CVE-2025-66415 - fastify-reply-from bypass of reply forwarding
CVE ID : CVE-2025-66415
Published : Dec. 1, 2025, 11:15 p.m. | 2 hours, 18 minutes ago
Description : fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66415
Published : Dec. 1, 2025, 11:15 p.m. | 2 hours, 18 minutes ago
Description : fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66448 - vLLM vulnerable to remote code execution via transformers_utils/get_config
CVE ID : CVE-2025-66448
Published : Dec. 1, 2025, 11:15 p.m. | 2 hours, 18 minutes ago
Description : vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. This vulnerability is fixed in 0.11.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66448
Published : Dec. 1, 2025, 11:15 p.m. | 2 hours, 18 minutes ago
Description : vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. This vulnerability is fixed in 0.11.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20757 - "Qualcomm Modem Denial of Service Remote Vulnerability"
CVE ID : CVE-2025-20757
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673751; Issue ID: MSV-4644.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20757
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673751; Issue ID: MSV-4644.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20758 - "Motorola Modem Denial of Service Vulnerability"
CVE ID : CVE-2025-20758
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20758
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20759 - Huawei Modem Out-of-Bounds Read Remote Denial of Service Vulnerability
CVE ID : CVE-2025-20759
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673760; Issue ID: MSV-4650.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20759
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673760; Issue ID: MSV-4650.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20763 - mmdvfs Out-of-Bounds Write Privilege Escalation
CVE ID : CVE-2025-20763
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In mmdvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10267218; Issue ID: MSV-5032.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20763
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In mmdvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10267218; Issue ID: MSV-5032.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20764 - Apache Struts Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-20764
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In smi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10259774; Issue ID: MSV-5029.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20764
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In smi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10259774; Issue ID: MSV-5029.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20765 - Apache EE Daemon Race Condition Denial of Service
CVE ID : CVE-2025-20765
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10190802; Issue ID: MSV-4833.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20765
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10190802; Issue ID: MSV-4833.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20766 - Adobe Acrobat Memory Corruption Privilege Escalation Vulnerability
CVE ID : CVE-2025-20766
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4820.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20766
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4820.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20767 - Apple Safari Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-20767
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4807.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20767
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4807.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20768 - Adobe Display Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-20768
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4805.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20768
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4805.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20769 - HP Display Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-20769
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4804.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20769
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4804.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20770 - IBM ThinkPad Display Use After Free Local Privilege Escalation Vulnerability
CVE ID : CVE-2025-20770
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4803.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20770
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4803.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20771 - Adobe Flash Escalation of Privilege Vulnerability
CVE ID : CVE-2025-20771
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4802.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20771
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4802.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20772 - Windows System Use-After-Free Local Privilege Escalation Vulnerability in Display
CVE ID : CVE-2025-20772
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4801.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20772
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4801.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20773 - Samsung Display Use After Free Local Privilege Escalation
CVE ID : CVE-2025-20773
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4797.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20773
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4797.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20774 - Apple Display Out of Bounds Write Local Privilege Escalation
CVE ID : CVE-2025-20774
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20774
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20775 - Microsoft Windows Display Use After Free Local Privilege Escalation
CVE ID : CVE-2025-20775
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20775
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20776 - Apple Display Out-of-Bounds Read Local Privilege Escalation Vulnerability
CVE ID : CVE-2025-20776
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184297; Issue ID: MSV-4759.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20776
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184297; Issue ID: MSV-4759.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20777 - Apple Display Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-20777
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4752.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20777
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4752.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20788 - NVIDIA GPU pdma Missing Permission Check Memory Corruption Denial of Service Vulnerability
CVE ID : CVE-2025-20788
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID: MSV-4539.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20788
Published : Dec. 2, 2025, 3:16 a.m. | 2 hours, 19 minutes ago
Description : In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID: MSV-4539.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...