Skip to main content
CVE-2025-12143 MEDIUM CISA This Month

Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.8.33. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Abb
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-66361 MEDIUM This Month

An issue was discovered in Logpoint before 7.7.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ssti Siem
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-66360 MEDIUM This Month

An issue was discovered in Logpoint before 7.7.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Redis Authentication Bypass Privilege Escalation Siem
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-58309 MEDIUM This Month

Permission control vulnerability in the startup recovery module. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-58314 MEDIUM This Month

Vulnerability of accessing invalid memory in the component driver module. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-13683 MEDIUM This Month

Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.3.8.0; Remote Desktop Manager: through 2025.3.23.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Devolutions Server Remote Desktop Manager Windows
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-58307 MEDIUM This Month

UAF vulnerability in the screen recording framework module. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Information Disclosure Use After Free Harmonyos
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-51736 MEDIUM This Month

File upload vulnerability in HCL Technologies Ltd. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Unica
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-58305 MEDIUM This Month

Identity authentication bypass vulnerability in the Gallery app. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-58294 MEDIUM This Month

Permission control vulnerability in the print module. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-11156 MEDIUM This Month

Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft Windows
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-58311 MEDIUM This Month

UAF vulnerability in the USB driver module. Rated medium severity (CVSS 5.8). No vendor patch available.

Memory Corruption Information Disclosure Use After Free Emui Harmonyos
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-51733 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Unica
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-58315 MEDIUM This Month

Permission control vulnerability in the Wi-Fi module. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-59790 MEDIUM This Month

Improper Privilege Management vulnerability in Apache Kvrocks.9.0 through v2.13.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Privilege Escalation Kvrocks
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-51734 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Unica
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-59792 MEDIUM This Month

Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks.0.0 through 2.13.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Kvrocks
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64313 MEDIUM This Month

Denial of service (DoS) vulnerability in the office service. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Race Condition Microsoft Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-64311 MEDIUM This Month

Permission control vulnerability in the Notepad module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-58312 MEDIUM This Month

Permission control vulnerability in the App Lock module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-66371 MEDIUM PATCH This Month

Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-66370 MEDIUM This Month

Kivitendo before 3.9.2 allows XXE injection. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-64312 MEDIUM This Month

Permission control vulnerability in the file management module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-58304 MEDIUM This Month

Permission control vulnerability in the file management module. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-64315 MEDIUM This Month

Configuration defect vulnerability in the file management module. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-13737 MEDIUM This Month

The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-66386 MEDIUM This Month

app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP
NVD GitHub
CVSS 3.1
4.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy