Skip to main content
CVE-2025-27367 MEDIUM PATCH This Month

A security vulnerability in IBM OpenPages with Watson 8.3 and 9.0 (CVSS 5.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Authentication Bypass IBM Openpages With Watson
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-53009 MEDIUM This Month

Memory corruption while operating the mailbox in Automotive.

Buffer Overflow Sa8145p Firmware Qca6797aq Firmware Aqt1000 Firmware Sd675 Firmware +181
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-49784 MEDIUM PATCH This Month

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values they could exploit this weaker algorithm to use additional cryptographic methods to possibly extract the encrypted data.

Information Disclosure IBM Openpages With Watson
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-49542 MEDIUM This Month

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser, scope is changed. The vulnerable component is restricted to internal IP addresses.

XSS Coldfusion
NVD
CVSS 3.1
5.2
EPSS
0.1%
CVE-2025-24004 MEDIUM This Month

A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.

Buffer Overflow Charx Sec 3150 Firmware Charx Sec 3000 Firmware Charx Sec 3100 Firmware Charx Sec 3050 Firmware
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-5451 MEDIUM This Month

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a denial of service.

Buffer Overflow Ivanti Stack Overflow Denial Of Service Connect Secure +1
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2025-42968 MEDIUM PATCH This Month

SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application.

SAP Authentication Bypass Netweaver
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-4663 MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS). The vulnerability is encountered when supportsave is invoked remotely, using ssh command or SANnav inline ssh, and the corresponding ssh session is terminated with Control C (^c ) before supportsave completion. This issue affects Brocade Fabric OS 9.0.0 through 9.2.2

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-42961 MEDIUM This Month

Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access sensitive database tables. By leveraging overly permissive access configurations, unauthorized reading of critical data is possible, resulting in a significant impact on the confidentiality of the information stored. However, the integrity and availability of the system remain unaffected.

SAP Authentication Bypass
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-41223 MEDIUM This Month

A security vulnerability in A vulnerability (CVSS 4.8). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-49539 MEDIUM This Month

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to access sensitive information. Exploitation of this issue does not require user interaction. The vulnerable component is restricted to internal IP addresses.

XXE Coldfusion
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2025-27127 MEDIUM This Month

A vulnerability has been identified in TIA Project-Server (All versions < V2.1.1), TIA Project-Server V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 4), Totally Integrated Automation Portal (TIA Portal) V20 (All versions < V20 Update 3). The affected application improperly handles uploaded projects in the document root. This could allow an attacker with contributor privileges to cause denial of service by uploading a malicious project.

File Upload Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-42960 MEDIUM This Month

CVE-2025-42960 is a security vulnerability (CVSS 4.3) that allows an authenticated attacker. Remediation should follow standard vulnerability management procedures.

SAP Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-42986 MEDIUM PATCH This Month

Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application.

SAP Authentication Bypass Sap Basis
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-42974 MEDIUM This Month

CVE-2025-42974 is a security vulnerability (CVSS 4.3) that allows access. Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-27369 MEDIUM This Month

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuration and internal state which is only intended for administrators of the system.

Information Disclosure IBM Openpages With Watson
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-2827 MEDIUM This Month

CVE-2025-2827 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure IBM Sterling File Gateway
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49543 MEDIUM This Month

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, scope is changed. The vulnerable component is restricted to internal IP addresses.

XSS Coldfusion
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49541 MEDIUM This Month

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, scope is changed. The vulnerable component is restricted to internal IP addresses.

XSS Coldfusion
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49540 MEDIUM This Month

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, scope is changed. The vulnerable component is restricted to internal IP addresses.

XSS Coldfusion
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-42965 MEDIUM This Month

SAP CMC Promotion Management allows an authenticated attacker to enumerate internal network systems by submitting crafted requests during job source configuration. By analysing response times for various IP addresses and ports, the attacker can infer valid network endpoints. Successful exploitation may lead to information disclosure. This vulnerability does not impact the integrity or availability of the application.

SAP Information Disclosure SSRF
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-31326 MEDIUM This Month

SAP�BusinessObjects Business�Intelligence Platform (Web Intelligence) is vulnerable to HTML Injection, allowing an attacker with basic user privileges to inject malicious code into specific input fields. This could lead to unintended redirects or manipulation of application behavior, such as redirecting users to attacker-controlled domains. This issue primarily affects the integrity of the system. However, the confidentiality and availability of the system remain unaffected.

SAP XSS
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-20999 MEDIUM This Month

Improper authorization in accessing saved Wi-Fi password for Galaxy Tablet prior to SMR Jul-2025 Release 1 allows secondary users to access owner's saved Wi-Fi password.

Authentication Bypass Android
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-21003 MEDIUM This Month

Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information.

Information Disclosure Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-42971 MEDIUM This Month

A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could lead to file extraction and file overwrite outside the intended directories. This vulnerability has low impact on the confidentiality, integrity and availability of the application.

Buffer Overflow Memory Corruption
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-36349 LOW PATCH Monitor

A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.

Information Disclosure Ubuntu Debian
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2024-36348 LOW PATCH Monitor

A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.

Information Disclosure Ubuntu Debian
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-49760 LOW PATCH Monitor

A security vulnerability in External control of file name or path in Windows Storage (CVSS 3.5) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Windows
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2025-42978 LOW Monitor

CVE-2025-42978 is a security vulnerability (CVSS 3.5). Remediation should follow standard vulnerability management procedures.

SAP Information Disclosure Java
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-49756 LOW Monitor

Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally.

Microsoft Authentication Bypass
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-49731 LOW PATCH Monitor

A privilege escalation vulnerability in Improper handling of insufficient permissions or privileges in Microsoft Teams (CVSS 3.1) that allows an authorized attacker. Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2025-24474 LOW Monitor

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiManager Cloud 7.4.1 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiAnalyzer 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; and FortiAnalyzer Cloud 7.4.1 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker with high privilege to extract database information via crafted requests.

SQLi Fortinet
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-42954 LOW Monitor

SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to low impact on availability of the application, there is no impact on confidentiality and integrity.

SAP Denial Of Service
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-49546 LOW Monitor

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Access Control vulnerability that could lead to a partial application denial-of-service. A high-privileged attacker could exploit this vulnerability to partially disrupt the availability of the application. Exploitation of this issue does not require user interaction and scope is unchanged. The vulnerable component is restricted to internal IP addresses.

Authentication Bypass
NVD
CVSS 3.1
2.4
EPSS
0.0%
CVE-2025-7156 LOW Monitor

A vulnerability has been found in hitsz-ids airda 0.0.3 and classified as critical. This vulnerability affects the function execute of the file /v1/chat/completions. The manipulation of the argument question leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-53617 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-53616 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-53615 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-53614 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-53613 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-53612 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-53611 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-53610 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
Prev Page 9 of 9

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy