Skip to main content
CVE-2025-20012 MEDIUM PATCH This Month

Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required. No vendor patch available.

Intel Information Disclosure Red Hat Suse
NVD
CVSS 4.0
4.1
EPSS
0.1%
CVE-2025-43566 MEDIUM This Month

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Coldfusion
NVD
CVSS 3.1
6.8
EPSS
2.4%
CVE-2025-45746 MEDIUM POC This Week

In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zkbio Cvsecurity
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2025-30394 MEDIUM This Month

Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Windows Server 2012 Windows Server 2016 Windows Server 2019 Windows Server 2022 +3
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2025-29974 MEDIUM This Month

Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
5.7
EPSS
1.1%
CVE-2025-29968 MEDIUM This Month

Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
6.5
EPSS
5.0%
CVE-2025-29956 MEDIUM This Month

Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2025-29955 MEDIUM This Month

Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows 11 24h2 Windows Server 2022 23h2 Windows Server 2025 +1
NVD
CVSS 3.1
6.2
EPSS
1.1%
CVE-2025-29954 MEDIUM This Month

Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2025-29830 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2025-29829 MEDIUM This Month

Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2025-27488 MEDIUM This Month

Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Windows Hardware Lab Kit Windows
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2025-26685 MEDIUM This Month

Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Defender For Identity
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2024-6364 MEDIUM This Month

A vulnerability in Absolute Persistence® versions before 2.8 exists when it is not activated. Rated medium severity (CVSS 6.9). No vendor patch available.

Authentication Bypass Persistence
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-46721 MEDIUM POC PATCH This Month

nosurf is cross-site request forgery (CSRF) protection middleware for Go. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF XSS Nosurf Suse
NVD GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-31493 MEDIUM PATCH This Month

Kirby is an open-source content management system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Path Traversal Kirby
NVD GitHub
CVSS 4.0
6.3
EPSS
0.8%
CVE-2025-45867 MEDIUM POC This Month

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-45864 MEDIUM POC This Month

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-45859 MEDIUM POC This Month

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-22859 MEDIUM This Month

A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Forticlientems Forticlientems Cloud Fortinet
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-36340 MEDIUM PATCH This Month

A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Amd Information Disclosure Uprof
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-4649 MEDIUM Monitor

Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Centreon Web
NVD GitHub
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-32917 MEDIUM This Month

Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Checkmk
NVD
CVSS 4.0
5.2
EPSS
0.2%
CVE-2025-40583 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
6.7
EPSS
0.0%
CVE-2025-40573 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
6.7
EPSS
0.1%
CVE-2025-40572 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-40555 MEDIUM This Month

A vulnerability has been identified in APOGEE PXC+TALON TC Series (BACnet) (All versions). Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-31929 MEDIUM Monitor

A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions), IEC 1Ph 7.4kW Parent. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required. No vendor patch available.

RCE
NVD
CVSS 4.0
4.1
EPSS
0.1%
CVE-2024-51447 MEDIUM This Month

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Polarion Alm
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2024-51446 MEDIUM This Month

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Polarion Alm
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-3916 MEDIUM Monitor

exploit these issues to potentially execute arbitrary code while the end user opens a malicious project file (SSD file) provided by the attacker. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow
NVD
CVSS 4.0
4.6
EPSS
0.1%
CVE-2025-27696 MEDIUM PATCH This Month

Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-43009 MEDIUM This Month

SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-43008 MEDIUM This Month

Due to missing authorization check, an unauthorized user can view the files of other company. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2025-42997 MEDIUM This Month

Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-31329 MEDIUM This Month

SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Authentication Bypass
NVD
CVSS 3.1
6.2
EPSS
0.3%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy