Skip to main content
CVE-2025-49761 HIGH This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49757 HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49755 MEDIUM Monitor

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft Edge Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49751 MEDIUM This Month

Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-49745 MEDIUM This Month

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-49743 MEDIUM This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-49736 MEDIUM Monitor

The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft Edge Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49712 HIGH This Month

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Microsoft Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
5.6%
CVE-2025-49707 HIGH This Month

Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Ecesv6 Series Azure Vm Firmware Dcesv6 Series Azure Vm Firmware Nccadsh100V5 Series Azure Vm Firmware +8
NVD
CVSS 3.1
7.9
EPSS
0.1%
CVE-2025-49559 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Path Traversal Commerce Magento Commerce B2b
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-49558 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Adobe Commerce Commerce B2b Magento
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-49557 HIGH PATCH This Month

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-49556 HIGH PATCH This Month

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Commerce Commerce B2b Magento
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-49555 HIGH PATCH This Month

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Adobe Authentication Bypass Privilege Escalation Information Disclosure +3
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-49554 HIGH PATCH This Month

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe Commerce Commerce B2b Magento
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-24999 HIGH This Month

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sql Server 2016 Sql Server 2017 Sql Server 2019 Sql Server 2022
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-20044 MEDIUM This Month

Improper locking for some Intel(R) TDX Module firmware before version 1.5.13 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.6). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.6
EPSS
0.0%
CVE-2025-55167 CRITICAL POC PATCH Act Now

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
9.4
EPSS
0.0%
CVE-2025-55166 MEDIUM PATCH This Month

savg-sanitizer is a PHP SVG/XML sanitizer. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS
NVD GitHub
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-49568 MEDIUM This Month

Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-20627 MEDIUM This Month

Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20625 HIGH This Month

Improper conditions check for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.110.0.5 may allow an unauthenticated user to potentially enable denial of service via adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Intel Windows
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-20613 LOW Monitor

Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel
NVD
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-20109 HIGH PATCH This Month

Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation Intel Suse
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-20099 MEDIUM This Month

Improper access control for some Intel(R) Rapid Storage Technology installation software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Authentication Bypass Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20093 HIGH This Month

Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Intel Linux Kernel
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-20092 MEDIUM This Month

Uncontrolled search path for some Clock Jitter Tool software before version 6.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20090 MEDIUM This Month

Untrusted Pointer Dereference for some Intel(R) QuickAssist Technology software before version 2.5.0 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Quickassist Technology
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-20025 MEDIUM Monitor

Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.1). No vendor patch available.

Denial Of Service Intel
NVD
CVSS 4.0
4.1
EPSS
0.0%
CVE-2025-20023 MEDIUM This Month

Incorrect default permissions for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20017 MEDIUM This Month

Uncontrolled search path for some Intel(R) oneAPI Toolkit and component software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2024-33607 MEDIUM This Month

Out-of-bounds read in some Intel(R) TDX module software before version TDX_1.5.07.00.774 may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.7). No vendor patch available.

Buffer Overflow Information Disclosure Intel Tdx Module
NVD
CVSS 4.0
5.7
EPSS
0.0%
CVE-2025-8452 MEDIUM Monitor

By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-55164 HIGH PATCH This Month

content-security-policy-parser parses content security policy directives. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure
NVD GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2025-55011 MEDIUM POC PATCH This Month

Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Kanboard
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-55010 CRITICAL POC PATCH Act Now

Kanboard is project management software that focuses on the Kanban methodology. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Deserialization RCE Kanboard
NVD GitHub
CVSS 3.1
9.1
EPSS
3.9%
CVE-2025-54864 MEDIUM PATCH This Month

Hydra is a continuous integration service for Nix based projects. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Denial Of Service Hydra
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-54800 HIGH PATCH This Month

Hydra is a continuous integration service for Nix based projects. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Hydra
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-3089 MEDIUM This Month

ServiceNow has addressed a Broken Access Control vulnerability that was identified in the ServiceNow AI Platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-5468 MEDIUM This Month

Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Connect Secure Policy Secure Zero Trust Access Gateway +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-5466 MEDIUM Monitor

XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ivanti Connect Secure Policy Secure Zero Trust Access Gateway +1
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2025-5462 HIGH This Month

A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Denial Of Service Buffer Overflow Ivanti Connect Secure +3
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-5456 HIGH This Month

A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Ivanti Connect Secure +3
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-3831 HIGH This Month

Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Harmony Sase
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-38805 MEDIUM PATCH This Month

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Suse
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-22834 MEDIUM Monitor

AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by local accessing. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aptio V
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-22830 HIGH This Month

APTIOV contains a vulnerability in BIOS where a skilled user may cause “Race Condition” by local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Race Condition Aptio V
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-43735 MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-40753 MEDIUM This Month

A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-40752 MEDIUM This Month

A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.8
EPSS
0.0%
Prev Page 6 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy