Skip to main content
CVE-2024-13842 MEDIUM This Month

A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-13843 MEDIUM This Month

Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-36508 MEDIUM This Month

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Fortinet Fortimanager Fortianalyzer
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2025-21350 MEDIUM PATCH This Month

Windows Kerberos Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2025-21188 MEDIUM PATCH This Month

Azure Network Watcher VM Extension Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Microsoft Information Disclosure Azure Network Watcher
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-54090 MEDIUM This Month

A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Buffer Overflow
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2023-31352 MEDIUM This Month

A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-0588 MEDIUM This Month

In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Denial Of Service Octopus Server
NVD
CVSS 4.0
5.9
EPSS
0.4%
CVE-2025-25523 MEDIUM This Month

Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart Switch v1(1.00.023) due to the lack of length verification, which is related to the mobile access point setup operation. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Teg 40128 Firmware
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-20515 MEDIUM This Month

Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-24428 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2024-11771 MEDIUM This Month

Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Cloud Services Appliance
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2025-21162 MEDIUM This Month

Photoshop Elements versions 2025.0 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Photoshop Elements
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-28989 MEDIUM This Month

SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Web Help Desk
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21155 MEDIUM This Month

Substance3D - Stager versions 3.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Substance 3d Stager
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21125 MEDIUM This Month

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Indesign
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21126 MEDIUM This Month

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service condition. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Indesign
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21124 MEDIUM This Month

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Indesign
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-1231 MEDIUM This Month

Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Devolutions Server
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-24437 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Commerce B2b Magento
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-0054 MEDIUM This Month

SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Java
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-25241 MEDIUM This Month

Due to a missing authorization check, an attacker who is logged in to application can view/ delete �My Overtime Requests� which could allow the attacker to access employee information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-53977 MEDIUM This Month

A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Modelsim Questa
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-24425 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Commerce B2b Magento
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-21259 MEDIUM PATCH This Month

Microsoft Outlook Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Outlook
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-44336 MEDIUM This Month

An issue in AnkiDroid Android Application v2.17.6 allows attackers to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save it into publicly available storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-23193 MEDIUM PATCH This Month

SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SAP Information Disclosure Sap Basis
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-24532 MEDIUM This Month

A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Siemens
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2023-20582 MEDIUM This Month

Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a. Rated medium severity (CVSS 5.3). No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2022-35202 MEDIUM This Month

A security issue in Sitevision version 10.3.1 and older allows a remote attacker, in certain (non-default) scenarios, to gain access to the private keys used for signing SAML Authn requests. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java
NVD VulDB
CVSS 3.1
5.1
EPSS
0.3%
CVE-2025-25524 MEDIUM This Month

Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow X6000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-25529 MEDIUM This Month

Buffer overflow vulnerability in Digital China DCBC Gateway 200-2.1.1 due to the lack of length verification, which is related to the configuration of static NAT rules. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-25527 MEDIUM This Month

Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.3(4b12) due to the lack of length verification, which is related to the configuration of source address NAT rules. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rg Nbr2600S Firmware
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-25525 MEDIUM This Month

Buffer overflow vulnerability in H3C FA3010L access points SWFA1B0V100R005 due to the lack of length verification, which is related to the setting of firewall rules. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2024-53651 MEDIUM This Month

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-0862 MEDIUM This Month

The SuperSaaS - online appointment scheduling plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘after’ parameter in all versions up to, and including, 2.1.12 due to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Google WordPress XSS Chrome PHP
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-21179 MEDIUM PATCH This Month

DHCP Client Service Denial of Service Vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Denial Of Service Windows 11 24h2 Windows Server 2025 +1
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-45718 MEDIUM This Month

Sensitive data could be exposed to non- privileged users in a configuration file. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-24807 MEDIUM PATCH This Month

eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity.

Denial Of Service Fast Dds
NVD GitHub
CVSS 4.0
4.5
EPSS
0.1%
CVE-2025-24423 MEDIUM This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Privilege Escalation Commerce B2b
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2025-24435 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Privilege Escalation Commerce Commerce B2b +1
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24420 MEDIUM This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce B2b
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24419 MEDIUM This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce B2b
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24436 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Commerce B2b Magento
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24421 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Commerce B2b Magento
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2019-15002 MEDIUM This Month

An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian CSRF Jira Data Center Jira Server
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-23189 MEDIUM This Month

Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-24872 MEDIUM This Month

The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-24869 MEDIUM This Month

SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose information about deployed server components, including their XML definitions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Java
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-23190 MEDIUM This Month

Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy