Skip to main content
CVE-2025-7037 HIGH This Week

SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database

Ivanti SQLi Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2025-37102 HIGH This Week

An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points. A successful exploitation could allow a remote attacker with elevated privileges to execute arbitrary commands on the underlying operating system as a highly privileged user.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-49666 HIGH PATCH This Week

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2022 Windows Server 2016 +4
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-52965 HIGH This Week

A security vulnerability in Fortinet FortiOS (CVSS 7.2). High severity vulnerability requiring prompt remediation.

Fortinet Information Disclosure Fortiproxy Fortios
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-48821 HIGH PATCH This Week

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 10 1507 +15
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-48819 HIGH PATCH This Week

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.

Microsoft Information Disclosure Windows 11 22h2 Windows 10 1809 Windows Server 2022 23h2 +13
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-21422 HIGH This Week

Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses.

Information Disclosure Snapdragon 860 Mobile Firmware Qca6678aq Firmware Wcn7880 Firmware Qdx1011 Firmware +211
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-7326 HIGH This Week

A privilege escalation vulnerability in Weak authentication in EOL ASP.NET Core (CVSS 7.0) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Authentication Bypass
NVD HeroDevs
CVSS 3.1
7.0
EPSS
0.3%
CVE-2025-49699 HIGH PATCH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption Denial Of Service Office Long Term Servicing Channel +5
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-49727 HIGH PATCH This Week

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2025 Windows 11 22h2 +14
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-49685 HIGH PATCH This Week

Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption Denial Of Service Windows Server 2022 +8
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-47975 HIGH PATCH This Week

A privilege escalation vulnerability in Double free in Windows SSDP Service (CVSS 7.0) that allows an authorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Information Disclosure Windows 10 1809 Windows 11 22h2 Windows 11 24h2 +13
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-49737 HIGH PATCH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.

Microsoft Race Condition Information Disclosure Teams
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-49678 HIGH PATCH This Week

Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally.

Microsoft Race Condition Denial Of Service Windows Server 2016 Windows 10 22h2 +14
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2023-52236 HIGH This Week

A security vulnerability in A vulnerability (CVSS 7.0). High severity vulnerability requiring prompt remediation.

Information Disclosure
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-21006 HIGH This Week

Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory.

Buffer Overflow Memory Corruption Android Samsung
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53545 MEDIUM This Month

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fixed in commit ddb439f8eb1816010f2ef653a908648b71f9bba8.

Authentication Bypass
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-43001 MEDIUM This Month

SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system.

Privilege Escalation
NVD
CVSS 3.1
6.9
EPSS
0.0%
CVE-2025-42992 MEDIUM This Month

SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has high impact on integrity, but low impact on confidentiality and availability of the system.

Privilege Escalation
NVD
CVSS 3.1
6.9
EPSS
0.0%
CVE-2025-47999 MEDIUM PATCH This Month

A security vulnerability in Missing synchronization in Windows Hyper-V (CVSS 6.8) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Windows 10 1607 Windows Server 2022 23h2 Windows Server 2019 +10
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-48800 MEDIUM PATCH This Month

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Microsoft Authentication Bypass Windows 10 1607 Windows Server 2022 Windows 11 23h2 +11
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-48003 MEDIUM PATCH This Month

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Microsoft Authentication Bypass Windows 10 22h2 Windows Server 2022 Windows 11 22h2 +8
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-49544 MEDIUM This Month

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to access sensitive information or bypass security measures. Exploitation of this issue does not require user interaction and scope is changed.

XXE Coldfusion
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-48818 MEDIUM PATCH This Month

Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Microsoft Authentication Bypass Windows 11 22h2 Windows 10 1809 Windows 10 22h2 +11
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-48001 MEDIUM PATCH This Month

Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Microsoft Authentication Bypass Windows 10 1507 Windows 11 24h2 Windows 10 21h2 +12
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-48804 MEDIUM PATCH This Month

A security vulnerability in Acceptance of extraneous untrusted data with trusted data in Windows BitLocker (CVSS 6.8) that allows an unauthorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Authentication Bypass Windows 10 1507 Windows 11 23h2 Windows 10 1607 +12
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-48811 MEDIUM PATCH This Month

A privilege escalation vulnerability (CVSS 6.7) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Windows Server 2022 23h2 Windows Server 2016 Windows 10 1507 +11
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-48803 MEDIUM PATCH This Month

A privilege escalation vulnerability (CVSS 6.7) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Windows 11 22h2 Windows 11 23h2 Windows 10 21h2 +11
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-0293 MEDIUM This Month

A security vulnerability in Ivanti Connect Secure (CVSS 6.6) that allows a remote authenticated attacker with admin rights. Remediation should follow standard vulnerability management procedures.

Code Injection Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-21426 MEDIUM PATCH This Month

Memory corruption while processing camera TPG write request.

Buffer Overflow Wsa8832 Firmware Wsa8835 Firmware Snapdragon Ar1 Gen 1 Platform Firmware Ssg2115p Firmware +6
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-47978 MEDIUM PATCH This Month

Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.

Microsoft Information Disclosure Buffer Overflow Windows Server 2022 23h2 Windows Server 2022 +2
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-40593 MEDIUM This Month

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0). The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition.

Denial Of Service Simatic Cn 4100 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-41665 MEDIUM PATCH This Month

An low privileged remote attacker can enforce the watchdog of the affected devices to reboot the PLC due to incorrect default permissions of a config file.

Privilege Escalation
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49671 MEDIUM PATCH This Month

Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Buffer Overflow Windows Server 2022 Windows Server 2025 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-48802 MEDIUM PATCH This Month

Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.

Microsoft Information Disclosure Windows Server 2022 23h2 Windows Server 2022 Windows 11 22h2 +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49681 MEDIUM PATCH This Month

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Buffer Overflow Windows Server 2012 Windows Server 2022 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49670 MEDIUM PATCH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2025 +6
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-7030 MEDIUM PATCH This Month

CVE-2025-7030 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Information Disclosure Two Factor Authentication Drupal
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-5464 MEDIUM This Month

Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.

Information Disclosure Ivanti Connect Secure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-29267 MEDIUM This Month

SQL Injection vulnerability in Abis, Inc Adjutant Core Accounting ERP build v.PreBeta250F allows a remote attacker to obtain a sensitive information via the cid parameter in the GET request.

SQLi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-20695 MEDIUM This Month

In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317.

Denial Of Service Software Development Kit Android Openwrt Google
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-20694 MEDIUM This Month

In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09752821; Issue ID: MSV-3342.

Denial Of Service Software Development Kit Android Openwrt Google
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-20693 MEDIUM This Month

In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421.

Information Disclosure Buffer Overflow Yocto Openwrt Software Development Kit +2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-7154 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216. Affected by this issue is the function sub_41A0F8 of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
2.0%
CVE-2025-6743 MEDIUM This Month

The Woodmart theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'multiple_markers' attribute in all versions up to, and including, 8.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Woodmart PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-5537 MEDIUM PATCH This Month

The Lightbox & Modal Popup WordPress Plugin - FooBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alternative texts in all versions up to, and including, 2.7.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Foobox PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-6244 MEDIUM PATCH This Month

The Essential Addons for Elementor - Popular Elementor Templates and Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via `Calendar` And `Business Reviews` Widgets attributes in all versions up to, and including, 6.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Essential Addons For Elementor PHP Elementor
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-3630 MEDIUM This Month

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

XSS IBM Sterling B2b Integrator Sterling File Gateway
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-20983 MEDIUM This Month

Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-20982 MEDIUM This Month

Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.4
EPSS
0.0%
Prev Page 6 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy