Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2025
Memory corruption while handling IOCTL calls to set mode.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-12-18
Memory corruption while routing GPR packets between user and root when handling large data packet.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-12-18
Information disclosure while processing system calls with invalid parameters.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-12-18
Memory corruption during video playback when video session open fails with time out error.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-12-18
Information disclosure while exposing internal TA-to-TA communication APIs to HLOS
CVSS Score
6.7
EPSS Score
0.001
Published
2025-12-18
CVE-2025-68461
Known exploited
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.
CVSS Score
7.2
EPSS Score
0.198
Published
2025-12-18
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.
CVSS Score
7.2
EPSS Score
0.002
Published
2025-12-18
A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment leads to code injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
CVSS Score
2.1
EPSS Score
0.004
Published
2025-12-18
A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
2.0
EPSS Score
0.004
Published
2025-12-18
Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior to versions 7.6.21, 8.6.15, 9.1.17, and 10.1.10 relates to Storybook’s handling of environment variables defined in a `.env` file, which could, in specific circumstances, lead to those variables being unexpectedly bundled into the artifacts created by the `storybook build` command. When a built Storybook is published to the web, the bundle’s source is viewable, thus potentially exposing those variables to anyone with access. For a project to potentially be vulnerable to this issue, it must build the Storybook (i.e. run `storybook build` directly or indirectly) in a directory that contains a `.env` file (including variants like `.env.local`) and publish the built Storybook to the web. Storybooks built without a `.env` file at build time are not affected, including common CI-based builds where secrets are provided via platform environment variables rather than `.env` files. Storybook runtime environments (i.e. `storybook dev`) are not affected. Deployed applications that share a repo with your Storybook are not affected. Users should upgrade their Storybook—on both their local machines and CI environment—to version .6.21, 8.6.15, 9.1.17, or 10.1.10 as soon as possible. Maintainers additionally recommend that users audit for any sensitive secrets provided via `.env` files and rotate those keys. Some projects may have been relying on the undocumented behavior at the heart of this issue and will need to change how they reference environment variables after this update. If a project can no longer read necessary environmental variable values, either prefix the variables with `STORYBOOK_` or use the `env` property in Storybook’s configuration to manually specify values. In either case, do not include sensitive secrets as they will be included in the built bundle.
CVSS Score
7.3
EPSS Score
0.002
Published
2025-12-17


Contact Us

Shodan ® - All rights reserved