NVD disclosure day

Published threat advisories for December 10, 2025

CVE advisoryKnown Exploit

CVE-2025-8110

Gogs PutContents API Vulnerability Allows Code Execution.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Gogs' PutContents API allows for code execution due to improper symbolic link handling. This impacts organizations by potentially allowing attackers to compromise systems and data. The realistic business risk is significant, as exploitation can lead to unauthorized control.

NVD published: • CISA KEV
CVE advisoryCRITICAL

CVE-2025-14087

GLib could allow an external attacker to cause system outages or take control of systems

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

An external attacker can send malicious data to applications running the widely used GLib Linux library. This can trigger crashes that result in system outages, or allow the attacker to execute unauthorized commands and take complete control of the affected systems.

NVD published: