Security Vulnerabilities
Use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 146.0.1.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-18
Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 146.0.1.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-12-18
SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-12-18
SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-12-18
CVE-2025-40602
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
Known exploited
CVSS Score
6.6
EPSS Score
0.021
Published
2025-12-18
Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-18
Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-18
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Object Injection.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through <= 1.3.5.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-18
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf-insightly allows Object Injection.This issue affects WP Gravity Forms Insightly: from n/a through <= 1.1.6.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-18
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Object Injection.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through <= 1.2.9.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-12-18