsoft | 1 Power Pages | 2025-12-17 | 8.2 High |
| An improper access control vulnerability in Power Pages allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. This vulnerability has already been mitigated in the service and all affected customers have been notified. This update addressed the registration control bypass. Affected customers have been given instructions on reviewing their sites for potential exploitation and clean up methods. If you've not been notified this vulnerability does not affect you. | ||||
| CVE-2025-24042 | 1 Microsoft | 2 Visual Studio Code, Vscode-js-debug | 2025-12-17 | 7.3 High |
| Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability | ||||
| CVE-2025-21359 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2025-12-17 | 7.8 High |
| Windows Kernel Security Feature Bypass Vulnerability | ||||
| CVE-2025-21337 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2025-12-17 | 3.3 Low |
| Windows NTFS Elevation of Privilege Vulnerability | ||||
| CVE-2025-26645 | 1 Microsoft | 28 Remote Desktop, Remote Desktop Client, Windows 10 1507 and 25 more | 2025-12-17 | 8.8 High |
| Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-24994 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 3 more | 2025-12-17 | 7.3 High |
| Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24076 | 1 Microsoft | 9 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 6 more | 2025-12-17 | 7.3 High |
| Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-43518 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-17 | 3.3 Low |
| A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3. An app may be able to inappropriately access files through the spellcheck API. | ||||
| CVE-2025-43513 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-17 | 5.5 Medium |
| A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to read sensitive location information. | ||||
| CVE-2025-43502 | 1 Apple | 5 Ios, Ipados, Iphone Os and 2 more | 2025-12-17 | 7.5 High |
| A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, Safari 26.1. An app may be able to bypass certain Privacy preferences. | ||||
| CVE-2025-43476 | 1 Apple | 1 Macos | 2025-12-17 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to break out of its sandbox. | ||||
| CVE-2025-43416 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-17 | 9.8 Critical |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access protected user data. | ||||
| CVE-2025-43412 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-17 | 6.3 Medium |
| A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to break out of its sandbox. | ||||
| CVE-2025-43408 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-12-17 | 2.4 Low |
| This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An attacker with physical access may be able to access contacts from the lock screen. | ||||
| CVE-2025-43337 | 1 Apple | 1 Macos | 2025-12-17 | 5.5 Medium |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26, macOS Sequoia 15.7.2. An app may be able to access sensitive user data. | ||||
| CVE-2025-43294 | 1 Apple | 1 Macos | 2025-12-17 | 3.3 Low |
| An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in tvOS 26.1, macOS Tahoe 26, watchOS 26.1, iOS 26.1 and iPadOS 26.1. An app may be able to access sensitive user data. | ||||
| CVE-2025-47221 | 1 Keyfactor | 1 Signserver | 2025-12-17 | 5.3 Medium |
| An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISK_FILENAME-PATTERN, ARCHIVETODISK_PATH_BASE, ARCHIVETODISK_PATH_PATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admin access the possibility to write files in arbitrary directories in the server file system and potentially overwrite files accessible by the local user JBoss. | ||||
| CVE-2025-47222 | 1 Keyfactor | 1 Signserver | 2025-12-17 | 6.5 Medium |
| A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information about the classes loaded in the application or not to the clientside. | ||||
| CVE-2025-47220 | 1 Keyfactor | 1 Signserver | 2025-12-17 | 5.3 Medium |
| A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLE_SIGNATURE_CUSTOM_IMAGE_PATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an existing file, readable by the user running the application server, but is not a recognized image format, it will return this as an error to the clientside, confirming the existences of the file. | ||||