Skip to main content
CVE-2025-26651 MEDIUM This Month

Exposed dangerous method or function in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 39.8% and no vendor patch available.

Microsoft Information Disclosure Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 +4
NVD
CVSS 3.1
6.5
EPSS
39.8%
CVE-2025-30150 MEDIUM POC PATCH This Month

Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Shopware
NVD GitHub
CVSS 4.0
5.5
EPSS
0.3%
CVE-2025-3410 MEDIUM POC This Month

A vulnerability classified as critical was found in mymagicpower AIAS 20250308. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass File Upload Java Aias
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2025-3397 MEDIUM POC This Month

A vulnerability classified as problematic has been found in YzmCMS 7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yzmcms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3412 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Aias
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3411 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in mymagicpower AIAS 20250308.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Java Aias
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-3402 MEDIUM POC This Month

A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform 5.5.2 and classified as critical.js%70. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft SQLi Fe Collaborative Office Platform
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-3391 MEDIUM POC This Month

A vulnerability has been found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Oa System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3392 MEDIUM POC This Month

A vulnerability was found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Oa System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3390 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in hailey888 oa_system up to 2025.01.01. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Oa System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3389 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in hailey888 oa_system up to 2025.01.01.java of the component Backend. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Java Oa System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-26667 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
6.5
EPSS
4.7%
CVE-2025-27474 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
6.5
EPSS
4.1%
CVE-2025-30294 MEDIUM This Month

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Coldfusion
NVD
CVSS 3.1
6.8
EPSS
1.8%
CVE-2025-26637 MEDIUM This Month

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 22h2 +10
NVD
CVSS 3.1
6.8
EPSS
1.3%
CVE-2025-25002 MEDIUM This Month

Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Local Cluster
NVD
CVSS 3.1
6.8
EPSS
1.3%
CVE-2025-30293 MEDIUM This Month

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Coldfusion
NVD
CVSS 3.1
6.8
EPSS
1.2%
CVE-2025-27738 MEDIUM This Month

Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2024-41796 MEDIUM This Month

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF 7Kt Pac1260 Data Manager Firmware
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2025-26676 MEDIUM This Month

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2025-26672 MEDIUM This Month

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2025-26664 MEDIUM This Month

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2024-41791 MEDIUM This Month

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 7Kt Pac1260 Data Manager Firmware
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-30280 MEDIUM This Month

A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime V10.12 (All versions < V10.12.16), Mendix Runtime V10.18 (All versions < V10.18.5), Mendix Runtime. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-32025 MEDIUM PATCH This Month

bep/imagemeta is a Go library for reading EXIF, IPTC and XMP image meta data from JPEG, TIFF, PNG, and WebP files. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Suse
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-41795 MEDIUM This Month

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF 7Kt Pac1260 Data Manager Firmware
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-21197 MEDIUM This Month

Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2025-21203 MEDIUM This Month

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2025-26654 MEDIUM This Month

SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

SAP Information Disclosure
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-26681 MEDIUM This Month

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 21h2 +8
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-30013 MEDIUM This Month

SAP ERP BW Business Content is vulnerable to OS Command Injection through certain function modules. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Code Injection SAP
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2025-3364 MEDIUM This Month

The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-26635 MEDIUM This Month

Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2025-31332 MEDIUM This Month

Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system could modify files potentially disrupting operations or cause. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-29985 MEDIUM This Month

Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent (CAVA). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Authentication Bypass Common Event Enabler
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-2519 MEDIUM This Month

The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Path Traversal PHP
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-30671 MEDIUM This Month

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service Meeting Software Development Kit Rooms +4
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-52974 MEDIUM PATCH This Month

An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Elastic Denial Of Service Kibana
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-52980 MEDIUM PATCH This Month

A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Elastic Denial Of Service Elasticsearch
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-25013 MEDIUM This Month

Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elastic
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-32164 MEDIUM This Month

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in maennchen1.de m1.DownloadList.DownloadList: from n/a through 0.21. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-3436 MEDIUM This Month

The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'order' and 'orderby' parameters in all versions up to, and including, 2.7 due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-32211 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet allows Stored XSS.51.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-29819 MEDIUM This Month

External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Admin Center Windows
NVD
CVSS 3.1
6.2
EPSS
1.3%
CVE-2025-32413 MEDIUM This Month

Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-3432 MEDIUM This Month

The AAWP Obfuscator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-aawp-web' parameter in all versions up to, and including, 1.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-20943 MEDIUM This Month

Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-30292 MEDIUM This Month

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Coldfusion
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-46671 MEDIUM This Month

An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Fortinet Fortiweb
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2025-20944 MEDIUM This Month

Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memory. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
6.2
EPSS
0.1%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy