Skip to main content
CVE-2025-31937 MEDIUM This Month

Out-of-bounds read for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 5.7). No vendor patch available.

Buffer Overflow Information Disclosure Intel Microsoft Denial Of Service +2
NVD
CVSS 4.0
5.7
EPSS
0.0%
CVE-2025-31931 MEDIUM This Month

Uncontrolled search path for the Instrumentation and Tracing Technology API (ITT API) software before version 3.25.4 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-31647 MEDIUM This Month

Uncontrolled search path for some Intel(R) Graphics Software before version 25.22.1502.2 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-31645 MEDIUM This Month

Uncontrolled search path for some System Event Log Viewer Utility software for all versions within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-31146 MEDIUM This Month

Time-of-check time-of-use race condition for some Intel Ethernet Adapter Complete Driver Pack software before version 1.5.1.0 within Ring 3: User Applications may allow a denial of service. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-30518 MEDIUM This Month

Incorrect default permissions for some Intel(R) PresentMon before version 2.3.1 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-30509 MEDIUM Monitor

Improper input validation for some Intel QuickAssist Technology software before version 2.6.0 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Quickassist Technology
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-30506 MEDIUM This Month

Uncontrolled search path for some Intel Driver and Support Assistant before version 25.2 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel RCE Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-30182 MEDIUM This Month

Uncontrolled search path for some Intel(R) Distribution for Python software installers before version 2025.2.0 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Python Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-27725 MEDIUM Monitor

Time-of-check time-of-use race condition for some ACAT before version 3.13 within Ring 3: User Applications may allow a denial of service. Rated medium severity (CVSS 4.1). No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
4.1
EPSS
0.0%
CVE-2025-27711 MEDIUM This Month

Incorrect default permissions for some Intel(R) One Boot Flash Update (Intel(R) OFU) software before version 14.1.31 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-27710 MEDIUM This Month

Untrusted pointer dereference for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Microsoft Quickassist Technology Windows
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-27249 MEDIUM This Month

Uncontrolled resource consumption for some Gaudi software before version 1.21.0 within Ring 3: User Applications may allow a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-27246 MEDIUM This Month

Incorrect default permissions for the Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel RCE Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-26694 MEDIUM This Month

Null pointer dereference for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft Intel Quickassist Technology +1
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-26405 MEDIUM This Month

Improper control of dynamically-managed code resources for some Intel(R) NPU Drivers within Ring 3: User Applications may allow a denial of service. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-26402 MEDIUM This Month

Protection mechanism failure for some Intel(R) NPU Drivers within Ring 3: User Applications may allow a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-25059 MEDIUM This Month

Uncontrolled search path for some Intel(R) One Boot Flash Update (Intel(R) OFU) software before version 14.1.31 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-24918 MEDIUM This Month

Improper link resolution before file access ('link following') for some Intel(R) Server Configuration Utility software and Intel(R) Server Firmware Update Utility software before version 16.0.12. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-24863 MEDIUM This Month

Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Information Disclosure Privilege Escalation Computing Improvement Program
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-24847 MEDIUM This Month

Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Information Disclosure Computing Improvement Program
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2025-24842 MEDIUM This Month

Uncontrolled search path for the Intel(R) System Support Utility before version 4.1.0 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel RCE Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-24834 MEDIUM This Month

Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Computing Improvement Program
NVD
CVSS 4.0
6.0
EPSS
0.1%
CVE-2025-24519 MEDIUM This Month

Buffer overflow for some Intel(R) QAT Windows software before version 2.6.0. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Buffer Overflow Microsoft Privilege Escalation Quickassist Technology +1
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-24516 MEDIUM This Month

Improper access control for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Authentication Bypass
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-24512 MEDIUM This Month

Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Rated medium severity (CVSS 5.7). No vendor patch available.

Intel Denial Of Service Microsoft Windows
NVD
CVSS 4.0
5.7
EPSS
0.0%
CVE-2025-24491 MEDIUM This Month

Uncontrolled search path for some Intel(R) Killer(TM) Performance Suite software before version killer 4.0 40.25.509.1465 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-24327 MEDIUM This Month

Insecure inherited permissions for some Intel(R) Rapid Storage Technology Application before version 20.0.1021 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel RCE Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-22391 MEDIUM This Month

Improper access control for some SigTest before version 6.1.10 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20614 MEDIUM This Month

External control of file name or path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Computing Improvement Program
NVD
CVSS 4.0
5.6
EPSS
0.0%
CVE-2025-20065 MEDIUM This Month

Uncontrolled search path for some Display Virtualization for Windows OS software before version 1797 within Ring 2: Device Drivers may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20056 MEDIUM Monitor

Improper input validation for some Intel VTune Profiler before version 2025.1 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-20050 MEDIUM This Month

Uncontrolled search path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel RCE Privilege Escalation Computing Improvement Program
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-12944 MEDIUM This Month

Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network access to the device to potentially execute code on the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netgear Dgn2200 Firmware
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2025-12943 MEDIUM This Month

Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netgear Rax30 Firmware Raxe300 Firmware
NVD
CVSS 4.0
5.2
EPSS
0.0%
CVE-2025-12942 MEDIUM Monitor

Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to. Rated medium severity (CVSS 4.8). No vendor patch available.

Information Disclosure Netgear R6260 Firmware R6850 Firmware
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-10905 MEDIUM Monitor

Collision in MiniFilter driver in Avast Software Avast Free Antivirus before 25.9 on Windows allows a local attacker with administrative privileges to disable real-time protection and self-defense. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-9227 MEDIUM This Month

Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-41106 MEDIUM This Month

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rise Ultimate Project Manager
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-41105 MEDIUM This Month

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rise Ultimate Project Manager
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-41104 MEDIUM This Month

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rise Ultimate Project Manager
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-41103 MEDIUM This Month

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rise Ultimate Project Manager
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-41102 MEDIUM This Month

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rise Ultimate Project Manager
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-41101 MEDIUM This Month

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rise Ultimate Project Manager
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-12953 MEDIUM Monitor

The Classified Listing - AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-12788 MEDIUM This Month

The Hydra Booking - Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to missing payment verification to unauthenticated payment bypass in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-12787 MEDIUM This Month

The Hydra Booking - Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-9524 MEDIUM Monitor

The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-9055 MEDIUM This Month

The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-5317 MEDIUM This Month

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Security
NVD
CVSS 4.0
6.8
EPSS
0.0%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy