Skip to main content
CVE-2025-20041 MEDIUM This Month

Uncontrolled search path for some Intel(R) Graphics software for Intel(R) Arc™ graphics and Intel(R) Iris(R) Xe graphics before version 32.0.101.6325/32.0.101.6252 may allow an authenticated user to. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-20015 MEDIUM This Month

Uncontrolled search path element for some Intel(R) Ethernet Connection software before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-47800 MEDIUM This Month

Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-47795 MEDIUM This Month

Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-46895 MEDIUM This Month

Uncontrolled search path for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32.0.101.6083/32.0.101.5736 may allow an authenticated user to potentially enable escalation of. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-39833 MEDIUM This Month

Uncontrolled search path for some Intel(R) QAT software before version 2.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-31073 MEDIUM This Month

Uncontrolled search path for some Intel(R) oneAPI Level Zero software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-20008 MEDIUM This Month

Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-40580 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 5.4). No vendor patch available.

Stack Overflow Buffer Overflow RCE Siemens Denial Of Service +1
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-40579 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 5.4). No vendor patch available.

Stack Overflow Buffer Overflow RCE Siemens Denial Of Service +1
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-20629 MEDIUM This Month

Insecure inherited permissions in the NVM Update Utility for some Intel(R) Ethernet Network Adapter E810 Series before version 4.60 may allow an authenticated user to potentially enable escalation of. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20095 MEDIUM This Month

Incorrect Default Permissions for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2024-47550 MEDIUM This Month

Incorrect default permissions for some Endurance Gaming Mode software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2024-28954 MEDIUM This Month

Incorrect default permissions for some Intel(R) Graphics Driver installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20104 MEDIUM This Month

Race condition in some Administrative Tools for some Intel(R) Network Adapters package before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Race Condition Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-40575 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Siemens Denial Of Service Scalance Lpe9403 Firmware
NVD
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-30011 MEDIUM This Month

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Java Supplier Relationship Management
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-40578 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-40577 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Siemens Scalance Lpe9403 Firmware
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-43004 MEDIUM This Month

Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-40576 MEDIUM This Month

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Siemens Denial Of Service Scalance Lpe9403 Firmware
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-22844 MEDIUM This Month

Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Authentication Bypass
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-20047 MEDIUM This Month

Improper locking in the Intel(R) Integrated Connectivity I/O interface (CNVi) for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-45371 MEDIUM This Month

Improper access control for some Intel(R) Arc™ &amp; Iris(R) Xe graphics software before version 32.0.101.6077 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Denial Of Service
NVD
CVSS 4.0
5.2
EPSS
0.0%
CVE-2025-22848 MEDIUM This Month

Improper conditions check for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-20084 MEDIUM This Month

Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-20057 MEDIUM This Month

Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-20612 MEDIUM This Month

Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-23233 MEDIUM This Month

Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-39758 MEDIUM This Month

Improper access control for some Intel(R) Arc™ &amp; Iris(R) Xe graphics software before version 31.0.101.4032 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Denial Of Service
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-22446 MEDIUM This Month

Inadequate encryption strength for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2024-56526 MEDIUM This Month

An issue was discovered in OXID eShop before 7. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Eshop
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-20013 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-31150 MEDIUM This Month

Out-of-bounds read for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Buffer Overflow
NVD
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-26662 MEDIUM This Month

The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

XSS
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-43002 MEDIUM This Month

SAP S4CORE OData meta-data property allows an authenticated attacker to access restricted information due to missing authorization check. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-4339 MEDIUM This Month

The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi() function in all versions up to, and including, 5.10.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-43005 MEDIUM This Month

SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure SAP Windows
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-29839 MEDIUM This Month

Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
4.0
EPSS
0.8%
CVE-2025-20012 MEDIUM PATCH This Month

Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required. No vendor patch available.

Intel Information Disclosure Red Hat Suse
NVD
CVSS 4.0
4.1
EPSS
0.1%
CVE-2025-22246 LOW Monitor

Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs. Rated low severity (CVSS 3.0). No vendor patch available.

Information Disclosure Cf Deployment Uaa Release
NVD
CVSS 3.1
3.0
EPSS
0.2%
CVE-2025-40571 LOW Monitor

A vulnerability has been identified in Mendix OIDC SSO (Mendix 10 compatible) (All versions < V4.1.0), Mendix OIDC SSO (Mendix 10.12 compatible) (All versions < V4.0.1), Mendix OIDC SSO (Mendix 9. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-20616 LOW Monitor

Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Denial Of Service
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-20076 LOW Monitor

Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated low severity (CVSS 2.1), this vulnerability is no authentication required. No vendor patch available.

Intel Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-20030 LOW Monitor

Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information. Rated low severity (CVSS 2.1). No vendor patch available.

Intel Information Disclosure
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-21081 LOW Monitor

Protection mechanism failure for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 2.0). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-4668 Awaiting Data

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-43570 HIGH This Month

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-43569 HIGH This Month

Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-43568 HIGH This Month

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.2%
Prev Page 4 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy