Skip to main content
CVE-2025-29960 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2025-20052 MEDIUM This Month

Improper access control for some Intel(R) Graphics software may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Denial Of Service
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-45333 MEDIUM This Month

Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Intel Authentication Bypass Denial Of Service Windows
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-20039 MEDIUM This Month

Race condition for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Intel Race Condition Denial Of Service Proset Wireless Wifi +1
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-26684 MEDIUM This Month

External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Defender For Endpoint
NVD
CVSS 3.1
6.7
EPSS
1.0%
CVE-2025-29835 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2025-20071 MEDIUM This Month

NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Null Pointer Dereference Denial Of Service
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-20031 MEDIUM This Month

Improper input validation for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-24495 MEDIUM PATCH This Month

Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local. Rated medium severity (CVSS 6.8). No vendor patch available.

Intel Information Disclosure Red Hat Suse
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-20054 MEDIUM PATCH This Month

Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Red Hat Suse
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-29836 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2025-29832 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2025-4574 MEDIUM PATCH This Month

Double-free vulnerability in crossbeam-channel Rust crate's Channel Drop implementation allows memory corruption via a race condition during cleanup, affecting remote network applications that depend on this widely-used concurrency library. The vulnerability requires no authentication or user interaction and can be triggered by unauthenticated remote attackers in networked Rust applications using vulnerable versions. No public exploit code has been identified at the time of analysis, though the issue presents a moderate real-world risk due to the library's prevalence in production Rust ecosystems and the EPSS score of 0.38% indicating low exploitation likelihood.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-3107 MEDIUM This Month

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby' parameter in all versions up to, and including, 4.9.9.8 due to insufficient escaping on the user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-43003 MEDIUM This Month

SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

SAP Information Disclosure
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-29957 MEDIUM This Month

Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.2
EPSS
1.2%
CVE-2025-47280 LOW POC PATCH Monitor

Umbraco Forms is a form builder that integrates with the Umbraco content management system. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Umbraco Forms
NVD GitHub
CVSS 4.0
2.3
EPSS
0.3%
CVE-2025-43007 MEDIUM This Month

SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-30315 MEDIUM This Month

Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XSS Connect
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2025-30314 MEDIUM This Month

Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XSS Connect
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2025-30009 MEDIUM This Month

he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Java Supplier Relationship Management
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2025-43006 MEDIUM This Month

SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2025-30010 MEDIUM This Month

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Java Supplier Relationship Management
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-22895 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2024-29222 MEDIUM This Month

Out-of-bounds write for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Intel Denial Of Service
NVD
CVSS 4.0
5.8
EPSS
0.1%
CVE-2025-20022 MEDIUM This Month

Insufficient control flow management for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow a privileged user to potentially enable information disclosure via adjacent access. Rated medium severity (CVSS 5.8). No vendor patch available.

Intel Information Disclosure
NVD
CVSS 4.0
5.8
EPSS
0.1%
CVE-2024-43101 MEDIUM This Month

Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service. Rated medium severity (CVSS 5.8). No vendor patch available.

Microsoft Intel Authentication Bypass Denial Of Service Windows
NVD
CVSS 4.0
5.8
EPSS
0.0%
CVE-2025-20103 MEDIUM PATCH This Month

Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Red Hat Suse
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2024-45332 MEDIUM PATCH This Month

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an. Rated medium severity (CVSS 5.7). No vendor patch available.

Intel Information Disclosure Red Hat Suse
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2025-29837 MEDIUM This Month

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2025-20623 MEDIUM PATCH This Month

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an. Rated medium severity (CVSS 5.7). No vendor patch available.

Intel Information Disclosure Red Hat Suse
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2024-43420 MEDIUM PATCH This Month

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to. Rated medium severity (CVSS 5.7). No vendor patch available.

Intel Information Disclosure Red Hat Suse
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2024-28956 MEDIUM PATCH This Month

Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 5.7). No vendor patch available.

Intel Information Disclosure
NVD VulDB
CVSS 4.0
5.7
EPSS
0.1%
CVE-2025-20611 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 5.7). No vendor patch available.

Intel Information Disclosure
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2024-28036 MEDIUM This Month

Improper conditions check for some Intel(R) Arc™ GPU may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.7). No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2025-32703 MEDIUM This Month

Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Visual Studio 2017 Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2025-21100 MEDIUM This Month

Improper initialization in the UEFI firmware for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.6). No vendor patch available.

Intel Information Disclosure
NVD
CVSS 4.0
5.6
EPSS
0.1%
CVE-2025-20034 MEDIUM This Month

Improper input validation in the BackupBiosUpdate UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards before version R01.02.0003 may allow a privileged user to. Rated medium severity (CVSS 5.6). No vendor patch available.

Intel Information Disclosure
NVD
CVSS 4.0
5.6
EPSS
0.1%
CVE-2025-20009 MEDIUM This Month

Improper input validation in the UEFI firmware GenerationSetup module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via. Rated medium severity (CVSS 5.6). No vendor patch available.

Intel Information Disclosure
NVD
CVSS 4.0
5.6
EPSS
0.1%
CVE-2024-48869 MEDIUM PATCH This Month

Improper restriction of software interfaces to hardware features for some Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software. Rated medium severity (CVSS 5.6). No vendor patch available.

Intel Privilege Escalation Red Hat Suse
NVD
CVSS 4.0
5.6
EPSS
0.1%
CVE-2025-43551 MEDIUM This Month

Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Substance 3d Stager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-30329 MEDIUM This Month

Animate versions 24.0.8, 23.0.11 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Animate
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-30320 MEDIUM This Month

InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Indesign
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-30319 MEDIUM This Month

InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Indesign
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-47905 MEDIUM PATCH This Month

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Request Smuggling Red Hat Suse
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-30316 MEDIUM This Month

Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Connect
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-21099 MEDIUM This Month

Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-20108 MEDIUM This Month

Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Intel Privilege Escalation Windows
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-20079 MEDIUM This Month

Uncontrolled search path for some Intel(R) Advisor software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation Advisor Oneapi Base Toolkit
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-20043 MEDIUM This Month

Uncontrolled search path for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
Prev Page 3 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy