Skip to main content
CVE-2025-30280 MEDIUM This Month

A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime V10.12 (All versions < V10.12.16), Mendix Runtime V10.18 (All versions < V10.18.5), Mendix Runtime. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-32025 MEDIUM PATCH This Month

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suse
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-41795 MEDIUM This Month

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF 7Kt Pac1260 Data Manager Firmware
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-21197 MEDIUM This Month

Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2025-21203 MEDIUM This Month

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2025-26654 MEDIUM This Month

SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

SAP Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-26681 MEDIUM This Month

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 21h2 +8
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-30013 MEDIUM This Month

SAP ERP BW Business Content is vulnerable to OS Command Injection through certain function modules. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Code Injection SAP
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2025-3364 MEDIUM This Month

The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-26635 MEDIUM This Month

Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2025-31332 MEDIUM This Month

Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system could modify files potentially disrupting operations or cause. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-29985 MEDIUM This Month

Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent (CAVA). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Common Event Enabler
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-2519 MEDIUM This Month

The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal PHP
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-30671 MEDIUM This Month

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service Meeting Software Development Kit Rooms +4
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-52974 MEDIUM PATCH This Month

An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Elastic Denial Of Service Kibana
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-52980 MEDIUM PATCH This Month

A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Elastic Denial Of Service Elasticsearch
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-25013 MEDIUM This Month

Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elastic
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-32164 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in maennchen1.de m1.DownloadList.DownloadList: from n/a through 0.21. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-3436 MEDIUM This Month

The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'order' and 'orderby' parameters in all versions up to, and including, 2.7 due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-32211 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet allows Stored XSS.51.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-29819 MEDIUM This Month

External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Admin Center Windows
NVD
CVSS 3.1
6.2
EPSS
1.3%
CVE-2025-32413 MEDIUM This Month

Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-3432 MEDIUM This Month

The AAWP Obfuscator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-aawp-web' parameter in all versions up to, and including, 1.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-20943 MEDIUM This Month

Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-30292 MEDIUM This Month

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Coldfusion
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-46671 MEDIUM This Month

An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Fortinet Fortiweb
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2025-20944 MEDIUM This Month

Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memory. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-20941 MEDIUM This Month

Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-22464 MEDIUM This Month

An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Endpoint Manager
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-22465 MEDIUM This Month

Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti XSS Endpoint Manager
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-27735 MEDIUM This Month

Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2025-27079 MEDIUM This Month

A vulnerability in the file creation process on the command line interface of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to perform remote code execution (RCE). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2025-27472 MEDIUM This Month

Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 Windows Server 2012 Windows
NVD
CVSS 3.1
5.4
EPSS
3.1%
CVE-2025-27471 MEDIUM This Month

Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2025-27736 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows Power Dependency Coordinator allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2025-29821 MEDIUM This Month

Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dynamics 365 Business Central 2023 Dynamics 365 Business Central 2024 Dynamics 365 Business Central 2025
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2025-27742 MEDIUM This Month

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2025-29808 MEDIUM This Month

Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2022 Windows
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2025-30309 MEDIUM This Month

XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Xmp Toolkit Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-30308 MEDIUM This Month

XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Xmp Toolkit Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-30307 MEDIUM This Month

XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Xmp Toolkit Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-30306 MEDIUM This Month

XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Xmp Toolkit Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-30305 MEDIUM This Month

XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Xmp Toolkit Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-30303 MEDIUM This Month

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Adobe Framemaker
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-30302 MEDIUM This Month

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Adobe Framemaker
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-27204 MEDIUM This Month

After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow After Effects
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-27202 MEDIUM This Month

Animate versions 24.0.7, 23.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Animate
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-27201 MEDIUM This Month

Animate versions 24.0.7, 23.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Animate
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-27187 MEDIUM This Month

After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow After Effects
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-27186 MEDIUM This Month

After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow After Effects
NVD
CVSS 3.1
5.5
EPSS
0.3%
Prev Page 5 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy