Skip to main content
CVE-2025-21124 MEDIUM This Month

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Indesign
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-1231 MEDIUM This Month

Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an authenticated user to reuse the oracle user password after check-in due to crash in the password reset. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Devolutions Server
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-24437 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Commerce B2b Magento
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-0054 MEDIUM This Month

SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Java
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-25241 MEDIUM This Month

Due to a missing authorization check, an attacker who is logged in to application can view/ delete �My Overtime Requests� which could allow the attacker to access employee information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-53977 MEDIUM This Month

A vulnerability has been identified in ModelSim (All versions < V2025.1), Questa (All versions < V2025.1). Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Modelsim Questa
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-24425 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Commerce B2b Magento
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-21259 MEDIUM PATCH This Month

Microsoft Outlook Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Outlook
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-44336 MEDIUM This Month

An issue in AnkiDroid Android Application v2.17.6 allows attackers to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save it into publicly available storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-23193 MEDIUM PATCH This Month

SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SAP Information Disclosure Sap Basis
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-24532 MEDIUM This Month

A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Siemens
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2023-20582 MEDIUM This Month

Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a. Rated medium severity (CVSS 5.3). No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2022-35202 MEDIUM This Month

A security issue in Sitevision version 10.3.1 and older allows a remote attacker, in certain (non-default) scenarios, to gain access to the private keys used for signing SAML Authn requests. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java
NVD VulDB
CVSS 3.1
5.1
EPSS
0.3%
CVE-2025-25524 MEDIUM This Month

Buffer overflow vulnerability in TOTOLink X6000R routers V9.4.0cu.652_B20230116 due to the lack of length verification, which is related to the addition of Wi-Fi filtering rules. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow X6000r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-25529 MEDIUM This Month

Buffer overflow vulnerability in Digital China DCBC Gateway 200-2.1.1 due to the lack of length verification, which is related to the configuration of static NAT rules. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-25527 MEDIUM This Month

Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.3(4b12) due to the lack of length verification, which is related to the configuration of source address NAT rules. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rg Nbr2600S Firmware
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-25525 MEDIUM This Month

Buffer overflow vulnerability in H3C FA3010L access points SWFA1B0V100R005 due to the lack of length verification, which is related to the setting of firewall rules. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2024-53651 MEDIUM This Month

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-0862 MEDIUM This Month

The SuperSaaS - online appointment scheduling plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘after’ parameter in all versions up to, and including, 2.1.12 due to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Google WordPress XSS Chrome PHP
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-21179 MEDIUM PATCH This Month

DHCP Client Service Denial of Service Vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Denial Of Service Windows 11 24h2 Windows Server 2025 +1
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-45718 MEDIUM This Month

Sensitive data could be exposed to non- privileged users in a configuration file. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-24807 MEDIUM PATCH This Month

eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity.

Denial Of Service Fast Dds
NVD GitHub
CVSS 4.0
4.5
EPSS
0.1%
CVE-2025-24423 MEDIUM This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Privilege Escalation Commerce B2b
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2025-24435 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Privilege Escalation Commerce Commerce B2b +1
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24420 MEDIUM This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce B2b
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24419 MEDIUM This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce B2b
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24436 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11, 2.4.8-beta1 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Commerce B2b Magento
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-24421 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Commerce B2b Magento
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2019-15002 MEDIUM This Month

An exploitable CSRF vulnerability exists in Atlassian Jira, from versions 7.6.4 to 8.1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian CSRF Jira Data Center Jira Server
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-23189 MEDIUM This Month

Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-24872 MEDIUM This Month

The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-24869 MEDIUM This Month

SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose information about deployed server components, including their XML definitions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Java
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-23190 MEDIUM This Month

Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-33504 MEDIUM This Month

A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortimanager Fortimanager Cloud
NVD GitHub
CVSS 3.1
4.1
EPSS
0.0%
CVE-2024-51324 LOW Monitor

An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-24430 LOW PATCH Monitor

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Adobe Authentication Bypass Commerce Commerce B2b Magento
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2024-52606 LOW Monitor

SolarWinds Platform is affected by server-side request forgery vulnerability. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

SSRF Solarwinds Platform
NVD
CVSS 3.1
3.5
EPSS
0.4%
CVE-2025-24429 LOW PATCH Monitor

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Commerce B2b Magento
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2024-52611 LOW Monitor

The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Solarwinds Platform
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2024-12548 LOW Monitor

Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure RCE Power Pdf
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-21337 LOW PATCH Monitor

Windows NTFS Elevation of Privilege Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-31331 LOW Monitor

Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of. Rated low severity (CVSS 3.0). No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
3.0
EPSS
0.1%
CVE-2025-1211 LOW Monitor

Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF
NVD GitHub
CVSS 4.0
2.9
EPSS
0.0%
CVE-2023-20581 LOW Monitor

Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity. Rated low severity (CVSS 2.5). No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
2.5
EPSS
0.0%
CVE-2025-0525 LOW Monitor

In affected versions of Octopus Server the preview import feature could be leveraged to identify the existence of a target file. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Octopus Server
NVD
CVSS 4.0
2.3
EPSS
0.2%
CVE-2025-0526 LOW Monitor

In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Octopus Server
NVD
CVSS 4.0
2.3
EPSS
0.1%
CVE-2023-20507 LOW Monitor

An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow
NVD
CVSS 3.1
2.3
EPSS
0.1%
CVE-2024-52966 LOW Monitor

An exposure of sensitive information to an unauthorized actor in Fortinet FortiAnalyzer 6.4.0 through 7.6.0 allows attacker to cause information disclosure via filter manipulation. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortianalyzer
NVD
CVSS 3.1
2.3
EPSS
0.0%
CVE-2024-27780 LOW Monitor

Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page. Rated low severity (CVSS 2.2). No vendor patch available.

XSS Fortisiem
NVD
CVSS 3.1
2.2
EPSS
0.2%
CVE-2025-0513 LOW Monitor

In affected versions of Octopus Server error messages were handled unsafely on the error page. Rated low severity (CVSS 1.8), this vulnerability is remotely exploitable. No vendor patch available.

XSS Octopus Server
NVD
CVSS 4.0
1.8
EPSS
0.1%
Prev Page 5 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy