Skip to main content
CVE-2025-50154 MEDIUM POC THREAT This Month

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.1%.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
15.1%
CVE-2025-50172 MEDIUM This Month

Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.9% and no vendor patch available.

Denial Of Service Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
6.5
EPSS
14.9%
CVE-2025-24921 MEDIUM This Month

Improper neutralization for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable information disclosure. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intel
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-21086 MEDIUM This Month

Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Linux Intel Linux Kernel
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-24515 MEDIUM This Month

NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Intel
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-40766 MEDIUM This Month

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Docker Sinec Traffic Analyzer
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-20067 MEDIUM This Month

Observable timing discrepancy in firmware for some Intel(R) CSME and Intel(R) SPS may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-20037 MEDIUM This Month

Time-of-check time-of-use race condition in firmware for some Intel(R) Converged Security and Management Engine may allow a privileged user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 6.8). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-48807 MEDIUM CERT-EU This Month

Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. Rated medium severity (CVSS 6.7). No vendor patch available.

Microsoft Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-24313 MEDIUM This Month

Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Kubernetes Intel
NVD
CVSS 4.0
6.7
EPSS
0.0%
CVE-2023-45584 MEDIUM This Month

A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiPAM 1.1 all versions, FortiPAM. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Fortinet Information Disclosure Fortios Fortipam Fortiproxy
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-25005 MEDIUM This Month

Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-8310 MEDIUM This Month

Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a remote authenticated attacker to take over admin accounts by resetting the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Virtual Application Delivery Controller
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-53716 MEDIUM This Month

Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-50166 MEDIUM This Month

Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Integer Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-53728 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Dynamics 365
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49456 MEDIUM This Month

Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Meeting Software Development Kit Rooms Rooms Controller +3
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-26472 MEDIUM This Month

Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-22392 MEDIUM This Month

Out-of-bounds read in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via network access. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Information Disclosure Intel
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-53138 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-50157 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-50156 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2025-53719 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2025-53153 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2025-20077 MEDIUM This Month

Missing release of memory after effective lifetime in the UEFI OobRasMmbiHandlerDriver module for some Intel(R) reference server platforms may allow a privileged user to enable denial of service via. Rated medium severity (CVSS 5.6). No vendor patch available.

Denial Of Service Intel
NVD
CVSS 4.0
5.6
EPSS
0.0%
CVE-2025-53156 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Storage Port Driver allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Windows 11 24h2 Windows Server 2022 23h2 Windows Server 2025 Microsoft
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-49562 MEDIUM This Month

Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Animate
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-54233 MEDIUM This Month

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Framemaker
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-49567 MEDIUM This Month

Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Illustrator
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-27717 MEDIUM This Month

Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-26404 MEDIUM This Month

Uncontrolled search path for some Intel(R) DSA software before version 25.2.15.9 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-24923 MEDIUM This Month

Uncontrolled search path in some Intel(R) AI for Enterprise Retrieval-augmented Generation software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-22838 MEDIUM This Month

Uncontrolled search path for some Intel(R) RealSense(TM) Dynamic Calibrator software before version 2.14.2.0 may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Suse
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-21093 MEDIUM This Month

Uncontrolled search path element for some Intel(R) Driver &amp; Support Assistant Tool software before version 24.6.49.8 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20048 MEDIUM This Month

Uncontrolled search path for the Intel(R) Trace Analyzer and Collector software all verions may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-27559 MEDIUM This Month

Incorrect default permissions for some AI Playground software before version v2.3.0 alpha may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-26470 MEDIUM This Month

Incorrect default permissions for some Intel(R) Distribution for Python software installers before version 2025.1.0 may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.4). No vendor patch available.

Python Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20087 MEDIUM This Month

Incorrect default permissions for some Intel(R) oneAPI DPC++/C++ Compiler software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-24302 MEDIUM This Month

Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-25007 MEDIUM This Month

Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Exchange Server
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-25006 MEDIUM This Month

Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Exchange Server
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-25248 MEDIUM This Month

An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Fortinet Integer Overflow
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-47444 MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Liquid Web GiveWP allows Retrieve Embedded Sensitive Data.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-22840 MEDIUM PATCH This Month

Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 5.3). No vendor patch available.

Privilege Escalation Intel Suse
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-27537 MEDIUM This Month

Improper input validation for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-27250 MEDIUM This Month

Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-24523 MEDIUM This Month

Protection mechanism failure for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-24296 MEDIUM This Month

Improper input validation in some firmware for the Intel(R) E810 Ethernet before version 4.6 may allow a privileged user to enable denial of service via local access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-26697 MEDIUM This Month

Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Intel Linux Kernel
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-26863 MEDIUM This Month

Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Intel Linux Kernel
NVD
CVSS 4.0
4.8
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy