Vulnerability Summary for the Week of December 22, 2025

2025-12-29 22:12

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source Info	Patch Info
9786–phpok3w	A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.	2025-12-28	7.3	CVE-2025-15142	VDB-338520 \| 9786 phpok3w show.php sql injection VDB-338520 \| CTI Indicators (IOB, IOC, TTP, IOA) Submit #715574 \| phpok3w 1.0 SQL Injection https://gitee.com/9786/phpok3w/issues/IDD1IZ
Alteryx–Server	A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrading to version 2023.1.1.13.486, 2023.2.1.10.293, 2024.1.1.9.236, 2024.2.1.6.125 and 2025.1.1.1.31 can resolve this issue. Upgrading the affected component is recommended.	2025-12-26	7.3	This article has been indexed from Bulletins Read the original article: Vulnerability Summary for the Week of December 22, 2025 Share this: Facebook X LinkedIn Like this: Like Loading... Related Tags: Bulletins EN Post navigation ← Ubisoft Shuts Down Rainbow Six Siege After MongoDB Exploit Hits Players OpenAI Hardens ChatGPT Atlas Against Prompt Injection Attacks → Search for: Pages Advertising Contact Legal and Contact information Opt-out preferences Privacy Policy Social Media Apps Telegram Channel Recent Posts Indian cops cuff ex-Coinbase rep over selling customer info to crims December 29, 2025 Aflac Data Breach Exposes 22M People in Major Cyber Breach December 29, 2025 CISA Adds One Known Exploited Vulnerability to Catalog December 29, 2025 NDSS 2025 – Rondo: Scalable And Reconfiguration-Friendly Randomness Beacon December 29, 2025 New Google-Themed Phishing Wave Hits Over 3,000 Global Organisations December 29, 2025 Top web app security vulnerabilities and how to mitigate them December 29, 2025 Happy 16th Birthday, KrebsOnSecurity.com! December 29, 2025 New Phishing Kit with AI-assisted Development Attacking Microsoft Users to Steal Logins December 29, 2025 Silver Fox Hackers Attacking Indian Entities with Income Tax Phishing Lures December 29, 2025 IT Security News Hourly Summary 2025-12-29 21h : 6 posts December 29, 2025 How to Spot the Most Common Crypto Phishing Scams December 29, 2025 Coupang to Pay $1.1 Billion in Compensation to Users After Data Breach December 29, 2025 OpenAI Hardens ChatGPT Atlas Against Prompt Injection Attacks December 29, 2025 Vulnerability Summary for the Week of December 22, 2025 December 29, 2025 Ubisoft Shuts Down Rainbow Six Siege After MongoDB Exploit Hits Players December 29, 2025 Crims disconnect Wired subscribers from their privacy, publish deets online December 29, 2025 Google to Finally Let Users Change Their Gmail Address. Here’s How It Works December 29, 2025 TeamViewer DEX Bugs Enable DoS and Local Network Attacks December 29, 2025 Windows Event Logs Reveal the Messy Reality Behind ‘Sophisticated’ Cyberattacks December 29, 2025 Question on Open Source Tools December 29, 2025 Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com. Manage Consent To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions. Functional Functional Always active The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. Preferences Preferences The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user. Statistics Statistics The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you. Marketing Marketing The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes. Manage options Manage services Manage {vendor_count} vendors Read more about these purposes View preferences {title} {title} {title}