Security Vulnerabilities
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized user settings data.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-18
Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-12-18
Improper neutralization of input during web page generation ('cross-site scripting') in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
8.2
EPSS Score
0.001
Published
2025-12-18
Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network.
CVSS Score
10.0
EPSS Score
0.001
Published
2025-12-18
Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
10.0
EPSS Score
0.001
Published
2025-12-18
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS Score
3.1
EPSS Score
0.0
Published
2025-12-18
Custom Question Answering Elevation of Privilege Vulnerability
CVSS Score
9.9
EPSS Score
0.001
Published
2025-12-18
'.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-12-18
Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the sc_device_msg_deserialize() function. A compromised device can send crafted messages that cause out-of-bounds reads, which may result in memory corruption or a denial-of-service condition. This vulnerability may allow further exploitation on the host system.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-12-18
merbanan/rtl_433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parse_rfraw() located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a stack buffer, resulting in memory corruption or a crash. This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-12-18