Skip to main content
CVE-2025-29267 MEDIUM This Month

SQL Injection vulnerability in Abis, Inc Adjutant Core Accounting ERP build v.PreBeta250F allows a remote attacker to obtain a sensitive information via the cid parameter in the GET request.

SQLi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-20695 MEDIUM This Month

In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317.

Denial Of Service Software Development Kit Android Openwrt Google
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-20694 MEDIUM This Month

In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09752821; Issue ID: MSV-3342.

Denial Of Service Software Development Kit Android Openwrt Google
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-20693 MEDIUM This Month

In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421.

Information Disclosure Buffer Overflow Yocto Openwrt Software Development Kit +2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-6743 MEDIUM This Month

The Woodmart theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'multiple_markers' attribute in all versions up to, and including, 8.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Woodmart PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-5537 MEDIUM PATCH This Month

The Lightbox & Modal Popup WordPress Plugin - FooBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alternative texts in all versions up to, and including, 2.7.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Foobox PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-6244 MEDIUM PATCH This Month

The Essential Addons for Elementor - Popular Elementor Templates and Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via `Calendar` And `Business Reviews` Widgets attributes in all versions up to, and including, 6.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Essential Addons For Elementor PHP Elementor
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-3630 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-20983 MEDIUM This Month

Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-20982 MEDIUM This Month

Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-5450 MEDIUM This Month

A security vulnerability in the certificate management component of Ivanti Connect Secure (CVSS 6.3) that allows a remote authenticated admin with read-only rights. Remediation should follow standard vulnerability management procedures.

Information Disclosure Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-48386 MEDIUM PATCH This Month

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.

Buffer Overflow Ubuntu Debian Red Hat Suse
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-47980 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2022 Windows 11 24h2 Windows 10 1809 +13
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2025-49545 MEDIUM This Month

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of URLs. Exploitation of this issue does not require user interaction and scope is changed. The vulnerable component is restricted to internal IP addresses.

SSRF Coldfusion
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-21000 MEDIUM This Month

A security vulnerability in Bluetooth (CVSS 6.2) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Android
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-21002 MEDIUM This Month

A security vulnerability in LeAudioService (CVSS 6.2) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Android
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-21001 MEDIUM This Month

A security vulnerability in LeAudioService (CVSS 6.2) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Android
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-20997 MEDIUM This Month

A security vulnerability in Framework for Galaxy Watch (CVSS 6.2) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Wear Os
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-21433 MEDIUM This Month

Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus.

Null Pointer Dereference Denial Of Service Wcn6450 Firmware Qcm2150 Firmware Snapdragon 888 5g Mobile Firmware +262
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-21004 MEDIUM This Month

Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to power off the device.

Information Disclosure Wear Os
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-23364 MEDIUM This Month

A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application improperly validates code signing certificates. This could allow an attacker to bypass the check and exceute arbitrary code during installations.

RCE Tia Administrator
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-42956 MEDIUM PATCH This Month

SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page generation to create content which when executed in the victim's browser leading to low impact on Confidentiality and Integrity with no effect on Availability of the application.

SAP XSS Sap Basis
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-42969 MEDIUM This Month

SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject a malicious script into a dynamically crafted URL. The victim, when tricked into clicking on this crafted URL unknowingly executes the malicious payload in their browser. On successful exploitation, the attacker can access or modify sensitive information within the scope of victim's web browser, with no impact on availability of the application.

SAP XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-42981 MEDIUM This Month

Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not properly sanitized. When a victim clicks on this link, the script executes within the victim's browser, redirecting them to a site controlled by the attacker. This allows the attacker to access and/or modify restricted information related to the web client. While the vulnerability poses no impact on data availability, it presents a considerable risk to confidentiality and integrity.

SAP Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-42985 MEDIUM This Month

Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality and integrity, with no impact on application availability.

SAP Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-40720 MEDIUM PATCH This Month

Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /<Client>FacturaE/VerFacturaPDF.

XSS Quiter Gateway
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-40719 MEDIUM PATCH This Month

Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the id_concesion parameter in /<Client>FacturaE/VerFacturaPDF.

XSS Quiter Gateway
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-42962 MEDIUM This Month

SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victim�s browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted.

SAP XSS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2023-43039 MEDIUM This Month

IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session

XSS IBM Openpages With Watson
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-21195 MEDIUM PATCH This Month

Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.

Information Disclosure Azure Service Fabric
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2025-40742 MEDIUM This Month

A security vulnerability in A vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-48823 MEDIUM PATCH This Month

Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows 10 1607 Windows 10 22h2 Windows 11 22h2 +11
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-42970 MEDIUM This Month

SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on their system, causing files to be extracted outside the intended directory and overwriting files in arbitrary locations. This vulnerability has a high impact on the integrity and availability of the application with no impact on confidentiality.

Path Traversal
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-49722 MEDIUM PATCH This Month

Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.

Microsoft Denial Of Service Windows 10 21h2 Windows Server 2016 Windows 10 1507 +13
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-48002 MEDIUM PATCH This Month

Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network.

Microsoft Information Disclosure Buffer Overflow Windows 11 24h2 Windows Server 2025 +1
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2025-0292 MEDIUM This Month

SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.

SSRF Ivanti Policy Secure Connect Secure
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-36357 MEDIUM PATCH This Month

A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.

Information Disclosure Ubuntu Debian Red Hat Suse
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2024-36350 MEDIUM PATCH This Month

A security vulnerability in some AMD processors may allow an attacker to infer data from previous stores (CVSS 5.6) that allows an attacker. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure Ubuntu Debian Red Hat Suse
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-42979 MEDIUM This Month

CVE-2025-42979 is a security vulnerability (CVSS 5.6). Remediation should follow standard vulnerability management procedures.

Microsoft SAP Information Disclosure Windows
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-49664 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows User-Mode Driver Framework Host allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2019 Windows 11 22h2 Windows 10 21h2 +13
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-48808 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Windows Server 2019 Windows Server 2022 23h2 Windows Server 2025 +13
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-5463 MEDIUM This Month

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain that information.

Information Disclosure Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-48810 MEDIUM PATCH This Month

CVE-2025-48810 is a security vulnerability (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Windows 11 24h2 Windows Server 2025 Windows
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-48809 MEDIUM PATCH This Month

CVE-2025-48809 is a security vulnerability (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Windows 11 24h2 Windows Server 2025 Windows
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-26636 MEDIUM PATCH This Month

CVE-2025-26636 is a security vulnerability (CVSS 5.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Windows Server 2025 Windows 11 24h2 Windows
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-49684 MEDIUM PATCH This Month

Buffer over-read in Storage Port Driver allows an authorized attacker to disclose information locally.

Buffer Overflow Windows 10 1507 Windows Server 2016 Windows Server 2019 Windows Server 2025 +11
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-49658 MEDIUM PATCH This Month

Out-of-bounds read in Windows TDX.sys allows an authorized attacker to disclose information locally.

Microsoft Information Disclosure Buffer Overflow Windows Server 2019 Windows Server 2012 +14
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-48812 MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Buffer Overflow Excel 365 Apps +3
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-20687 MEDIUM This Month

In Bluetooth driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418045; Issue ID: MSV-3481.

Information Disclosure Buffer Overflow Denial Of Service Nbiot Sdk
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-47120 MEDIUM This Month

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Buffer Overflow Adobe Stack Overflow Framemaker
NVD
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy