CVE-2025-46276 - An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to access sensitive user data.
Published: December 12, 2025; 4:15:57 PM -0500

V3.1: 5.5 MEDIUM

CVE-2025-43522 - A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.3. An app may be able to access user-sensitive data.
Published: December 12, 2025; 4:15:57 PM -0500

CVE-2025-43518 - A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to inappropriately access files through the spellcheck API.
Published: December 12, 2025; 4:15:56 PM -0500

CVE-2025-43516 - A session management issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. A user with Voice Control enabled may be able to transcribe another user's activity.
Published: December 12, 2025; 4:15:56 PM -0500

CVE-2025-59803 - Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears... read CVE-2025-59803
Published: December 11, 2025; 11:16:27 AM -0500

CVE-2025-43738 - A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 thr... read CVE-2025-43738
Published: August 19, 2025; 12:15:26 PM -0400

V3.1: 5.4 MEDIUM

CVE-2025-67740 - In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
Published: December 11, 2025; 11:16:35 AM -0500

V3.1: 5.3 MEDIUM

CVE-2025-43737 - A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via _com_liferay_journa... read CVE-2025-43737
Published: August 19, 2025; 3:15:35 PM -0400

V3.1: 5.4 MEDIUM

CVE-2025-67741 - In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
Published: December 11, 2025; 11:16:35 AM -0500

V3.1: 5.4 MEDIUM

CVE-2025-67742 - In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
Published: December 11, 2025; 11:16:35 AM -0500

V3.1: 7.5 HIGH

CVE-2025-43745 - A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2... read CVE-2025-43745
Published: August 19, 2025; 3:15:35 PM -0400

V3.1: 6.5 MEDIUM

CVE-2025-43743 - Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows any auth... read CVE-2025-43743
Published: August 19, 2025; 4:15:31 PM -0400

V3.1: 4.3 MEDIUM

CVE-2025-43744 - A stored DOM-based Cross-Site Scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 ... read CVE-2025-43744
Published: August 19, 2025; 4:15:31 PM -0400

V3.1: 5.4 MEDIUM

CVE-2024-43187 - IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Published: February 04, 2025; 4:15:26 PM -0500

V3.1: 7.5 HIGH

CVE-2024-45657 - IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.
Published: February 04, 2025; 4:15:26 PM -0500

V3.1: 6.7 MEDIUM

CVE-2024-45659 - IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against t... read CVE-2024-45659
Published: February 04, 2025; 1:15:34 PM -0500

CVE-2024-40700 - IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended funct... read CVE-2024-40700
Published: February 04, 2025; 4:15:26 PM -0500

CVE-2025-56130 - OS Command Injection vulnerability in Ruijie RG-S1930 S1930SWITCH_3.0(1)B11P230 allowing attackers to execute arbitrary commands via a crafted POST request to the module_update in file /usr/local/lua/dev_config/ace_sw.lua.
Published: December 11, 2025; 2:15:58 PM -0500

CVE-2025-56129 - OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_diagnosis in file /usr/lib/lua/luci/controller/admin/diagnosis.lua.
Published: December 11, 2025; 2:15:58 PM -0500

CVE-2024-42936 - The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message.
Published: January 21, 2025; 3:15:30 PM -0500