Skip to main content
CVE-2025-28926 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in popeating Post Read Time allows Stored XSS. This issue affects Post Read Time: from n/a through 1.2.6. [CVSS 5.9 MEDIUM]

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-28914 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Sharma wordpress login form to anywhere allows Stored XSS. This issue affects wordpress login form to anywhere: from n/a through 0.2. [CVSS 5.9 MEDIUM]

WordPress XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-28907 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rahul Arora WP Last Modified allows Stored XSS. This issue affects WP Last Modified: from n/a through 0.1. [CVSS 5.9 MEDIUM]

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-28908 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pipdig pipDisqus allows Stored XSS. This issue affects pipDisqus: from n/a through 1.6. [CVSS 5.9 MEDIUM]

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-28878 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Will Brubaker Awesome Surveys allows Stored XSS. This issue affects Awesome Surveys: from n/a through 2.0.10. [CVSS 5.9 MEDIUM]

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-28875 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shanebp BP Email Assign Templates allows Stored XSS. This issue affects BP Email Assign Templates: from n/a through 1.6. [CVSS 5.9 MEDIUM]

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-28871 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jwpegram Block Spam By Math Reloaded allows Stored XSS. This issue affects Block Spam By Math Reloaded: from n/a through 2.2.4. [CVSS 5.9 MEDIUM]

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2024-58102 MEDIUM This Month

An issue was discovered in Datalust Seq versions up to 2024.3.13545. is affected by uncontrolled recursion (CVSS 5.7).

Denial Of Service
NVD GitHub
CVSS 3.1
5.7
EPSS
0.1%
CVE-2025-25244 MEDIUM This Month

SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. [CVSS 5.7 MEDIUM]

Authentication Bypass SAP
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2023-42784 MEDIUM This Month

FortiWeb, a web application firewall made by Fortinet, has a flaw where it doesn't properly validate certain malformed HTTP requests, allowing attackers to execute unauthorized code or commands on affected systems. The vulnerability impacts multiple versions of FortiWeb (7.0.0-7.0.10, 7.2.0-7.2.10, and 7.4.0-7.4.6). An attacker could exploit this by sending specially crafted requests to gain control of the system and run arbitrary commands.

Fortinet
NVD
CVSS 3.1
5.6
EPSS
0.1%
CVE-2024-55597 MEDIUM This Month

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests. [CVSS 5.5 MEDIUM]

Fortinet Path Traversal
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-24992 MEDIUM This Month

Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally. [CVSS 5.5 MEDIUM]

Windows Microsoft
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-27180 MEDIUM This Month

Substance3D - Modeler versions 1.15.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. [CVSS 5.5 MEDIUM]

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24449 MEDIUM This Month

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. [CVSS 5.5 MEDIUM]

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24448 MEDIUM This Month

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. [CVSS 5.5 MEDIUM]

Buffer Overflow Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24431 MEDIUM This Month

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. [CVSS 5.5 MEDIUM]

Buffer Overflow Adobe Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-27163 MEDIUM This Month

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. [CVSS 5.5 MEDIUM]

Buffer Overflow Adobe Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-27164 MEDIUM This Month

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. [CVSS 5.5 MEDIUM]

Buffer Overflow Adobe Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-21170 MEDIUM This Month

Substance3D - Modeler versions 1.15.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. [CVSS 5.5 MEDIUM]

Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-27179 MEDIUM This Month

InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. [CVSS 5.5 MEDIUM]

Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-27176 MEDIUM This Month

InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. [CVSS 5.5 MEDIUM]

Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-27170 MEDIUM This Month

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. [CVSS 5.5 MEDIUM]

Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-2174 MEDIUM PATCH This Month

A vulnerability was found in libzvb versions up to 0.2.43. contains a security vulnerability (CVSS 5.3).

Integer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.8%
CVE-2025-26706 MEDIUM This Month

Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.07. [CVSS 5.4 MEDIUM]

Privilege Escalation
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-25245 MEDIUM PATCH This Month

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. [CVSS 5.4 MEDIUM]

XSS SAP
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-27431 MEDIUM This Month

User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS). [CVSS 5.4 MEDIUM]

Java XSS Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-2173 MEDIUM PATCH This Month

A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this...

Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-28872 MEDIUM This Month

Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Block Spam By Math Reloaded: from n/a through 2.2.4. [CVSS 5.3 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-26705 MEDIUM This Month

Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. [CVSS 5.3 MEDIUM]

Privilege Escalation
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-28920 MEDIUM This Month

Missing Authorization vulnerability in Jogesh Responsive Google Map allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Google Map: from n/a through 3.1.5. [CVSS 5.3 MEDIUM]

Authentication Bypass Google
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-23194 MEDIUM This Month

SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. [CVSS 5.3 MEDIUM]

Authentication Bypass SAP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-26707 MEDIUM This Month

Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. [CVSS 5.3 MEDIUM]

Privilege Escalation
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-52285 MEDIUM This Month

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8), SiPass integrated ACC-AP (All versions < V6.4.8). Affected devices expose several MQTT URLs without authentication. [CVSS 5.3 MEDIUM]

Authentication Bypass Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-26702 MEDIUM This Month

Improper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. [CVSS 4.9 MEDIUM]

Code Injection
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-0071 MEDIUM This Month

SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. [CVSS 4.9 MEDIUM]

Information Disclosure SAP
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-27602 MEDIUM PATCH This Month

Umbraco is a free and open source .NET content management system. [CVSS 4.9 MEDIUM]

RCE
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-56338 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 versions up to 6.1.2.6 is affected by cross-site scripting (xss) (CVSS 4.8).

XSS
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-0062 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. [CVSS 4.7 MEDIUM]

XSS SAP
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-28896 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akshar Soft Solutions AS English Admin allows Phishing. This issue affects AS English Admin: from n/a through 1.0.0. [CVSS 4.7 MEDIUM]

Open Redirect
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-24997 MEDIUM This Month

Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally. [CVSS 4.4 MEDIUM]

Linux Windows Microsoft
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2025-21247 MEDIUM This Month

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. [CVSS 4.3 MEDIUM]

Windows Microsoft
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2025-2175 MEDIUM PATCH This Month

A vulnerability was found in libzvb versions up to 0.2.43. contains a security vulnerability (CVSS 4.3).

Integer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2025-24055 MEDIUM This Month

Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack. [CVSS 4.3 MEDIUM]

Windows Microsoft
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-13228 MEDIUM PATCH This Month

The Qubely - Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.13 via the 'qubely_get_content'. [CVSS 4.3 MEDIUM]

WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-52960 MEDIUM This Month

A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. [CVSS 4.3 MEDIUM]

Fortinet RCE
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-27601 MEDIUM PATCH This Month

Umbraco is a free and open source .NET content management system. [CVSS 4.3 MEDIUM]

RCE
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28938 MEDIUM This Month

Missing Authorization vulnerability in Bjoern WP Performance Pack allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Performance Pack: from n/a through 2.5.3. [CVSS 4.3 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-2192 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Stoque Zeev.it 4.24. This affects an unknown part of the file /Login?inpLostSession=1 of the component Login Page. [CVSS 4.3 MEDIUM]

SSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-26660 MEDIUM This Month

SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. [CVSS 4.3 MEDIUM]

Authentication Bypass SAP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-23188 MEDIUM This Month

An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and availability. [CVSS 4.3 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy