Skip to main content
CVE-2025-21349 MEDIUM PATCH This Month

Windows Remote Desktop Configuration Service Tampering Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-26409 MEDIUM This Month

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-24874 MEDIUM This Month

SAP Commerce (Backoffice) uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SAP XSS
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-24875 MEDIUM This Month

SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None (SameSite=None). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SAP CSRF
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-52968 MEDIUM This Month

An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Fortinet Forticlient macOS
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2023-40721 MEDIUM This Month

A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Fortinet Fortios Fortiswitchmanager Fortiproxy +1
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-40586 MEDIUM This Month

An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Fortinet Forticlient Windows
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-24976 MEDIUM PATCH This Month

Distribution is a toolkit to pack, ship, store, and deliver container content. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Suse
NVD GitHub
CVSS 4.0
6.6
EPSS
0.1%
CVE-2024-50569 MEDIUM This Month

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Fortinet Fortiweb
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-24408 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Information Exposure vulnerability that could result in privilege escalation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Adobe Privilege Escalation Commerce +2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2025-21352 MEDIUM PATCH This Month

Internet Connection Sharing (ICS) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-24424 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce B2b
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-24426 MEDIUM This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce B2b
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24422 MEDIUM This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce B2b
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-24427 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Commerce B2b Magento
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-21212 MEDIUM PATCH This Month

Internet Connection Sharing (ICS) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Denial Of Service Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-21254 MEDIUM PATCH This Month

Internet Connection Sharing (ICS) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Denial Of Service Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-21216 MEDIUM PATCH This Month

Internet Connection Sharing (ICS) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Denial Of Service Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-55212 MEDIUM This Month

DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerability via the Categorys parameter at /DNNGo_xBlog/Resource_Service.aspx. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-37660 MEDIUM PATCH This Month

In hostapd 2.10 and earlier, the PKEX code remains active even after a successful PKEX association. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Hostapd
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-12797 MEDIUM POC PATCH This Month

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.8%
CVE-2024-13506 MEDIUM This Month

The GeoDirectory - WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the display_name profile parameter in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-12599 MEDIUM PATCH This Month

The HT Mega - Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-1180 LOW POC Monitor

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Binutils
NVD VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-1182 LOW POC Monitor

A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Binutils
NVD VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-1179 LOW POC Monitor

A vulnerability was found in GNU Binutils 2.43. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Binutils
NVD VulDB
CVSS 4.0
2.3
EPSS
0.1%
CVE-2025-1145 MEDIUM This Month

NetVision Information ISOinsight has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2025-24867 MEDIUM This Month

SAP BusinessObjects Platform (BI Launchpad) does not sufficiently handle user input, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-23363 MEDIUM This Month

A vulnerability has been identified in Teamcenter V14.1 (All versions), Teamcenter V14.2 (All versions), Teamcenter V14.3 (All versions < V14.3.0.14), Teamcenter V2312 (All versions < V2312.0010),. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Teamcenter
NVD
CVSS 4.0
6.1
EPSS
0.3%
CVE-2024-13830 MEDIUM This Month

Reflected XSS in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote unauthenticated attacker to obtain admin privileges. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti XSS Connect Secure Policy Secure
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-26408 MEDIUM This Month

The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-12833 MEDIUM This Month

Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass XSS Prtg Network Monitor
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-21347 MEDIUM PATCH This Month

Windows Deployment Services Denial of Service Vulnerability. Rated medium severity (CVSS 6.0).

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2024-13842 MEDIUM This Month

A hardcoded key in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read sensitive data. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-13843 MEDIUM This Month

Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local authenticated attacker with admin privileges to read. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-36508 MEDIUM This Month

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Fortinet Fortimanager Fortianalyzer
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2025-21350 MEDIUM PATCH This Month

Windows Kerberos Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2025-21188 MEDIUM PATCH This Month

Azure Network Watcher VM Extension Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Microsoft Information Disclosure Azure Network Watcher
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-54090 MEDIUM This Month

A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Buffer Overflow
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2023-31352 MEDIUM This Month

A bug in the SEV firmware may allow an attacker with privileges to read unencrypted memory, potentially resulting in loss of guest private data. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-0588 MEDIUM This Month

In affected versions of Octopus Server it was possible for a user with sufficient access to set custom headers in all server responses. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Denial Of Service Octopus Server
NVD
CVSS 4.0
5.9
EPSS
0.4%
CVE-2025-25523 MEDIUM This Month

Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart Switch v1(1.00.023) due to the lack of length verification, which is related to the mobile access point setup operation. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Teg 40128 Firmware
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-20515 MEDIUM This Month

Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-24428 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2024-11771 MEDIUM This Month

Path traversal in Ivanti CSA before version 5.0.5 allows a remote unauthenticated attacker to access restricted functionality. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Cloud Services Appliance
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2025-21162 MEDIUM This Month

Photoshop Elements versions 2025.0 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Photoshop Elements
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-28989 MEDIUM This Month

SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Web Help Desk
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21155 MEDIUM This Month

Substance3D - Stager versions 3.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Substance 3d Stager
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21125 MEDIUM This Month

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Indesign
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21126 MEDIUM This Month

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service condition. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Indesign
NVD
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 4 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy