Skip to main content
CVE-2025-3522 MEDIUM PATCH This Month

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Open Redirect Google Mozilla Chrome
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-2830 MEDIUM PATCH This Month

By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Path Traversal Mozilla
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-11084 MEDIUM This Month

Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.3
EPSS
0.2%
CVE-2025-33028 MEDIUM This Month

In WinZip through 29.0, there is a Mark-of-the-Web Bypass Vulnerability because of an incomplete fix for CVE-2024-8811. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-33027 MEDIUM This Month

In Bandisoft Bandizip through 7.37, there is a Mark-of-the-Web Bypass Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Bandizip
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-33026 MEDIUM This Month

In PeaZip through 10.4.0, there is a Mark-of-the-Web Bypass Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Peazip Suse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-30732 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Application Object Library
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-30709 MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-21582 MEDIUM PATCH This Month

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Oracle Authentication Bypass Crm Technical Foundation
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-30720 MEDIUM This Month

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Orders). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Configurator
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-30719 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Oracle Denial Of Service Vm Virtualbox
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-21573 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Oracle Authentication Bypass Denial Of Service Financial Services Revenue Management And Billing
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2025-32987 MEDIUM This Month

Arctera eDiscovery Platform before 10.3.2, when Enterprise Vault Collection Module is used, places a cleartext password on a command line in EVSearcher. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Hashicorp Information Disclosure Red Hat
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2025-29817 MEDIUM This Month

Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Power Automate For Desktop
NVD
CVSS 3.1
5.7
EPSS
1.1%
CVE-2025-30737 MEDIUM This Month

Vulnerability in the Oracle Smart View for Office product of Oracle Hyperion (component: Core Smart View). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Oracle Authentication Bypass Smart View For Office
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2025-30698 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Denial Of Service Java Jre +5
NVD VulDB
CVSS 3.1
5.6
EPSS
0.6%
CVE-2024-42189 MEDIUM This Month

HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Bigfix Platform
NVD
CVSS 4.0
5.6
EPSS
0.2%
CVE-2025-30693 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Cluster Mysql Server MySQL +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2025-30695 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-1688 MEDIUM This Month

Milestone Systems has discovered a security vulnerability in Milestone XProtect installer that resets system configuration password after the upgrading from older versions using specific installers. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-30729 MEDIUM This Month

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Denial Of Service Communications Order And Service Management
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-32776 MEDIUM This Month

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-30966 MEDIUM This Month

Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2025-30723 MEDIUM This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Bi Publisher
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-30718 MEDIUM This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle File Upload Applications Framework
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-32388 MEDIUM PATCH This Month

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-30964 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in EPC Photography.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSRF
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-30713 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager product of Oracle PeopleSoft (component: Job Opening). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Hcm Talent Acquisition Manager
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-30711 MEDIUM PATCH This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass File Upload Applications Framework
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-30697 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-30694 MEDIUM PATCH This Month

Vulnerability in the XML Database component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Xml Database
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-21586 MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-24358 MEDIUM PATCH This Month

gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS Suse
NVD GitHub
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-21576 MEDIUM PATCH This Month

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Oracle CSRF Commerce Platform
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-30722 MEDIUM PATCH This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Authentication Bypass Mysql Cluster Mysql Client Active Iq Unified Manager +4
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-30726 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Application Object Library
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-30702 MEDIUM This Month

Vulnerability in the Fleet Patching and amp; Provisioning component of Oracle Database Server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oracle Fleet Patching And Provisioning
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-3573 MEDIUM PATCH This Month

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Red Hat
NVD GitHub HeroDevs
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-32782 MEDIUM This Month

Ash Authentication provides authentication for the Ash framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-13177 MEDIUM This Month

Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. Rated medium severity (CVSS 5.2). No vendor patch available.

Privilege Escalation macOS
NVD
CVSS 4.0
5.2
EPSS
0.1%
CVE-2025-3622 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in Xorbits Inference up to 1.4.1.py. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Deserialization
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-30710 MEDIUM PATCH This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Cluster MySQL
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-30699 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-30696 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-30689 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-30685 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-30684 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-30683 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-21588 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-21585 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy