Skip to main content
CVE-2025-20941 MEDIUM This Month

Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-22464 MEDIUM This Month

An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Endpoint Manager
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-22465 MEDIUM This Month

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti XSS Endpoint Manager
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-27735 MEDIUM This Month

Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2025-27079 MEDIUM This Month

A vulnerability in the file creation process on the command line interface of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to perform remote code execution (RCE). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2025-27472 MEDIUM This Month

Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 Windows Server 2012 Windows
NVD
CVSS 3.1
5.4
EPSS
3.1%
CVE-2025-27471 MEDIUM This Month

Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2025-27736 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2025-29821 MEDIUM This Month

Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dynamics 365 Business Central 2023 Dynamics 365 Business Central 2024 Dynamics 365 Business Central 2025
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2025-27742 MEDIUM This Month

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2025-29808 MEDIUM This Month

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2022 Windows
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2025-30309 MEDIUM This Month

XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Xmp Toolkit Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-30308 MEDIUM This Month

XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Xmp Toolkit Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-30307 MEDIUM This Month

XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Xmp Toolkit Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-30306 MEDIUM This Month

XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Xmp Toolkit Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-30305 MEDIUM This Month

XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Xmp Toolkit Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-30303 MEDIUM This Month

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Adobe Framemaker
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-30302 MEDIUM This Month

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Adobe Framemaker
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-27204 MEDIUM This Month

After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow After Effects
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-27202 MEDIUM This Month

Animate versions 24.0.7, 23.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Animate
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-27201 MEDIUM This Month

Animate versions 24.0.7, 23.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Animate
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-27187 MEDIUM This Month

After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow After Effects
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-27186 MEDIUM This Month

After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow After Effects
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-27184 MEDIUM This Month

After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow After Effects
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-30291 MEDIUM This Month

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Coldfusion
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-30301 MEDIUM This Month

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Adobe Denial Of Service Framemaker
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-30300 MEDIUM This Month

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Adobe Denial Of Service Framemaker
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-27185 MEDIUM This Month

After Effects versions 25.1, 24.6.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service After Effects
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-22015 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/migrate: fix shmem xarray update during migration A shmem folio can be either in page cache or in swap cache, but not at the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20948 MEDIUM This Month

Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to read out-of-bounds memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20947 MEDIUM This Month

Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access image files across multiple users. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20935 MEDIUM This Month

Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-22009 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: regulator: dummy: force synchronous probing Sometimes I get a NULL pointer dereference at boot time in kobject_get() with the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20938 MEDIUM This Month

Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Samsung
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20934 MEDIUM This Month

Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-22012 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: dts: qcom: sdm845: Affirm IDR0.CCTW on apps_smmu" There are reports that the pagetable walker cache coherency is not. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Lenovo Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-22008 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: regulator: check that dummy regulator has been probed before using it Due to asynchronous driver probing there is a chance that the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-22017 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: devlink: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returned,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-22016 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dpll: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returned,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-22011 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ARM: dts: bcm2711: Fix xHCI power-domain During s2idle tests on the Raspberry CM4 the VPU firmware always crashes on xHCI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-22014 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fix the potential deadlock When some client process A call pdr_add_lookup() to add the look up for the service and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-22010 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup during bt pages loop Driver runs a for-loop when allocating bt pages and mapping them with buffer pages. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-27191 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Commerce B2b Magento
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2025-27190 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Commerce B2b Magento
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2025-27205 MEDIUM This Month

Adobe Experience Manager Screens versions FP11.3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager Screens
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-2808 MEDIUM PATCH This Month

The Motors - Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Phone Number parameter in all versions up to, and including, 1.4.63. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Motors Car Dealer Classifieds Listing PHP
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-27084 MEDIUM This Month

A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Arubaos
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-2568 MEDIUM This Month

The Vayu Blocks - Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2025-20939 MEDIUM This Month

Improper authorization in wireless download protocol in Galaxy Watch prior to SMR Apr-2025 Release 1 allows physical attackers to update device unique identifier of Watch devices. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wear Os
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-29999 MEDIUM This Month

A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). Rated medium severity (CVSS 5.4). No vendor patch available.

Siemens RCE Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy