Skip to main content
CVE-2025-27179 MEDIUM This Month

InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. [CVSS 5.5 MEDIUM]

Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-27176 MEDIUM This Month

InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. [CVSS 5.5 MEDIUM]

Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-27170 MEDIUM This Month

Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. [CVSS 5.5 MEDIUM]

Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-2174 MEDIUM PATCH This Month

A vulnerability was found in libzvb versions up to 0.2.43. contains a security vulnerability (CVSS 5.3).

Integer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.8%
CVE-2025-26706 MEDIUM This Month

Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.07. [CVSS 5.4 MEDIUM]

Privilege Escalation
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-25245 MEDIUM PATCH This Month

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. [CVSS 5.4 MEDIUM]

XSS SAP
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-27431 MEDIUM This Month

User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS). [CVSS 5.4 MEDIUM]

Java XSS Information Disclosure
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-2173 MEDIUM PATCH This Month

A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this...

Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-28872 MEDIUM This Month

Missing Authorization vulnerability in jwpegram Block Spam By Math Reloaded allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Block Spam By Math Reloaded: from n/a through 2.2.4. [CVSS 5.3 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-26705 MEDIUM This Month

Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. [CVSS 5.3 MEDIUM]

Privilege Escalation
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-28920 MEDIUM This Month

Missing Authorization vulnerability in Jogesh Responsive Google Map allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Google Map: from n/a through 3.1.5. [CVSS 5.3 MEDIUM]

Authentication Bypass Google
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-23194 MEDIUM This Month

SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. [CVSS 5.3 MEDIUM]

Authentication Bypass SAP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-26707 MEDIUM This Month

Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. [CVSS 5.3 MEDIUM]

Privilege Escalation
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-52285 MEDIUM This Month

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.8), SiPass integrated ACC-AP (All versions < V6.4.8). Affected devices expose several MQTT URLs without authentication. [CVSS 5.3 MEDIUM]

Authentication Bypass Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-26702 MEDIUM This Month

Improper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. [CVSS 4.9 MEDIUM]

Code Injection
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-0071 MEDIUM This Month

SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. [CVSS 4.9 MEDIUM]

Information Disclosure SAP
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-27602 MEDIUM PATCH This Month

Umbraco is a free and open source .NET content management system. [CVSS 4.9 MEDIUM]

RCE
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-56338 MEDIUM This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 versions up to 6.1.2.6 is affected by cross-site scripting (xss) (CVSS 4.8).

XSS
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-0062 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. [CVSS 4.7 MEDIUM]

XSS SAP
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-28896 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akshar Soft Solutions AS English Admin allows Phishing. This issue affects AS English Admin: from n/a through 1.0.0. [CVSS 4.7 MEDIUM]

Open Redirect
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-24997 MEDIUM This Month

Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally. [CVSS 4.4 MEDIUM]

Linux Windows Microsoft
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2025-21247 MEDIUM This Month

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. [CVSS 4.3 MEDIUM]

Windows Microsoft
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2025-2175 MEDIUM PATCH This Month

A vulnerability was found in libzvb versions up to 0.2.43. contains a security vulnerability (CVSS 4.3).

Integer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2025-24055 MEDIUM This Month

Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack. [CVSS 4.3 MEDIUM]

Windows Microsoft
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-13228 MEDIUM PATCH This Month

The Qubely - Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.13 via the 'qubely_get_content'. [CVSS 4.3 MEDIUM]

WordPress
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-52960 MEDIUM This Month

A client-side enforcement of server-side security vulnerability [CWE-602] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. [CVSS 4.3 MEDIUM]

Fortinet RCE
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-27601 MEDIUM PATCH This Month

Umbraco is a free and open source .NET content management system. [CVSS 4.3 MEDIUM]

RCE
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28938 MEDIUM This Month

Missing Authorization vulnerability in Bjoern WP Performance Pack allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Performance Pack: from n/a through 2.5.3. [CVSS 4.3 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-2192 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Stoque Zeev.it 4.24. This affects an unknown part of the file /Login?inpLostSession=1 of the component Login Page. [CVSS 4.3 MEDIUM]

SSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-26660 MEDIUM This Month

SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. [CVSS 4.3 MEDIUM]

Authentication Bypass SAP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-23188 MEDIUM This Month

An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and availability. [CVSS 4.3 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-26703 MEDIUM This Month

Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04. [CVSS 4.3 MEDIUM]

Privilege Escalation
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-27436 MEDIUM This Month

The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. [CVSS 4.3 MEDIUM]

RCE
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-27433 MEDIUM This Month

The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. [CVSS 4.3 MEDIUM]

Authentication Bypass SAP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-26656 MEDIUM This Month

OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application. [CVSS 4.3 MEDIUM]

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28876 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Skrill_Team Skrill Official allows Cross Site Request Forgery. This issue affects Skrill Official: from n/a through 1.0.65. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28868 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ZipList ZipList Recipe allows Cross Site Request Forgery. This issue affects ZipList Recipe: from n/a through 3.1. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28867 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter allows Cross Site Request Forgery. This issue affects Frontpage category filter: from n/a through 1.0.2. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28866 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in smerriman Login Logger allows Cross Site Request Forgery. This issue affects Login Logger: from n/a through 1.2.1. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28864 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Planet Studio Builder for Contact Form 7 by Webconstruct allows Cross Site Request Forgery. This issue affects Builder for Contact Form 7 by Webconstruct: from n/a through 1.2.2. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28863 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Carlos Minatti Delete Original Image allows Cross Site Request Forgery. This issue affects Delete Original Image: from n/a through 0.4. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28862 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Comment Date and Gravatar remover allows Cross Site Request Forgery. This issue affects Comment Date and Gravatar remover: from n/a through 1.0. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28859 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CodeVibrant Maintenance Notice allows Cross Site Request Forgery. This issue affects Maintenance Notice: from n/a through 1.0.5. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28856 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in dangrossman W3Counter Free Real-Time Web Stats allows Cross Site Request Forgery. This issue affects W3Counter Free Real-Time Web Stats: from n/a through 4.1. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-54026 MEDIUM This Month

An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox Cloud 24.1 allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests. [CVSS 4.3 MEDIUM]

Fortinet SQLi
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-28941 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ohtan Spam Byebye allows Cross Site Request Forgery. This issue affects Spam Byebye: from n/a through 2.2.4. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28940 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in arkapravamajumder Back To Top allows Cross Site Request Forgery. This issue affects Back To Top: from n/a through 2.0. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28927 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in A. Chappard Display Template Name allows Cross Site Request Forgery. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28913 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Aftab Ali Muni WP Add Active Class To Menu Item allows Cross Site Request Forgery. This issue affects WP Add Active Class To Menu Item: from n/a through 1.0. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-28912 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Muntasir Rahman Custom Dashboard Page allows Cross Site Request Forgery. This issue affects Custom Dashboard Page: from n/a through 1.0. [CVSS 4.3 MEDIUM]

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 6 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy