Total
35212 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-58485 | 1 Samsung | 1 Internet | 2025-12-03 | 5.5 Medium |
| Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script. | ||||
| CVE-2025-58486 | 1 Samsung | 1 Account | 2025-12-03 | 4 Medium |
| Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script. | ||||
| CVE-2025-58487 | 1 Samsung | 1 Account | 2025-12-03 | 4 Medium |
| Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege. | ||||
| CVE-2023-0661 | 1 Devolutions | 1 Devolutions Server | 2025-12-03 | 6.5 Medium |
| Improper access control in Devolutions Server allows an authenticated user to access unauthorized sensitive data. | ||||
| CVE-2025-13765 | 1 Devolutions | 1 Devolutions Server | 2025-12-03 | 4.3 Medium |
| Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9. | ||||
| CVE-2024-9358 | 1 Thingsboard | 1 Thingsboard | 2025-12-03 | 5.3 Medium |
| A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP RPC API. The manipulation leads to resource consumption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.7.1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed on 2024-07-24 about this vulnerability and announced the release of 3.7.1 for the second half of September 2024. | ||||
| CVE-2021-43666 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2025-12-02 | 7.5 High |
| A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0. | ||||
| CVE-2025-64515 | 1 Maykinmedia | 1 Open Forms | 2025-12-02 | 4.3 Medium |
| Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields are marked as readonly and cannot be modified through the user interface. This issue has been patched in versions 3.2.7 and 3.3.3. | ||||
| CVE-2023-53169 | 1 Linux | 1 Linux Kernel | 2025-12-02 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Clear staged_config[] before and after it is used As a temporary storage, staged_config[] in rdt_domain should be cleared before and after it is used. The stale value in staged_config[] could cause an MSR access error. Here is a reproducer on a system with 16 usable CLOSIDs for a 15-way L3 Cache (MBA should be disabled if the number of CLOSIDs for MB is less than 16.) : mount -t resctrl resctrl -o cdp /sys/fs/resctrl mkdir /sys/fs/resctrl/p{1..7} umount /sys/fs/resctrl/ mount -t resctrl resctrl /sys/fs/resctrl mkdir /sys/fs/resctrl/p{1..8} An error occurs when creating resource group named p8: unchecked MSR access error: WRMSR to 0xca0 (tried to write 0x00000000000007ff) at rIP: 0xffffffff82249142 (cat_wrmsr+0x32/0x60) Call Trace: <IRQ> __flush_smp_call_function_queue+0x11d/0x170 __sysvec_call_function+0x24/0xd0 sysvec_call_function+0x89/0xc0 </IRQ> <TASK> asm_sysvec_call_function+0x16/0x20 When creating a new resource control group, hardware will be configured by the following process: rdtgroup_mkdir() rdtgroup_mkdir_ctrl_mon() rdtgroup_init_alloc() resctrl_arch_update_domains() resctrl_arch_update_domains() iterates and updates all resctrl_conf_type whose have_new_ctrl is true. Since staged_config[] holds the same values as when CDP was enabled, it will continue to update the CDP_CODE and CDP_DATA configurations. When group p8 is created, get_config_index() called in resctrl_arch_update_domains() will return 16 and 17 as the CLOSIDs for CDP_CODE and CDP_DATA, which will be translated to an invalid register - 0xca0 in this scenario. Fix it by clearing staged_config[] before and after it is used. [reinette: re-order commit tags] | ||||
| CVE-2025-33191 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2025-12-02 | 5.7 Medium |
| NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2025-33193 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2025-12-02 | 5.7 Medium |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper validation of integrity. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2025-61619 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-61618 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-61617 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-61610 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-61609 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-61608 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-61607 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-3012 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In dpc modem, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed | ||||
| CVE-2025-11133 | 2 Google, Unisoc | 5 Android, T8100, T8200 and 2 more | 2025-12-02 | 7.5 High |
| In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed | ||||