Security Vulnerabilities - Known exploited
CVE-2025-37164
A remote code execution issue exists in HPE OneView.
Known exploited
CVSS Score
10.0
EPSS Score
0.842
Published
2025-12-16
CVE-2025-43520
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.
Known exploited
CVSS Score
5.5
EPSS Score
0.003
Published
2025-12-12
CVE-2025-43510
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may cause unexpected changes in memory shared between processes.
Known exploited
CVSS Score
7.8
EPSS Score
0.003
Published
2025-12-12
CVE-2025-14611
Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise.
Known exploited
CVSS Score
7.1
EPSS Score
0.583
Published
2025-12-12
CVE-2025-14174
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
8.8
EPSS Score
0.01
Published
2025-12-12
CVE-2025-8110
Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
Known exploited
CVSS Score
8.7
EPSS Score
0.228
Published
2025-12-10
CVE-2025-62221
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.032
Published
2025-12-09
CVE-2025-59718
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message.
Known exploited
CVSS Score
9.8
EPSS Score
0.063
Published
2025-12-09
CVE-2025-48633
In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Known exploited
CVSS Score
5.5
EPSS Score
0.001
Published
2025-12-08
CVE-2025-48572
In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Known exploited
CVSS Score
7.8
EPSS Score
0.002
Published
2025-12-08