Skip to main content
CVE-2025-30000 MEDIUM This Month

A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). Rated medium severity (CVSS 5.4). No vendor patch available.

Siemens Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-2876 MEDIUM PATCH This Month

The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Melapress Login Security PHP
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2025-3398 MEDIUM This Month

A vulnerability classified as critical was found in lenve VBlog up to 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Vblog
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3413 MEDIUM This Month

A vulnerability has been found in opplus springboot-admin up to a2d5310f44fd46780a8686456cf2f9001ab8f024 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Springboot Admin
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-2883 MEDIUM This Month

The Accept SagePay Payments Using Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 through the publicly accessible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-2882 MEDIUM This Month

The GreenPay(tm) by Green.Money plugin for WordPress is vulnerable to Sensitive Information Exposure in versions between 3.0.0 and 3.0.9 through the publicly accessible phpinfo.php script. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-13820 MEDIUM This Month

The Melhor Envio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.15.9 via the 'run' function, which uses a hardcoded hash. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-3409 MEDIUM This Month

A vulnerability classified as critical has been found in Nothings stb up to f056911. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3408 MEDIUM This Month

A vulnerability was found in Nothings stb up to f056911. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3407 MEDIUM This Month

A vulnerability was found in Nothings stb up to f056911. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-26657 MEDIUM This Month

SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-3406 MEDIUM This Month

A vulnerability was found in Nothings stb up to f056911. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2024-52962 MEDIUM This Month

An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.13 and below and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortimanager Fortianalyzer
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-3405 MEDIUM This Month

A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-26644 MEDIUM This Month

Automated recognition mechanism with inadequate detection or handling of adversarial input perturbations in Windows Hello allows an unauthorized attacker to perform spoofing locally. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
5.1
EPSS
0.3%
CVE-2025-3403 MEDIUM This Month

A vulnerability was found in Vivotek NVR ND8422P, NVR ND9525P and NVR ND9541P 2.4.0.204/3.3.0.104/4.2.0.101. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-20951 MEDIUM This Month

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2024-52981 MEDIUM PATCH This Month

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Elastic Denial Of Service Elasticsearch
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-3430 MEDIUM PATCH This Month

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'printer_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi 3Dprint Lite PHP
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-3429 MEDIUM PATCH This Month

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'material_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi 3Dprint Lite PHP
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-3428 MEDIUM PATCH This Month

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'coating_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi 3Dprint Lite PHP
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-3427 MEDIUM PATCH This Month

The 3DPrint Lite plugin for WordPress is vulnerable to SQL Injection via the 'infill_text' parameter in all versions up to, and including, 2.1.3.6 due to insufficient escaping on the user supplied. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi 3Dprint Lite PHP
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-27085 MEDIUM This Month

Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2019-25223 MEDIUM This Month

The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-22459 MEDIUM This Month

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ivanti Endpoint Manager
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-26653 MEDIUM This Month

SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SAP XSS
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2025-27442 MEDIUM This Month

Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-27441 MEDIUM This Month

Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF XSS
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-20942 MEDIUM This Month

Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-30017 MEDIUM This Month

Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

SAP Authentication Bypass
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-27188 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Adobe Authentication Bypass Privilege Escalation Commerce Commerce B2b +1
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2025-27189 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe CSRF Commerce B2b
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-47261 MEDIUM This Month

51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have sufficient input validation to allow an attacker to upload files to block access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Axis Os Axis Os 2022 Axis Os 2024
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-31333 MEDIUM This Month

SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-32279 MEDIUM This Month

Missing Authorization vulnerability in Shahjada Live Forms.8.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-31331 MEDIUM This Month

SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-27437 MEDIUM This Month

A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-3437 MEDIUM PATCH This Month

The Motors - Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress PHP Authentication Bypass Motors Car Dealer Classifieds Listing
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-27435 MEDIUM This Month

Under specific conditions and prerequisites, an unauthenticated attacker could access customer coupon codes exposed in the URL parameters of the Coupon Campaign URL in SAP Commerce. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SAP Authentication Bypass
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-32036 MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Dotnetnuke
NVD GitHub
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-30015 MEDIUM This Month

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable. No vendor patch available.

SAP Memory Corruption Buffer Overflow
NVD
CVSS 3.1
4.1
EPSS
0.3%
CVE-2025-20940 MEDIUM This Month

Improper handling of insufficient permission in Samsung Device Health Manager Service prior to SMR Apr-2025 Release 1 allows local attackers to access provider in SDMHS. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2025-30670 MEDIUM This Month

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service Meeting Software Development Kit Rooms +4
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-32024 MEDIUM PATCH This Month

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suse
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-27078 MEDIUM This Month

A vulnerability in a system binary of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to inject commands into the underlying operating system while using the CLI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-54025 MEDIUM This Month

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortinet Fortiisolator
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-3433 MEDIUM This Month

The Advanced Advertising System plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.3.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect WordPress PHP
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-22013 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state There are several problems with the way hyp code lazily saves the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Red Hat Linux Denial Of Service Linux Kernel Suse
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-0361 MEDIUM Monitor

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Axis Os Axis Os 2024
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-20950 MEDIUM Monitor

Use of implicit intent for sensitive communication in SamsungNotes prior to version 4.4.26.45 allows local attackers to access sensitive information. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Notes Samsung
NVD
CVSS 3.1
4.0
EPSS
0.1%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy