353 CVEs tracked today. 14 Critical, 167 High, 156 Medium, 15 Low.
-
CVE-2025-55169
CRITICAL
CVSS 10.0
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Authentication Bypass
PHP
Path Traversal
Wegia
-
CVE-2025-55168
CRITICAL
CVSS 9.4
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHP
SQLi
Wegia
-
CVE-2025-55167
CRITICAL
CVSS 9.4
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
PHP
SQLi
Wegia
-
CVE-2025-55010
CRITICAL
CVSS 9.1
Kanboard is project management software that focuses on the Kanban methodology. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
PHP
Deserialization
RCE
Kanboard
-
CVE-2025-53722
HIGH
CVSS 7.5
Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.
Denial Of Service
Microsoft
Windows 10 1507
Windows 10 1607
Windows 10 1809
-
CVE-2025-50165
CRITICAL
CVSS 9.8
Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Microsoft
Windows 11 24h2
Windows Server 2025
-
CVE-2025-49457
CRITICAL
CVSS 9.6
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft
Privilege Escalation
Meeting Software Development Kit
Rooms
Rooms Controller
-
CVE-2025-24325
CRITICAL
CVSS 9.3
Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Linux
Intel
Linux Kernel
-
CVE-2025-53766
CRITICAL
CVSS 9.8
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Microsoft
Office
Windows 10 1507
-
CVE-2025-50171
CRITICAL
CVSS 9.1
Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Windows Server 2022
Windows Server 2022 23h2
Windows Server 2025
Microsoft
-
CVE-2025-42957
CRITICAL
CVSS 9.9
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
RCE
Sap
Code Injection
-
CVE-2025-42950
CRITICAL
CVSS 9.9
SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
RCE
Sap
Code Injection
-
CVE-2025-40746
CRITICAL
CVSS 9.4
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
RCE
Simatic Rtls Locating Manager
-
CVE-2025-25256
CRITICAL
CVSS 9.8
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 44.9% and no vendor patch available.
Command Injection
Fortinet
Fortisiem
-
CVE-2025-8059
CRITICAL
CVSS 9.8
The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
WordPress
Privilege Escalation
PHP
-
CVE-2025-55171
HIGH
CVSS 7.5
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
Authentication Bypass
PHP
Wegia
-
CVE-2025-55165
HIGH
CVSS 8.2
Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
-
CVE-2025-55164
HIGH
CVSS 8.8
content-security-policy-parser parses content security policy directives. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Prototype Pollution
Information Disclosure
-
CVE-2025-54800
HIGH
CVSS 7.1
Hydra is a continuous integration service for Nix based projects. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
XSS
Hydra
-
CVE-2025-54232
HIGH
CVSS 7.8
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
RCE
Use After Free
Adobe
Denial Of Service
-
CVE-2025-54231
HIGH
CVSS 7.8
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
RCE
Use After Free
Adobe
Denial Of Service
-
CVE-2025-54230
HIGH
CVSS 7.8
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
RCE
Use After Free
Adobe
Denial Of Service
-
CVE-2025-54229
HIGH
CVSS 7.8
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
RCE
Use After Free
Adobe
Denial Of Service
-
CVE-2025-54226
HIGH
CVSS 7.8
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
RCE
Use After Free
Indesign
-
CVE-2025-54225
HIGH
CVSS 7.8
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
RCE
Use After Free
Indesign
-
CVE-2025-54224
HIGH
CVSS 7.8
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
RCE
Use After Free
Indesign
-
CVE-2025-54223
HIGH
CVSS 7.8
InCopy versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
RCE
Use After Free
Incopy
-
CVE-2025-54222
HIGH
CVSS 7.8
Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
RCE
Substance 3d Stager
-
CVE-2025-54221
HIGH
CVSS 7.8
InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
RCE
Incopy
-
CVE-2025-54220
HIGH
CVSS 7.8
InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
RCE
Incopy
-
CVE-2025-54219
HIGH
CVSS 7.8
InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
RCE
Incopy
-
CVE-2025-54218
HIGH
CVSS 7.8
InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
RCE
Incopy
-
CVE-2025-54217
HIGH
CVSS 7.8
InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
RCE
Incopy
-
CVE-2025-54216
HIGH
CVSS 7.8
InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
RCE
Incopy
-
CVE-2025-54215
HIGH
CVSS 7.8
InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
RCE
Incopy
-
CVE-2025-54213
HIGH
CVSS 7.8
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
RCE
Indesign
-
CVE-2025-54212
HIGH
CVSS 7.8
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
RCE
Indesign
-
CVE-2025-54211
HIGH
CVSS 7.8
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
RCE
Indesign
-
CVE-2025-54210
HIGH
CVSS 7.8
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
RCE
Indesign
-
CVE-2025-54209
HIGH
CVSS 7.8
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
RCE
Indesign
-
CVE-2025-54208
HIGH
CVSS 7.8
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
RCE
Indesign
-
CVE-2025-54207
HIGH
CVSS 7.8
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
RCE
Indesign
-
CVE-2025-54206
HIGH
CVSS 7.8
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
RCE
Indesign
-
CVE-2025-54187
HIGH
CVSS 7.8
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
RCE
Substance 3d Painter
-
CVE-2025-53793
HIGH
CVSS 7.5
Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Microsoft
Path Traversal
Azure Stack Hub
-
CVE-2025-53789
HIGH
CVSS 7.8
Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass
Microsoft
Windows 10 1507
Windows 10 1607
Windows 10 1809
-
CVE-2025-53788
HIGH
CVSS 7.0
Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Microsoft
Information Disclosure
Windows Subsystem For Linux
Windows
-
CVE-2025-53784
HIGH
CVSS 8.4
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Microsoft
365 Apps
-
CVE-2025-53783
HIGH
CVSS 7.5
Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Heap Overflow
Buffer Overflow
Microsoft
Dynamics 365 Guides
Dynamics 365 Remote Assist
-
CVE-2025-53781
HIGH
CVSS 7.7
Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Ecesv6 Series Azure Vm Firmware
Dcesv6 Series Azure Vm Firmware
Nccadsh100V5 Series Azure Vm Firmware
-
CVE-2025-53779
HIGH
CVSS 7.2
Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft
Path Traversal
Windows Server 2025
Windows
-
CVE-2025-53778
HIGH
CVSS 8.8
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass
Microsoft
Windows 10 1507
Windows 10 1607
Windows 10 1809
-
CVE-2025-53773
HIGH
CVSS 7.8
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Command Injection
Visual Studio 2022
-
CVE-2025-53772
HIGH
CVSS 8.8
Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Deserialization
Web Deploy 4 0
-
CVE-2025-53761
HIGH
CVSS 7.8
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Microsoft
365 Apps
-
CVE-2025-53760
HIGH
CVSS 7.1
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft
SSRF
Sharepoint Server
-
CVE-2025-53759
HIGH
CVSS 7.8
Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Microsoft
365 Apps
Office
Office Long Term Servicing Channel
-
CVE-2025-53744
HIGH
CVSS 7.2
An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Fortinet
Privilege Escalation
Fortios
-
CVE-2025-53741
HIGH
CVSS 7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Microsoft
365 Apps
Excel
-
CVE-2025-53740
HIGH
CVSS 8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Microsoft
365 Apps
-
CVE-2025-53739
HIGH
CVSS 7.8
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Authentication Bypass
Microsoft
365 Apps
Excel
-
CVE-2025-53738
HIGH
CVSS 7.8
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Microsoft
365 Apps
-
CVE-2025-53737
HIGH
CVSS 7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Microsoft
365 Apps
Excel
-
CVE-2025-53735
HIGH
CVSS 7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Microsoft
365 Apps
-
CVE-2025-53734
HIGH
CVSS 7.8
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Microsoft
365 Apps
-
CVE-2025-53733
HIGH
CVSS 8.4
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Microsoft
365 Apps
Office
Office Long Term Servicing Channel
-
CVE-2025-53732
HIGH
CVSS 7.8
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Microsoft
Office
-
CVE-2025-53731
HIGH
CVSS 8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Microsoft
365 Apps
-
CVE-2025-53730
HIGH
CVSS 7.8
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Microsoft
365 Apps
-
CVE-2025-53729
HIGH
CVSS 7.8
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass
Microsoft
Azure File Sync
-
CVE-2025-53727
HIGH
CVSS 8.8
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQLi
Sql Server 2016
Sql Server 2017
Sql Server 2019
Sql Server 2022
-
CVE-2025-53726
HIGH
CVSS 7.8
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption
Microsoft
Information Disclosure
Windows 10 1507
Windows 10 1607
-
CVE-2025-53725
HIGH
CVSS 7.8
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption
Microsoft
Information Disclosure
Windows 10 1507
Windows 10 1607
-
CVE-2025-53724
HIGH
CVSS 7.8
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption
Microsoft
Information Disclosure
Windows 10 1507
Windows 10 1607
-
CVE-2025-53723
HIGH
CVSS 7.8
Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Microsoft
Windows 10 1507
Windows 10 1607
-
CVE-2025-53721
HIGH
CVSS 7.0
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Microsoft
Windows 10 1809
-
CVE-2025-53720
HIGH
CVSS 8.0
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Microsoft
Windows Server 2008
Windows Server 2012
-
CVE-2025-53718
HIGH
CVSS 7.0
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Microsoft
Windows 10 1507
-
CVE-2025-53155
HIGH
CVSS 7.8
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Microsoft
Windows 10 1507
Windows 10 1607
-
CVE-2025-53154
HIGH
CVSS 7.8
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Null Pointer Dereference
Microsoft
Windows 10 1507
Windows 10 1607
-
CVE-2025-53152
HIGH
CVSS 7.8
Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Microsoft
Windows 10 1507
-
CVE-2025-53151
HIGH
CVSS 7.8
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Microsoft
Windows 10 1809
-
CVE-2025-53149
HIGH
CVSS 7.8
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Heap Overflow
Buffer Overflow
Windows 10 1507
Windows 10 1607
Windows 10 1809
-
CVE-2025-53147
HIGH
CVSS 7.0
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Microsoft
Windows 10 1507
-
CVE-2025-53145
HIGH
CVSS 8.8
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Memory Corruption
Microsoft
Information Disclosure
Windows 10 1507
Windows 10 1607
-
CVE-2025-53144
HIGH
CVSS 8.8
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Memory Corruption
Microsoft
Information Disclosure
Windows 10 1507
Windows 10 1607
-
CVE-2025-53143
HIGH
CVSS 8.8
Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Memory Corruption
Microsoft
Information Disclosure
Windows 10 1507
Windows 10 1607
-
CVE-2025-53142
HIGH
CVSS 7.0
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Microsoft
Windows 11 22h2
-
CVE-2025-53141
HIGH
CVSS 7.8
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Null Pointer Dereference
Microsoft
Windows 10 1507
Windows 10 1607
-
CVE-2025-53140
HIGH
CVSS 7.0
Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Windows 10 1507
Windows 10 1607
-
CVE-2025-53137
HIGH
CVSS 7.0
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Microsoft
Windows 10 1507
-
CVE-2025-53135
HIGH
CVSS 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Information Disclosure
Microsoft
Race Condition
Windows 10 1507
Windows 10 1607
-
CVE-2025-53134
HIGH
CVSS 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.
Microsoft
Information Disclosure
Windows 10 1507
Windows 10 1607
Windows 10 1809
-
CVE-2025-53133
HIGH
CVSS 7.8
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Microsoft
Windows 11 24h2
-
CVE-2025-53132
HIGH
CVSS 7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
Microsoft
Race Condition
Windows 10 1507
Windows 10 1607
-
CVE-2025-53131
HIGH
CVSS 8.8
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Microsoft
Windows 10 1809
Windows 10 21h2
-
CVE-2025-52970
HIGH
CVSS 8.1
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 28.8%.
Fortinet
Information Disclosure
Fortiweb
-
CVE-2025-50177
HIGH
CVSS 8.1
Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Denial Of Service
Microsoft
Race Condition
Windows 10 1507
Windows 10 1607
-
CVE-2025-50176
HIGH
CVSS 7.8
Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Windows 11 22h2
Windows 11 23h2
Windows 11 24h2
-
CVE-2025-50173
HIGH
CVSS 7.8
Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Windows 10 1507
Windows 10 1607
Windows 10 1809
-
CVE-2025-50170
HIGH
CVSS 7.8
Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Windows 10 1809
Windows 10 21h2
Windows 10 22h2
-
CVE-2025-50169
HIGH
CVSS 7.5
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Authentication Bypass
Microsoft
Race Condition
Windows 11 24h2
Windows Server 2025
-
CVE-2025-50168
HIGH
CVSS 7.8
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Microsoft
Windows 11 22h2
Windows 11 23h2
-
CVE-2025-50167
HIGH
CVSS 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.
Information Disclosure
Microsoft
Race Condition
Windows 10 1507
Windows 10 1607
-
CVE-2025-50164
HIGH
CVSS 8.0
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Microsoft
Windows Server 2008
Windows Server 2012
-
CVE-2025-50163
HIGH
CVSS 8.8
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Microsoft
Windows Server 2008
Windows Server 2012
-
CVE-2025-50162
HIGH
CVSS 8.0
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Microsoft
Windows Server 2008
Windows Server 2012
-
CVE-2025-50161
HIGH
CVSS 7.3
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Microsoft
Windows 10 1507
Windows 10 1607
-
CVE-2025-50160
HIGH
CVSS 8.0
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Microsoft
Windows Server 2008
Windows Server 2012
-
CVE-2025-50159
HIGH
CVSS 7.3
Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Windows 10 1507
Windows 10 1607
-
CVE-2025-50158
HIGH
CVSS 7.0
Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
Microsoft
Information Disclosure
Windows 10 1507
Windows 10 1607
Windows 10 1809
-
CVE-2025-50155
HIGH
CVSS 7.8
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Microsoft
Windows 10 1507
Windows 10 1607
-
CVE-2025-50153
HIGH
CVSS 7.8
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Microsoft
Windows 10 1507
-
CVE-2025-49813
HIGH
CVSS 7.2
An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Command Injection
Fortinet
Fortiadc
-
CVE-2025-49762
HIGH
CVSS 7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.
Information Disclosure
Microsoft
Race Condition
Windows 10 1507
Windows 10 1607
-
CVE-2025-49761
HIGH
CVSS 7.8
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Microsoft
Windows 10 1507
-
CVE-2025-49759
HIGH
CVSS 8.8
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQLi
Sql Server 2016
Sql Server 2017
Sql Server 2019
Sql Server 2022
-
CVE-2025-49758
HIGH
CVSS 8.8
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Privilege Escalation
SQLi
Sql Server 2016
Sql Server 2017
Sql Server 2019
-
CVE-2025-49757
HIGH
CVSS 8.8
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
Microsoft
Windows Server 2008
Windows Server 2012
-
CVE-2025-49712
HIGH
CVSS 8.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Deserialization
Microsoft
Sharepoint Server
-
CVE-2025-49707
HIGH
CVSS 7.9
Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass
Microsoft
Ecesv6 Series Azure Vm Firmware
Dcesv6 Series Azure Vm Firmware
Nccadsh100V5 Series Azure Vm Firmware
-
CVE-2025-49573
HIGH
CVSS 7.8
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
RCE
Substance 3d Modeler
-
CVE-2025-49572
HIGH
CVSS 7.8
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
RCE
Substance 3d Modeler
-
CVE-2025-49571
HIGH
CVSS 7.8
Substance3D - Modeler versions 1.22.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
RCE
Substance 3d Modeler
-
CVE-2025-49570
HIGH
CVSS 7.8
Photoshop Desktop versions 25.12.3, 26.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
RCE
Photoshop
-
CVE-2025-49569
HIGH
CVSS 7.8
Substance3D - Viewer versions 0.25 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
RCE
Substance 3d Viewer
-
CVE-2025-49564
HIGH
CVSS 7.8
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Stack Overflow
RCE
Illustrator
-
CVE-2025-49563
HIGH
CVSS 7.8
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
RCE
Illustrator
-
CVE-2025-49561
HIGH
CVSS 7.8
Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
RCE
Use After Free
Animate
-
CVE-2025-49560
HIGH
CVSS 7.8
Substance3D - Viewer versions 0.25 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Heap Overflow
Buffer Overflow
RCE
Substance 3d Viewer
-
CVE-2025-49557
HIGH
CVSS 8.7
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Adobe
XSS
Commerce
Commerce B2b
Magento
-
CVE-2025-49556
HIGH
CVSS 7.5
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Adobe
Commerce
Commerce B2b
Magento
-
CVE-2025-49555
HIGH
CVSS 8.1
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
CSRF
Adobe
Authentication Bypass
Privilege Escalation
Information Disclosure
-
CVE-2025-49554
HIGH
CVSS 7.5
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial Of Service
Adobe
Commerce
Commerce B2b
Magento
-
CVE-2025-47954
HIGH
CVSS 8.8
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQLi
Sql Server 2022
-
CVE-2025-47444
HIGH
CVSS 7.5
Insertion of Sensitive Information Into Sent Data vulnerability in Liquid Web GiveWP allows Retrieve Embedded Sensitive Data.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
-
CVE-2025-42976
HIGH
CVSS 8.1
SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Buffer Overflow
Sap
Information Disclosure
-
CVE-2025-42951
HIGH
CVSS 8.8
Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a result , it has a high. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass
Sap
-
CVE-2025-41686
HIGH
CVSS 7.8
A low-privileged local attacker can exploit improper permissions on nssm.exe to escalate their privileges and gain administrative access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass
-
CVE-2025-40770
HIGH
CVSS 7.5
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.
Information Disclosure
Sinec Traffic Analyzer
-
CVE-2025-40769
HIGH
CVSS 7.5
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.
XSS
-
CVE-2025-40768
HIGH
CVSS 7.0
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Sinec Traffic Analyzer
-
CVE-2025-40767
HIGH
CVSS 8.8
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). Rated high severity (CVSS 8.8). No vendor patch available.
Docker
Privilege Escalation
Sinec Traffic Analyzer
-
CVE-2025-40764
HIGH
CVSS 7.3
A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.
Buffer Overflow
Information Disclosure
Simcenter Femap
-
CVE-2025-40762
HIGH
CVSS 7.3
A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.
Memory Corruption
Buffer Overflow
Simcenter Femap
-
CVE-2025-40761
HIGH
CVSS 8.6
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
-
CVE-2025-40759
HIGH
CVSS 8.5
A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions <. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
RCE
Deserialization
-
CVE-2025-40743
HIGH
CVSS 8.7
A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
-
CVE-2025-38500
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Debian
Linux
Memory Corruption
Use After Free
Ubuntu
-
CVE-2025-33051
HIGH
CVSS 7.5
Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Exchange Server
-
CVE-2025-30033
HIGH
CVSS 8.5
The affected setup component is vulnerable to DLL hijacking. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
RCE
-
CVE-2025-25273
HIGH
CVSS 8.8
Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 8.8). No vendor patch available.
Privilege Escalation
Linux
Intel
Linux Kernel
-
CVE-2025-24999
HIGH
CVSS 8.8
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass
Sql Server 2016
Sql Server 2017
Sql Server 2019
Sql Server 2022
-
CVE-2025-24486
HIGH
CVSS 8.8
Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 8.8). No vendor patch available.
Privilege Escalation
Linux
Intel
Linux Kernel
-
CVE-2025-24484
HIGH
CVSS 8.8
Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 8.8). No vendor patch available.
Privilege Escalation
Linux
Intel
Linux Kernel
-
CVE-2025-24323
HIGH
CVSS 7.0
Improper access control in some firmware package and LED mode toggle tool for some Intel(R) PCIe Switch software before version MR4_1.0b1 may allow a privileged user to potentially enable escalation. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass
Privilege Escalation
Intel
-
CVE-2025-24305
HIGH
CVSS 7.0
Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of. Rated high severity (CVSS 7.0). No vendor patch available.
Privilege Escalation
Intel
-
CVE-2025-24303
HIGH
CVSS 8.8
Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable. Rated high severity (CVSS 8.8). No vendor patch available.
Privilege Escalation
Linux
Intel
Linux Kernel
-
CVE-2025-23241
HIGH
CVSS 8.4
Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable denial of service via. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Intel
Linux
Integer Overflow
Linux Kernel
-
CVE-2025-22893
HIGH
CVSS 8.8
Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 8.8). No vendor patch available.
Privilege Escalation
Linux
Intel
Linux Kernel
-
CVE-2025-22889
HIGH
CVSS 7.0
Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Intel
Suse
-
CVE-2025-22839
HIGH
CVSS 7.3
Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 7.3). No vendor patch available.
Privilege Escalation
Intel
Suse
-
CVE-2025-22836
HIGH
CVSS 8.8
Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 8.8). No vendor patch available.
Intel
Privilege Escalation
Linux
Integer Overflow
Linux Kernel
-
CVE-2025-22830
HIGH
CVSS 7.3
APTIOV contains a vulnerability in BIOS where a skilled user may cause “Race Condition” by local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Race Condition
Aptio V
-
CVE-2025-20625
HIGH
CVSS 7.1
Improper conditions check for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.110.0.5 may allow an unauthenticated user to potentially enable denial of service via adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Denial Of Service
Microsoft
Intel
Windows
-
CVE-2025-20109
HIGH
CVSS 7.3
Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3). No vendor patch available.
Privilege Escalation
Intel
Suse
-
CVE-2025-20093
HIGH
CVSS 8.6
Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Linux
Intel
Linux Kernel
-
CVE-2025-20074
HIGH
CVSS 7.3
Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40.24.11210 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Intel
-
CVE-2025-20053
HIGH
CVSS 7.0
Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.0). No vendor patch available.
Buffer Overflow
Privilege Escalation
Intel
Suse
-
CVE-2025-8418
HIGH
CVSS 8.8
The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass
WordPress
RCE
PHP
-
CVE-2025-8297
HIGH
CVSS 7.2
Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
RCE
File Upload
Ivanti
Avalanche
-
CVE-2025-8296
HIGH
CVSS 7.2
SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
RCE
SQLi
Ivanti
Avalanche
-
CVE-2025-6253
HIGH
CVSS 7.5
The UiCore Elements - Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the prepare_template() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
WordPress
PHP
-
CVE-2025-5462
HIGH
CVSS 7.5
A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap Overflow
Denial Of Service
Buffer Overflow
Ivanti
Connect Secure
-
CVE-2025-5456
HIGH
CVSS 7.5
A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial Of Service
Buffer Overflow
Information Disclosure
Ivanti
Connect Secure
-
CVE-2025-5391
HIGH
CVSS 8.1
The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
PHP
Path Traversal
RCE
-
CVE-2025-3831
HIGH
CVSS 8.1
Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Information Disclosure
Harmony Sase
-
CVE-2024-54678
HIGH
CVSS 8.6
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.
RCE
Deserialization
Microsoft
Windows
-
CVE-2024-52504
HIGH
CVSS 8.7
A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial Of Service
-
CVE-2024-41979
HIGH
CVSS 7.5
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 <. Rated high severity (CVSS 7.5). No vendor patch available.
Authentication Bypass
Opcenter Quality
-
CVE-2024-26009
HIGH
CVSS 8.1
An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15 and before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Authentication Bypass
Fortinet
Fortiswitchmanager
Fortiproxy
Fortipam
-
CVE-2025-55170
MEDIUM
CVSS 6.5
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
PHP
XSS
Wegia
-
CVE-2025-55166
MEDIUM
CVSS 5.1
savg-sanitizer is a PHP SVG/XML sanitizer. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PHP
XSS
-
CVE-2025-55011
MEDIUM
CVSS 6.4
Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Path Traversal
Kanboard
-
CVE-2025-54864
MEDIUM
CVSS 6.9
Hydra is a continuous integration service for Nix based projects. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.
Authentication Bypass
Denial Of Service
Hydra
-
CVE-2025-54238
MEDIUM
CVSS 5.5
Dimension versions 4.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Dimension
-
CVE-2025-54235
MEDIUM
CVSS 5.5
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Modeler
-
CVE-2025-54233
MEDIUM
CVSS 5.5
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Adobe
Information Disclosure
Framemaker
-
CVE-2025-54228
MEDIUM
CVSS 5.5
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Indesign
-
CVE-2025-54227
MEDIUM
CVSS 5.5
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Indesign
-
CVE-2025-54214
MEDIUM
CVSS 5.5
InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Indesign
-
CVE-2025-54205
MEDIUM
CVSS 5.5
Substance3D - Sampler versions 5.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Sampler
-
CVE-2025-54204
MEDIUM
CVSS 5.5
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Modeler
-
CVE-2025-54203
MEDIUM
CVSS 5.5
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Modeler
-
CVE-2025-54202
MEDIUM
CVSS 5.5
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Modeler
-
CVE-2025-54201
MEDIUM
CVSS 5.5
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Modeler
-
CVE-2025-54200
MEDIUM
CVSS 5.5
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Modeler
-
CVE-2025-54199
MEDIUM
CVSS 5.5
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Modeler
-
CVE-2025-54198
MEDIUM
CVSS 5.5
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Modeler
-
CVE-2025-54197
MEDIUM
CVSS 5.5
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Modeler
-
CVE-2025-54195
MEDIUM
CVSS 5.5
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Painter
-
CVE-2025-54194
MEDIUM
CVSS 5.5
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Painter
-
CVE-2025-54193
MEDIUM
CVSS 5.5
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Painter
-
CVE-2025-54192
MEDIUM
CVSS 5.5
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Painter
-
CVE-2025-54191
MEDIUM
CVSS 5.5
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Painter
-
CVE-2025-54190
MEDIUM
CVSS 5.5
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Painter
-
CVE-2025-54189
MEDIUM
CVSS 5.5
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Painter
-
CVE-2025-54188
MEDIUM
CVSS 5.5
Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Painter
-
CVE-2025-54186
MEDIUM
CVSS 5.5
Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Substance 3d Modeler
-
CVE-2025-53769
MEDIUM
CVSS 5.5
External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Windows Security App
Windows
-
CVE-2025-53765
MEDIUM
CVSS 4.4
Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Azure App Service On Azure Stack
-
CVE-2025-53736
MEDIUM
CVSS 6.8
Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Buffer Overflow
Microsoft
365 Apps
Office
Office Long Term Servicing Channel
-
CVE-2025-53728
MEDIUM
CVSS 6.5
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Dynamics 365
-
CVE-2025-53719
MEDIUM
CVSS 5.7
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Windows Server 2008
Windows Server 2012
Windows Server 2016
-
CVE-2025-53716
MEDIUM
CVSS 6.5
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Denial Of Service
Null Pointer Dereference
Microsoft
Windows 10 1809
Windows 10 21h2
-
CVE-2025-53156
MEDIUM
CVSS 5.5
Exposure of sensitive information to an unauthorized actor in Storage Port Driver allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
Windows 11 24h2
Windows Server 2022 23h2
Windows Server 2025
Microsoft
-
CVE-2025-53153
MEDIUM
CVSS 5.7
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Windows Server 2008
Windows Server 2012
Windows Server 2016
-
CVE-2025-53148
MEDIUM
CVSS 5.7
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Windows Server 2008
Windows Server 2012
Windows Server 2016
-
CVE-2025-53138
MEDIUM
CVSS 5.7
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Windows Server 2008
Windows Server 2012
Windows Server 2016
-
CVE-2025-53136
MEDIUM
CVSS 5.5
Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Windows 10 1507
Windows 10 1607
Windows 10 1809
-
CVE-2025-50172
MEDIUM
CVSS 6.5
Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.9% and no vendor patch available.
Denial Of Service
Microsoft
Windows 10 1809
Windows 10 21h2
Windows 10 22h2
-
CVE-2025-50166
MEDIUM
CVSS 6.5
Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Integer Overflow
Windows 10 1507
Windows 10 1607
-
CVE-2025-50157
MEDIUM
CVSS 5.7
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Windows Server 2008
Windows Server 2012
Windows Server 2016
-
CVE-2025-50156
MEDIUM
CVSS 5.7
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Windows Server 2008
Windows Server 2012
Windows Server 2016
-
CVE-2025-50154
MEDIUM
CVSS 6.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.1%.
Microsoft
Information Disclosure
Windows 10 1507
Windows 10 1607
Windows 10 1809
-
CVE-2025-49755
MEDIUM
CVSS 4.3
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Google
Microsoft
Edge
Android
-
CVE-2025-49751
MEDIUM
CVSS 6.8
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Windows 10 1607
Windows 10 1809
Windows 10 21h2
-
CVE-2025-49745
MEDIUM
CVSS 5.4
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft
XSS
Dynamics 365
-
CVE-2025-49743
MEDIUM
CVSS 6.7
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7). No vendor patch available.
Information Disclosure
Microsoft
Race Condition
Windows 10 1507
Windows 10 1607
-
CVE-2025-49736
MEDIUM
CVSS 4.3
The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Google
Microsoft
Edge
Android
-
CVE-2025-49568
MEDIUM
CVSS 5.5
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Illustrator
-
CVE-2025-49567
MEDIUM
CVSS 5.5
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Denial Of Service
Null Pointer Dereference
Illustrator
-
CVE-2025-49562
MEDIUM
CVSS 5.5
Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Denial Of Service
Use After Free
Animate
-
CVE-2025-49559
MEDIUM
CVSS 5.3
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Adobe
Path Traversal
Commerce
Magento
Commerce B2b
-
CVE-2025-49558
MEDIUM
CVSS 5.9
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Authentication Bypass
Adobe
Commerce
Commerce B2b
Magento
-
CVE-2025-49456
MEDIUM
CVSS 6.2
Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Meeting Software Development Kit
Rooms
Rooms Controller
-
CVE-2025-48807
MEDIUM
CVSS 6.7
Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. Rated medium severity (CVSS 6.7). No vendor patch available.
Microsoft
Information Disclosure
Windows 10 1607
Windows 10 1809
Windows 10 21h2
-
CVE-2025-47857
MEDIUM
CVSS 6.7
A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Command Injection
Fortinet
RCE
Fortiweb
-
CVE-2025-43736
MEDIUM
CVSS 6.9
A Denial Of Service via File Upload (DOS) vulnerability in the Liferay Portal 7.4.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial Of Service
File Upload
Digital Experience Platform
Liferay Portal
-
CVE-2025-43735
MEDIUM
CVSS 6.9
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
XSS
Digital Experience Platform
Liferay Portal
-
CVE-2025-43734
MEDIUM
CVSS 5.1
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
XSS
Digital Experience Platform
Liferay Portal
-
CVE-2025-42975
MEDIUM
CVSS 6.1
SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Sap
XSS
-
CVE-2025-42949
MEDIUM
CVSS 4.9
Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass
-
CVE-2025-42948
MEDIUM
CVSS 6.1
Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Sap
XSS
-
CVE-2025-42946
MEDIUM
CVSS 6.9
Due to directory traversal vulnerability in SAP S/4HANA (Bank Communication Management), an attacker with high privileges and access to a specific transaction and method in Bank Communication. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass
Sap
Path Traversal
-
CVE-2025-42945
MEDIUM
CVSS 6.1
SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
RCE
Sap
Code Injection
-
CVE-2025-42943
MEDIUM
CVSS 4.5
SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Sap
Microsoft
Privilege Escalation
Windows
-
CVE-2025-42942
MEDIUM
CVSS 6.1
SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Sap
XSS
-
CVE-2025-42936
MEDIUM
CVSS 5.4
The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Sap
Privilege Escalation
Sap Basis
-
CVE-2025-42935
MEDIUM
CVSS 4.1
The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive. Rated medium severity (CVSS 4.1). No vendor patch available.
Sap
Information Disclosure
-
CVE-2025-42934
MEDIUM
CVSS 4.3
SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass
Sap
-
CVE-2025-40766
MEDIUM
CVSS 6.8
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Docker
Sinec Traffic Analyzer
-
CVE-2025-40753
MEDIUM
CVSS 6.8
A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
-
CVE-2025-40752
MEDIUM
CVSS 6.8
A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
-
CVE-2025-40751
MEDIUM
CVSS 4.8
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Simatic Rtls Locating Manager
-
CVE-2025-40584
MEDIUM
CVSS 6.8
A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
XXE
-
CVE-2025-36124
MEDIUM
CVSS 5.9
IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Authentication Bypass
IBM
Websphere Application Server
-
CVE-2025-36000
MEDIUM
CVSS 4.4
IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
IBM
XSS
Websphere Application Server
-
CVE-2025-33023
MEDIUM
CVSS 5.1
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
File Upload
-
CVE-2025-32932
MEDIUM
CVSS 6.5
An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable. No vendor patch available.
XSS
Fortisoar
-
CVE-2025-32766
MEDIUM
CVSS 6.4
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via. Rated medium severity (CVSS 6.4). No vendor patch available.
Buffer Overflow
Fortinet
Stack Overflow
RCE
Fortiweb
-
CVE-2025-32086
MEDIUM
CVSS 4.5
Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially. Rated medium severity (CVSS 4.5). No vendor patch available.
Privilege Escalation
Intel
Suse
-
CVE-2025-30034
MEDIUM
CVSS 6.9
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Denial Of Service
Simatic Rtls Locating Manager
-
CVE-2025-30027
MEDIUM
CVSS 6.7
An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
RCE
Axis Os
-
CVE-2025-27759
MEDIUM
CVSS 6.7
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Command Injection
Fortinet
Fortiweb
-
CVE-2025-27717
MEDIUM
CVSS 5.4
Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Privilege Escalation
Intel
-
CVE-2025-27559
MEDIUM
CVSS 5.4
Incorrect default permissions for some AI Playground software before version v2.3.0 alpha may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Privilege Escalation
-
CVE-2025-27537
MEDIUM
CVSS 5.1
Improper input validation for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Intel
-
CVE-2025-27250
MEDIUM
CVSS 5.1
Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Intel
-
CVE-2025-26863
MEDIUM
CVSS 4.8
Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Linux
Intel
Linux Kernel
-
CVE-2025-26697
MEDIUM
CVSS 4.8
Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Linux
Intel
Linux Kernel
-
CVE-2025-26472
MEDIUM
CVSS 5.9
Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Intel
-
CVE-2025-26470
MEDIUM
CVSS 5.4
Incorrect default permissions for some Intel(R) Distribution for Python software installers before version 2025.1.0 may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.4). No vendor patch available.
Python
Privilege Escalation
Intel
-
CVE-2025-26404
MEDIUM
CVSS 5.4
Uncontrolled search path for some Intel(R) DSA software before version 25.2.15.9 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Privilege Escalation
Intel
-
CVE-2025-26403
MEDIUM
CVSS 4.5
Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege. Rated medium severity (CVSS 4.5). No vendor patch available.
Memory Corruption
Buffer Overflow
Privilege Escalation
Intel
Suse
-
CVE-2025-26398
MEDIUM
CVSS 5.6
SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. Rated medium severity (CVSS 5.6). This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.
Authentication Bypass
Database Performance Analyzer
-
CVE-2025-25248
MEDIUM
CVSS 5.3
An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.
Buffer Overflow
Fortinet
Integer Overflow
Fortios
Fortipam
-
CVE-2025-25007
MEDIUM
CVSS 5.3
Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Microsoft
Exchange Server
-
CVE-2025-25006
MEDIUM
CVSS 5.3
Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Microsoft
Exchange Server
-
CVE-2025-25005
MEDIUM
CVSS 6.5
Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft
Information Disclosure
Exchange Server
-
CVE-2025-24923
MEDIUM
CVSS 5.4
Uncontrolled search path in some Intel(R) AI for Enterprise Retrieval-augmented Generation software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Privilege Escalation
Intel
-
CVE-2025-24921
MEDIUM
CVSS 6.9
Improper neutralization for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable information disclosure. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Intel
-
CVE-2025-24835
MEDIUM
CVSS 4.1
Protection mechanism failure in the Intel(R) Graphics Driver for the Intel(R) Arc(TM) B-Series graphics before version 32.0.101.6737 may allow an authenticated user to potentially enable denial of. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Intel
-
CVE-2025-24523
MEDIUM
CVSS 5.1
Protection mechanism failure for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Intel
-
CVE-2025-24520
MEDIUM
CVSS 4.8
Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2514.7.16.0 may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
Intel
-
CVE-2025-24515
MEDIUM
CVSS 6.8
NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Null Pointer Dereference
Intel
-
CVE-2025-24313
MEDIUM
CVSS 6.7
Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass
Denial Of Service
Kubernetes
Intel
-
CVE-2025-24302
MEDIUM
CVSS 5.4
Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Privilege Escalation
Intel
-
CVE-2025-24296
MEDIUM
CVSS 5.1
Improper input validation in some firmware for the Intel(R) E810 Ethernet before version 4.6 may allow a privileged user to enable denial of service via local access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Intel
-
CVE-2025-22840
MEDIUM
CVSS 5.3
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 5.3). No vendor patch available.
Privilege Escalation
Intel
Suse
-
CVE-2025-22838
MEDIUM
CVSS 5.4
Uncontrolled search path for some Intel(R) RealSense(TM) Dynamic Calibrator software before version 2.14.2.0 may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 5.4). No vendor patch available.
Privilege Escalation
Intel
Suse
-
CVE-2025-22834
MEDIUM
CVSS 4.2
AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by local accessing. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
Aptio V
-
CVE-2025-22392
MEDIUM
CVSS 5.9
Out-of-bounds read in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via network access. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.
Buffer Overflow
Information Disclosure
Intel
-
CVE-2025-21093
MEDIUM
CVSS 5.4
Uncontrolled search path element for some Intel(R) Driver & Support Assistant Tool software before version 24.6.49.8 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.
Privilege Escalation
Intel
-
CVE-2025-21090
MEDIUM
CVSS 4.1
Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Intel
-
CVE-2025-21086
MEDIUM
CVSS 6.9
Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 6.9). No vendor patch available.
Privilege Escalation
Linux
Intel
Linux Kernel
-
CVE-2025-20627
MEDIUM
CVSS 5.4
Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Privilege Escalation
Intel
-
CVE-2025-20099
MEDIUM
CVSS 5.4
Improper access control for some Intel(R) Rapid Storage Technology installation software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Authentication Bypass
Privilege Escalation
Intel
-
CVE-2025-20092
MEDIUM
CVSS 5.4
Uncontrolled search path for some Clock Jitter Tool software before version 6.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Privilege Escalation
-
CVE-2025-20090
MEDIUM
CVSS 6.8
Untrusted Pointer Dereference for some Intel(R) QuickAssist Technology software before version 2.5.0 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Intel
Quickassist Technology
-
CVE-2025-20087
MEDIUM
CVSS 5.4
Incorrect default permissions for some Intel(R) oneAPI DPC++/C++ Compiler software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Privilege Escalation
Intel
-
CVE-2025-20077
MEDIUM
CVSS 5.6
Missing release of memory after effective lifetime in the UEFI OobRasMmbiHandlerDriver module for some Intel(R) reference server platforms may allow a privileged user to enable denial of service via. Rated medium severity (CVSS 5.6). No vendor patch available.
Denial Of Service
Intel
-
CVE-2025-20067
MEDIUM
CVSS 6.8
Observable timing discrepancy in firmware for some Intel(R) CSME and Intel(R) SPS may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
Intel
-
CVE-2025-20048
MEDIUM
CVSS 5.4
Uncontrolled search path for the Intel(R) Trace Analyzer and Collector software all verions may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Privilege Escalation
Intel
-
CVE-2025-20044
MEDIUM
CVSS 5.6
Improper locking for some Intel(R) TDX Module firmware before version 1.5.13 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.6). No vendor patch available.
Privilege Escalation
Intel
-
CVE-2025-20037
MEDIUM
CVSS 6.8
Time-of-check time-of-use race condition in firmware for some Intel(R) Converged Security and Management Engine may allow a privileged user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 6.8). No vendor patch available.
Privilege Escalation
Intel
-
CVE-2025-20025
MEDIUM
CVSS 4.1
Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.1). No vendor patch available.
Denial Of Service
Intel
-
CVE-2025-20023
MEDIUM
CVSS 5.4
Incorrect default permissions for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Privilege Escalation
Intel
-
CVE-2025-20017
MEDIUM
CVSS 5.4
Uncontrolled search path for some Intel(R) oneAPI Toolkit and component software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.
Privilege Escalation
Intel
-
CVE-2025-8885
MEDIUM
CVSS 6.3
Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Denial Of Service
Java
Redhat
Suse
-
CVE-2025-8874
MEDIUM
CVSS 6.4
The Master Addons - Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
PHP
-
CVE-2025-8767
MEDIUM
CVSS 4.8
The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 0.16.17 via the 'download_csv_players' and 'download_csv_games' functions. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
RCE
PHP
-
CVE-2025-8690
MEDIUM
CVSS 6.4
The Simple Responsive Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
PHP
-
CVE-2025-8688
MEDIUM
CVSS 6.4
The Inline Stock Quotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock shortcode in all versions up to, and including, 0.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
PHP
-
CVE-2025-8685
MEDIUM
CVSS 6.4
The Wp chart generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpchart shortcode in all versions up to, and including, 1.0.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
PHP
-
CVE-2025-8621
MEDIUM
CVSS 6.4
The Mosaic Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘c’ parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
PHP
-
CVE-2025-8568
MEDIUM
CVSS 6.4
The GMap Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘h’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
PHP
-
CVE-2025-8482
MEDIUM
CVSS 4.3
The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass
WordPress
PHP
-
CVE-2025-8462
MEDIUM
CVSS 6.4
The RT Easy Builder - Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social URL parameter in all versions up to, and including, 2.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
PHP
-
CVE-2025-8452
MEDIUM
CVSS 4.3
By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
-
CVE-2025-8314
MEDIUM
CVSS 6.4
The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg parameter in all versions up to, and including, 5.0.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
PHP
-
CVE-2025-8310
MEDIUM
CVSS 6.5
Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a remote authenticated attacker to take over admin accounts by resetting the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Ivanti
Virtual Application Delivery Controller
-
CVE-2025-8081
MEDIUM
CVSS 4.9
The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
WordPress
Path Traversal
Website Builder
PHP
-
CVE-2025-7622
MEDIUM
CVSS 5.1
During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
SSRF
Camera Station
Camera Station Pro
-
CVE-2025-5468
MEDIUM
CVSS 5.5
Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
Ivanti
Connect Secure
Policy Secure
Zero Trust Access Gateway
-
CVE-2025-5466
MEDIUM
CVSS 4.9
XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Denial Of Service
Ivanti
Connect Secure
Policy Secure
Zero Trust Access Gateway
-
CVE-2025-4390
MEDIUM
CVSS 5.3
The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validate_restrictions' function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
Information Disclosure
PHP
-
CVE-2025-3892
MEDIUM
CVSS 6.7
ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Axis Os
-
CVE-2025-3089
MEDIUM
CVSS 5.3
ServiceNow has addressed a Broken Access Control vulnerability that was identified in the ServiceNow AI Platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass
-
CVE-2024-52964
MEDIUM
CVSS 5.5
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Fortinet
Path Traversal
Fortimanager
Fortimanager Cloud
-
CVE-2024-48892
MEDIUM
CVSS 6.8
A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Path Traversal
Fortisoar
-
CVE-2024-41986
MEDIUM
CVSS 6.1
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 <. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.
Information Disclosure
Opcenter Quality
-
CVE-2024-41983
MEDIUM
CVSS 5.1
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 <. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
Opcenter Quality
-
CVE-2024-41982
MEDIUM
CVSS 5.9
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 <. Rated medium severity (CVSS 5.9). No vendor patch available.
Information Disclosure
Opcenter Quality
-
CVE-2024-40588
MEDIUM
CVSS 4.4
Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions,. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Fortinet
Path Traversal
Forticamera Firmware
Fortimail
Fortindr
-
CVE-2024-38805
MEDIUM
CVSS 6.3
EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Integer Overflow
Suse
-
CVE-2024-33607
MEDIUM
CVSS 5.7
Out-of-bounds read in some Intel(R) TDX module software before version TDX_1.5.07.00.774 may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.7). No vendor patch available.
Buffer Overflow
Information Disclosure
Intel
Tdx Module
-
CVE-2025-42955
LOW
CVSS 3.5
Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass
Sap
-
CVE-2025-42941
LOW
CVSS 3.5
SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link (<a>) elements. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Sap
Information Disclosure
-
CVE-2025-40570
LOW
CVSS 2.4
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 <. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Denial Of Service
-
CVE-2025-32004
LOW
CVSS 1.8
Improper input validation in the Intel Edger8r Tool for some Intel(R) SGX SDK may allow an authenticated user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 1.8). No vendor patch available.
Privilege Escalation
Intel
-
CVE-2025-27707
LOW
CVSS 2.1
Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to. Rated low severity (CVSS 2.1). No vendor patch available.
Denial Of Service
Information Disclosure
Intel
-
CVE-2025-27576
LOW
CVSS 2.1
Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable denial of. Rated low severity (CVSS 2.1), this vulnerability is no authentication required. No vendor patch available.
Denial Of Service
Intel
-
CVE-2025-24840
LOW
CVSS 2.3
Improper access control for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege. Rated low severity (CVSS 2.3), this vulnerability is no authentication required. No vendor patch available.
Authentication Bypass
Privilege Escalation
Intel
-
CVE-2025-24511
LOW
CVSS 2.0
Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
Linux
Intel
Linux Kernel
-
CVE-2025-24324
LOW
CVSS 2.0
Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of. Rated low severity (CVSS 2.0). No vendor patch available.
Intel
Privilege Escalation
Linux
Integer Overflow
Linux Kernel
-
CVE-2025-22853
LOW
CVSS 1.8
Improper synchronization in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 1.8), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Intel
-
CVE-2025-21096
LOW
CVSS 2.0
Improper buffer restrictions in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 2.0). No vendor patch available.
Buffer Overflow
Privilege Escalation
Intel
-
CVE-2025-20613
LOW
CVSS 2.0
Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.
Information Disclosure
Intel
-
CVE-2025-8395
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure
-
CVE-2024-41985
LOW
CVSS 2.1
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 <. Rated low severity (CVSS 2.1), this vulnerability is no authentication required. No vendor patch available.
Authentication Bypass
Opcenter Quality
-
CVE-2024-41984
LOW
CVSS 2.1
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 <. Rated low severity (CVSS 2.1), this vulnerability is no authentication required. No vendor patch available.
Information Disclosure
Opcenter Quality
-
CVE-2024-41980
LOW
CVSS 2.0
A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 <. Rated low severity (CVSS 2.0). No vendor patch available.
Authentication Bypass
Opcenter Quality