Skip to main content
CVE-2025-49525 MEDIUM This Month

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Information Disclosure Buffer Overflow Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-30313 MEDIUM This Month

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Information Disclosure Buffer Overflow Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-27165 MEDIUM This Month

Substance3D - Stager versions 3.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Information Disclosure Buffer Overflow Substance 3d Stager
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43584 MEDIUM This Month

Substance3D - Viewer versions 0.22 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Information Disclosure Buffer Overflow Substance 3d Viewer
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-47135 MEDIUM This Month

Dimension versions 4.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Information Disclosure Buffer Overflow Dimension
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43587 MEDIUM This Month

After Effects versions 25.2, 24.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Information Disclosure Buffer Overflow After Effects
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21168 MEDIUM This Month

Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Information Disclosure Buffer Overflow Substance 3d Designer
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21167 MEDIUM This Month

Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Information Disclosure Buffer Overflow Substance 3d Designer
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21009 MEDIUM This Month

Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Information Disclosure Buffer Overflow Android Samsung
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21008 MEDIUM This Month

Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Information Disclosure Buffer Overflow Android Samsung
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21007 MEDIUM This Month

Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Buffer Overflow Memory Corruption Android Samsung
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-47119 MEDIUM This Month

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Null Pointer Dereference Adobe Denial Of Service Framemaker
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-49524 MEDIUM This Month

Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Null Pointer Dereference Denial Of Service Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43583 MEDIUM This Month

Substance3D - Viewer versions 0.22 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Null Pointer Dereference Denial Of Service Substance 3d Viewer
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-47109 MEDIUM This Month

After Effects versions 25.2, 24.6.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Null Pointer Dereference Denial Of Service After Effects
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43580 MEDIUM This Month

Audition versions 25.2, 24.6.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could result in application denial-of-service. An attacker could leverage this vulnerability to crash the application or disrupt its functionality. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Denial Of Service Audition
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20692 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418040; Issue ID: MSV-3476.

Information Disclosure Buffer Overflow Software Development Kit Openwrt
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20691 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418039; Issue ID: MSV-3477.

Information Disclosure Buffer Overflow Software Development Kit Openwrt
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20690 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418038; Issue ID: MSV-3478.

Information Disclosure Buffer Overflow Openwrt Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20689 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418048; Issue ID: MSV-3479.

Information Disclosure Buffer Overflow Openwrt Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20688 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418047; Issue ID: MSV-3480.

Information Disclosure Buffer Overflow Openwrt Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38237 MEDIUM PATCH This Month

CVE-2025-38237 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Linux Information Disclosure Ubuntu Debian Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-21005 MEDIUM This Month

Improper access control in isemtelephony prior to Android 15 allows local attackers to access sensitive information.

Information Disclosure Android Samsung
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20998 MEDIUM This Month

A security vulnerability in SamsungAccount for Galaxy Watch (CVSS 5.5) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Wear Os Samsung
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-49547 MEDIUM This Month

Adobe Experience Manager versions 11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed.

XSS Adobe
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-49534 MEDIUM This Month

Adobe Experience Manager versions 11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed.

XSS Adobe
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-7363 MEDIUM PATCH This Month

The TitleIcon extension for MediaWiki is vulnerable to stored XSS through the #titleicon_unicode parser function. User input passed to this function is wrapped in an HtmlArmor object without sanitization and rendered directly into the page header, allowing attackers to inject arbitrary JavaScript. This issue affects Mediawiki - TitleIcon extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-53479 MEDIUM PATCH This Month

The CheckUser extension’s Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message. This message is rendered without proper escaping, making it possible to inject JavaScript through the uselang=x-xss language override mechanism. This issue affects Mediawiki - CheckUser extension: from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-53480 MEDIUM PATCH This Month

The CheckUser extension’s Special:Investigate page has a vulnerability in the Account information tab, where specific internationalized messages are rendered without proper escaping. Attackers can exploit this by appending ?uselang=x-xss to the URL, causing reflected XSS when the UI renders affected message keys. This issue affects Mediawiki - CheckUser extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-40721 MEDIUM PATCH This Month

Reflected Cross-site Scripting (XSS) vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the id_factura parameter in /<Client>FacturaE/listado_facturas_ficha.jsp.

XSS Quiter Gateway
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-5570 MEDIUM This Month

The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Ai Engine PHP
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-42973 MEDIUM This Month

Due to a Cross-Site Scripting vulnerability in SAP Data Services Management Console, an authenticated attacker could exploit the search functionality associated with DQ job status reports. By intercepting requests, malicious script can be injected and subsequently executed when a user loads the affected page. This results in a limited impact on the confidentiality and integrity of user session information, while availability remains unaffected.

SAP XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-2793 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-7362 MEDIUM PATCH This Month

The MsUpload extension for MediaWiki is vulnerable to stored XSS via the msu-continue system message, which is inserted into the DOM without proper sanitization. The vulnerability occurs in the file upload UI when the same filename is uploaded twice. This issue affects Mediawiki - MsUpload extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

File Upload XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-5957 MEDIUM This Month

A security vulnerability in all (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-24002 MEDIUM This Month

An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog.

Denial Of Service Charx Sec 3100 Firmware Charx Sec 3000 Firmware Charx Sec 3050 Firmware Charx Sec 3150 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-41222 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM i800 (All versions), RUGGEDCOM i801 (All versions), RUGGEDCOM i802 (All versions), RUGGEDCOM i803 (All versions), RUGGEDCOM M2100 (All versions), RUGGEDCOM M2200 (All versions), RUGGEDCOM M969 (All versions), RUGGEDCOM RMC30 (All versions), RUGGEDCOM RMC8388 V4.X (All versions), RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RP110 (All versions), RUGGEDCOM RS1600 (All versions), RUGGEDCOM RS1600F (All versions), RUGGEDCOM RS1600T (All versions), RUGGEDCOM RS400 (All versions), RUGGEDCOM RS401 (All versions), RUGGEDCOM RS416 (All versions), RUGGEDCOM RS416P (All versions), RUGGEDCOM RS416Pv2 V4.X (All versions), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416v2 V4.X (All versions), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.0), RUGGEDCOM RS8000 (All versions), RUGGEDCOM RS8000A (All versions), RUGGEDCOM RS8000H (All versions), RUGGEDCOM RS8000T (All versions), RUGGEDCOM RS900 (All versions), RUGGEDCOM RS900 (32M) V4.X (All versions), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900G (All versions), RUGGEDCOM RS900G (32M) V4.X (All versions), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900GP (All versions), RUGGEDCOM RS900L (All versions), RUGGEDCOM RS900M-GETS-C01 (All versions), RUGGEDCOM RS900M-GETS-XX (All versions), RUGGEDCOM RS900M-STND-C01 (All versions), RUGGEDCOM RS900M-STND-XX (All versions), RUGGEDCOM RS900W (All versions), RUGGEDCOM RS910 (All versions), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910W (All versions), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920W (All versions), RUGGEDCOM RS930L (All versions), RUGGEDCOM RS930W (All versions), RUGGEDCOM RS940G (All versions), RUGGEDCOM RS969 (All versions), RUGGEDCOM RSG2100 (All versions), RUGGEDCOM RSG2100 (32M) V4.X (All versions), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100P (All versions), RUGGEDCOM RSG2100P (32M) V4.X (All versions), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2200 (All versions), RUGGEDCOM RSG2288 V4.X (All versions), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300 V4.X (All versions), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300P V4.X (All versions), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488 V4.X (All versions), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.0), RUGGEDCOM RSG907R (All versions < V5.10.0), RUGGEDCOM RSG908C (All versions < V5.10.0), RUGGEDCOM RSG909R (All versions < V5.10.0), RUGGEDCOM RSG910C (All versions < V5.10.0), RUGGEDCOM RSG920P V4.X (All versions), RUGGEDCOM RSG920P V5.X (All versions < V5.10.0), RUGGEDCOM RSL910 (All versions < V5.10.0), RUGGEDCOM RST2228 (All versions < V5.10.0), RUGGEDCOM RST2228P (All versions < V5.10.0), RUGGEDCOM RST916C (All versions < V5.10.0), RUGGEDCOM RST916P (All versions < V5.10.0). Affected devices do not properly handle malformed TLS handshake messages. This could allow an attacker with network access to the webserver to cause a denial of service resulting in the web server and the device to crash.

Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-55599 MEDIUM This Month

A security vulnerability in FortiOS (CVSS 5.3) that allows a remote unauthenticated user. Remediation should follow standard vulnerability management procedures.

Fortinet Apple Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-7031 MEDIUM PATCH This Month

Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4.

Authentication Bypass Config Pages Viewer Drupal
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-49783 MEDIUM PATCH This Month

CVE-2024-49783 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Information Disclosure IBM Openpages With Watson
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-27367 MEDIUM PATCH This Month

A security vulnerability in IBM OpenPages with Watson 8.3 and 9.0 (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Authentication Bypass IBM Openpages With Watson
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-53009 MEDIUM This Month

Memory corruption while operating the mailbox in Automotive.

Buffer Overflow Sa8145p Firmware Qca6797aq Firmware Aqt1000 Firmware Sd675 Firmware +181
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-49784 MEDIUM PATCH This Month

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values they could exploit this weaker algorithm to use additional cryptographic methods to possibly extract the encrypted data.

Information Disclosure IBM Openpages With Watson
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-49542 MEDIUM This Month

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser, scope is changed. The vulnerable component is restricted to internal IP addresses.

XSS Coldfusion
NVD
CVSS 3.1
5.2
EPSS
0.1%
CVE-2025-24004 MEDIUM This Month

A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.

Buffer Overflow Charx Sec 3150 Firmware Charx Sec 3000 Firmware Charx Sec 3100 Firmware Charx Sec 3050 Firmware
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-5451 MEDIUM This Month

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.

Buffer Overflow Ivanti Stack Overflow Denial Of Service Connect Secure +1
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2025-42968 MEDIUM PATCH This Month

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application.

SAP Authentication Bypass Netweaver
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-4663 MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS). The vulnerability is encountered when supportsave is invoked remotely, using ssh command or SANnav inline ssh, and the corresponding ssh session is terminated with Control C (^c ) before supportsave completion. This issue affects Brocade Fabric OS 9.0.0 through 9.2.2

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-42961 MEDIUM This Month

Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables. By leveraging overly permissive access configurations, unauthorized reading of critical data is possible, resulting in a significant impact on the confidentiality of the information stored. However, the integrity and availability of the system remain unaffected.

SAP Authentication Bypass
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-41223 MEDIUM This Month

A security vulnerability in A vulnerability (CVSS 4.8). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
4.8
EPSS
0.0%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy