Skip to main content
CVE-2025-5952 MEDIUM This Month

A critical OS command injection vulnerability exists in Zend.To versions up to 6.10-6 Beta, where unsanitized user input in the 'file_1' parameter of NSSDropoff.php's exec function allows remote, unauthenticated attackers to execute arbitrary system commands with application-level privileges. The vulnerability has been publicly disclosed with working exploits available, making active exploitation probable, though it affects an older software version that has been superseded by newer releases with additional security controls.

PHP Command Injection
NVD VulDB
CVSS 4.0
5.5
EPSS
0.4%
CVE-2025-33052 MEDIUM PATCH This Month

Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows 10 22h2 Windows 11 23h2 Windows Server 2022 +8
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2025-5743 MEDIUM This Month

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote control over the charging station when an authenticated user modifies configuration parameters on the web server.

Command Injection
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2025-32720 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows 10 1607 Windows 10 1507 +13
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-33065 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows 11 22h2 Windows Server 2025 +12
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-33063 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows 10 22h2 Windows Server 2025 +10
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-33062 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows 11 22h2 Windows 10 22h2 +11
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-33061 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows Server 2016 Windows Server 2025 +11
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-33060 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows 10 21h2 Windows 10 22h2 +13
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-33059 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows 10 1607 Windows 10 1507 +12
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-33058 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows 10 21h2 Windows 11 24h2 +12
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-33055 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows 11 22h2 Windows Server 2016 +12
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-32719 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows Server 2022 23h2 Windows 10 1607 +12
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-24069 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows Server 2016 Windows 10 22h2 +12
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-24068 MEDIUM PATCH This Month

Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Windows Server 2016 Windows 11 22h2 Windows 10 22h2 +11
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-24065 MEDIUM PATCH This Month

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Microsoft Buffer Overflow Information Disclosure Windows Server 2022 Windows 11 24h2 +9
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-32722 MEDIUM PATCH This Month

Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.

Microsoft Authentication Bypass Windows 10 1507 Windows Server 2022 Windows 11 24h2 +12
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-43579 MEDIUM This Month

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction.

Adobe Information Disclosure Authentication Bypass Acrobat Acrobat Reader +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-40625 MEDIUM PATCH This Month

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerability is fixed in 2.26.0.

SSRF Geoserver
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-47106 MEDIUM This Month

InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Use After Free Denial Of Service Memory Corruption Indesign
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-47112 MEDIUM This Month

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Adobe Information Disclosure Acrobat Dc Acrobat Reader +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43578 MEDIUM This Month

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Adobe Information Disclosure Acrobat Reader Acrobat Dc +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-47105 MEDIUM This Month

InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Information Disclosure Indesign
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-47104 MEDIUM This Month

InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Information Disclosure Indesign
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-47111 MEDIUM This Month

Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Null Pointer Dereference Adobe Denial Of Service Acrobat Acrobat Reader Dc +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-30321 MEDIUM This Month

InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Null Pointer Dereference Denial Of Service Indesign
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-47160 MEDIUM PATCH This Month

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Microsoft Authentication Bypass Windows 10 1507 Windows 11 24h2 Windows Server 2016 +12
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2025-46889 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized elevated access. Exploitation of this issue does not require user interaction.

Adobe Privilege Escalation Authentication Bypass Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-42984 MEDIUM This Month

CVE-2025-42984 is a security vulnerability (CVSS 5.4). Remediation should follow standard vulnerability management procedures.

SAP Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-46952 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-47117 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47116 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47115 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47114 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47113 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47093 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47092 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47091 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47090 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47089 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47088 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47087 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47086 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47085 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47084 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47083 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47082 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47081 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47080 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-47079 MEDIUM This Month

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
Prev Page 2 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy