Skip to main content
CVE-2025-3899 MEDIUM This Month

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47102 MEDIUM This Month

Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.4
CVE-2025-27206 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction.

Adobe Authentication Bypass Commerce B2b Commerce Magento
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-43699 MEDIUM This Month

A remote code execution vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Java Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-49509 MEDIUM This Month

CVE-2025-49509 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-42998 MEDIUM This Month

CVE-2025-42998 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

SAP Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-33069 MEDIUM PATCH This Month

Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature locally.

Authentication Bypass Windows Server 2025 Windows 11 24h2 Microsoft
NVD
CVSS 3.1
5.1
EPSS
0.2%
CVE-2025-5741 MEDIUM This Month

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server.

Path Traversal
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-46913 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-46911 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-46884 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-54019 MEDIUM This Month

A security vulnerability in Fortinet FortiClientWindows (CVSS 4.8) that allows an unauthorized attacker. Remediation should follow standard vulnerability management procedures.

Fortinet Authentication Bypass Forticlient Windows
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-40569 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.2), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.2), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.2), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.2), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.2), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.2). The "Load Configuration from Local PC" functionality in the web interface of affected products contains a race condition vulnerability. This could allow an authenticated remote attacker to make the affected product load an attacker controlled configuration instead of the legitimate one. Successful exploitation requires that a legitimate administrator invokes the functionality and the attacker wins the race condition.

Siemens Race Condition Information Disclosure
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2024-32119 MEDIUM This Month

A security vulnerability in Fortinet FortiClientEMS (CVSS 4.8). Remediation should follow standard vulnerability management procedures.

Fortinet Authentication Bypass Forticlientems
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-26394 MEDIUM PATCH This Month

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.

Open Redirect Observability Self Hosted
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-46920 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-47969 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2025 Windows 11 24h2 Windows 11 23h2 +2
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2024-41797 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.1), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.1), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.1), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.1), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions < V3.1), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.1), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.1), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.1), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions < V3.1), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.1). Affected devices contain an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to invoke an internal "do system" command which exceeds their privileges. This command allows the execution of certain low-risk actions, the most critical of which is clearing the local system log.

Siemens Privilege Escalation
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-22829 MEDIUM PATCH This Month

The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0. Anyone with authenticated user-account access in CloudStack 4.20.0.0 environments, where this plugin is enabled and have access to specific APIs can enable or disable reception of quota-related emails for any account in the environment and list their configurations. Quota plugin users using CloudStack 4.20.0.0 are recommended to upgrade to CloudStack version 4.20.1.0, which fixes this issue.

Privilege Escalation Cloudstack
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-25250 MEDIUM This Month

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL.

Information Disclosure Fortinet Fortisase Fortios
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-40568 MEDIUM This Month

A security vulnerability in A vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Siemens Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-45329 MEDIUM This Month

A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests.

Fortinet Authentication Bypass Fortiportal
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-42991 MEDIUM This Month

CVE-2025-42991 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

SAP Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-42987 MEDIUM This Month

CVE-2025-42987 is a security vulnerability (CVSS 4.3) that allows an attacker with basic privileges. Remediation should follow standard vulnerability management procedures.

SAP Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-48786 MEDIUM This Month

A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests.

Fortinet SSRF Forticlientems
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-41657 MEDIUM PATCH This Month

CVE-2025-41657 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49510 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager for WooCommerce: from n/a through 5.1.0.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-5925 MEDIUM This Month

The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcss_options_subpanel() function. This makes it possible for unauthenticated attackers to update settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-42988 LOW PATCH Monitor

Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable the researcher to cause SSRF. It has no impact on integrity and availability of the application.

SAP SSRF
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-47096 LOW Monitor

Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, allowing a low impact to the integrity of the component. Exploitation of this issue requires user interaction in that a victim must interact with the malicious content. Low privileges are required.

Adobe Authentication Bypass
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2023-29184 LOW Monitor

An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests.

Fortinet Information Disclosure
NVD
CVSS 3.1
3.2
EPSS
0.0%
CVE-2025-0036 LOW Monitor

CVE-2025-0036 is a security vulnerability (CVSS 3.2). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
3.2
EPSS
0.0%
CVE-2025-22251 LOW Monitor

CVE-2025-22251 is a security vulnerability (CVSS 3.1) that allows an unauthenticated attacker. Remediation should follow standard vulnerability management procedures.

Fortinet Authentication Bypass
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2025-47095 LOW Monitor

Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
3.1
CVE-2025-42990 LOW Monitor

Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted.

XSS
NVD
CVSS 3.1
3.0
EPSS
0.0%
CVE-2025-36576 LOW PATCH Monitor

Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery.

CSRF SSRF Dell
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-5984 LOW Monitor

A vulnerability has been found in SourceCodester Online Student Clearance System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/add-fee.php. The manipulation of the argument txtamt leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-4801 Awaiting Data

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2025-5945 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2024-55595 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
Prev Page 10 of 10

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy