Skip to main content
CVE-2025-4427 MEDIUM POC KEV EUVD KEV THREAT CERT-EU This Month

An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Authentication Bypass Ivanti Endpoint Manager Mobile
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
91.6%
Threat
6.8
CVE-2025-30159 MEDIUM POC PATCH This Month

Kirby is an open-source content management system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Kirby
NVD GitHub
CVSS 4.0
6.3
EPSS
0.9%
CVE-2025-47204 MEDIUM POC PATCH This Month

An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

PHP CSRF XSS Bootstrap Multiselect Bootstrap
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2025-45866 MEDIUM POC This Month

TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A3002r Firmware TOTOLINK
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-44039 MEDIUM POC This Month

CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cp Xr De21 S Firmware
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-29959 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.5
EPSS
5.1%
CVE-2025-29958 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.5
EPSS
5.1%
CVE-2025-22448 MEDIUM This Month

Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-20624 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-20018 MEDIUM This Month

Untrusted pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-20101 MEDIUM This Month

Out-of-bounds read for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable information disclosure or denial of service via local access. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Buffer Overflow Denial Of Service
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-29961 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2025-29960 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2025-20052 MEDIUM This Month

Improper access control for some Intel(R) Graphics software may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Denial Of Service
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-45333 MEDIUM This Month

Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Intel Authentication Bypass Denial Of Service Windows
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-20039 MEDIUM This Month

Race condition for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Intel Race Condition Denial Of Service Proset Wireless Wifi +1
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-26684 MEDIUM This Month

External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Defender For Endpoint
NVD
CVSS 3.1
6.7
EPSS
1.0%
CVE-2025-29835 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2025-20071 MEDIUM This Month

NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Null Pointer Dereference Denial Of Service
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-20031 MEDIUM This Month

Improper input validation for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-24495 MEDIUM PATCH This Month

Incorrect initialization of resource in the branch prediction unit for some Intel(R) Core™ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local. Rated medium severity (CVSS 6.8). No vendor patch available.

Intel Information Disclosure Red Hat Suse
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-20054 MEDIUM PATCH This Month

Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Red Hat Suse
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-29836 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2025-29832 MEDIUM This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2025-4574 MEDIUM PATCH This Month

Double-free vulnerability in crossbeam-channel Rust crate's Channel Drop implementation allows memory corruption via a race condition during cleanup, affecting remote network applications that depend on this widely-used concurrency library. The vulnerability requires no authentication or user interaction and can be triggered by unauthenticated remote attackers in networked Rust applications using vulnerable versions. No public exploit code has been identified at the time of analysis, though the issue presents a moderate real-world risk due to the library's prevalence in production Rust ecosystems and the EPSS score of 0.38% indicating low exploitation likelihood.

Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2025-3107 MEDIUM This Month

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby' parameter in all versions up to, and including, 4.9.9.8 due to insufficient escaping on the user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-43003 MEDIUM This Month

SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

SAP Information Disclosure
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2025-29957 MEDIUM This Month

Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.2
EPSS
1.2%
CVE-2025-43007 MEDIUM This Month

SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-30315 MEDIUM This Month

Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XSS Connect
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2025-30314 MEDIUM This Month

Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XSS Connect
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2025-30009 MEDIUM This Month

he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Java Supplier Relationship Management
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2025-43006 MEDIUM This Month

SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2025-30010 MEDIUM This Month

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Java Supplier Relationship Management
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2025-22895 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2024-29222 MEDIUM This Month

Out-of-bounds write for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Intel Denial Of Service
NVD
CVSS 4.0
5.8
EPSS
0.1%
CVE-2025-20022 MEDIUM This Month

Insufficient control flow management for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow a privileged user to potentially enable information disclosure via adjacent access. Rated medium severity (CVSS 5.8). No vendor patch available.

Intel Information Disclosure
NVD
CVSS 4.0
5.8
EPSS
0.1%
CVE-2024-43101 MEDIUM This Month

Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service. Rated medium severity (CVSS 5.8). No vendor patch available.

Microsoft Intel Authentication Bypass Denial Of Service Windows
NVD
CVSS 4.0
5.8
EPSS
0.0%
CVE-2025-20103 MEDIUM PATCH This Month

Insufficient resource pool in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Red Hat Suse
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2024-45332 MEDIUM PATCH This Month

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an. Rated medium severity (CVSS 5.7). No vendor patch available.

Intel Information Disclosure Red Hat Suse
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2025-29837 MEDIUM This Month

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2025-20623 MEDIUM PATCH This Month

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Core™ processors (10th Generation) may allow an. Rated medium severity (CVSS 5.7). No vendor patch available.

Intel Information Disclosure Red Hat Suse
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2024-43420 MEDIUM PATCH This Month

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom(R) processors may allow an authenticated user to. Rated medium severity (CVSS 5.7). No vendor patch available.

Intel Information Disclosure Red Hat Suse
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2024-28956 MEDIUM PATCH This Month

Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 5.7). No vendor patch available.

Intel Information Disclosure
NVD VulDB
CVSS 4.0
5.7
EPSS
0.1%
CVE-2025-20611 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 5.7). No vendor patch available.

Intel Information Disclosure
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2024-28036 MEDIUM This Month

Improper conditions check for some Intel(R) Arc™ GPU may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.7). No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2025-32703 MEDIUM This Month

Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Visual Studio 2017 Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2025-21100 MEDIUM This Month

Improper initialization in the UEFI firmware for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.6). No vendor patch available.

Intel Information Disclosure
NVD
CVSS 4.0
5.6
EPSS
0.1%
CVE-2025-20034 MEDIUM This Month

Improper input validation in the BackupBiosUpdate UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards before version R01.02.0003 may allow a privileged user to. Rated medium severity (CVSS 5.6). No vendor patch available.

Intel Information Disclosure
NVD
CVSS 4.0
5.6
EPSS
0.1%
CVE-2025-20009 MEDIUM This Month

Improper input validation in the UEFI firmware GenerationSetup module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable information disclosure via. Rated medium severity (CVSS 5.6). No vendor patch available.

Intel Information Disclosure
NVD
CVSS 4.0
5.6
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy