Skip to main content
CVE-2025-22885 MEDIUM This Month

Improper buffer restrictions in the firmware for the TDX Module may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. [CVSS 4.7 MEDIUM]

Privilege Escalation
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-1763 MEDIUM This Month

GE Vernova Enervista UR Setup version 8.6 and earlier on Windows contains a vulnerability allowing high-privileged local attackers to modify system integrity without user interaction. An attacker with administrative privileges could exploit this flaw to alter critical configuration or data, though no patch is currently available.

Windows
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-12757 MEDIUM This Month

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to. [CVSS 4.6 MEDIUM]

Path Traversal Camera Station Pro
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-13064 MEDIUM This Month

A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with. [CVSS 4.5 MEDIUM]

Code Injection Camera Station Pro
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2026-23685 MEDIUM This Month

Denial of service in SAP NetWeaver's JMS service stems from unsafe deserialization of malicious objects, allowing authenticated administrators with local access to crash the application. The vulnerability requires high privileges and local access but carries no risk to confidentiality or integrity. No patch is currently available.

SAP Denial Of Service Deserialization Netweaver
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-32007 MEDIUM This Month

Out-of-bounds read for some TDX before version tdx module 1.5.24 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a low complexity attack may enable data exposure. [CVSS 4.4 MEDIUM]

Information Disclosure
NVD VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-23688 MEDIUM This Month

Insufficient authorization checks in SAP Fiori App Manage Service Entry Sheets allow authenticated users to escalate privileges and modify data they should not have access to. The vulnerability affects SAP S/4HANA Core installations and requires user authentication to exploit, limiting the immediate risk but potentially enabling insider threats or account compromise scenarios.

SAP Privilege Escalation S4core
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-23681 MEDIUM This Month

Authenticated users of SAP Solution Tools Plug-In can bypass authorization checks to invoke function modules and extract sensitive system configuration details without proper access controls. This information disclosure could enable attackers to gather intelligence for planning targeted follow-up attacks, though the vulnerability carries low confidentiality impact with no effect on system integrity or availability. Currently no patch is available.

SAP Solution Tools Plug In
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24327 MEDIUM This Month

Insufficient authorization validation in SAP Strategic Enterprise Management's Balanced Scorecard component allows authenticated users to view restricted information they should not have access to. This authenticated-only vulnerability has low confidentiality impact and requires no user interaction, affecting organizations running affected SAP SEM instances. Currently no patch is available to remediate this authorization bypass.

SAP Strategic Enterprise Management
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24326 MEDIUM This Month

Unauthorized database modifications in SAP S/4HANA Defense & Security occur due to missing authorization checks in Disconnected Operations, allowing authenticated users to invoke remote-enabled function modules and directly alter standard SAP database tables. The vulnerability has limited impact, affecting only data integrity without compromising confidentiality or system availability. No patch is currently available.

SAP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-15147 MEDIUM This Month

WooCommerce Memberships for Multivendor Marketplace versions up to 2.11.8 is affected by authorization bypass through user-controlled key (CVSS 4.3).

WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-27572 MEDIUM This Month

Exposure of sensitive information during transient execution for some TDX within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a high complexity attack may enable data exposure. [CVSS 4.1 MEDIUM]

Information Disclosure
NVD VulDB
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-32467 MEDIUM This Month

Use of uninitialized variable for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a high complexity attack may enable data exposure. [CVSS 4.1 MEDIUM]

Information Disclosure
NVD VulDB
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-27940 MEDIUM This Month

Out-of-bounds read for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Software side channel adversary with a privileged user combined with a high complexity attack may enable data exposure. [CVSS 4.1 MEDIUM]

Information Disclosure
NVD VulDB
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-27708 MEDIUM This Month

Out-of-bounds read in the firmware for some Intel(R) Converged Security and Management Engine (CSME) Firmware (FW) within Ring 0: Kernel may allow an information disclosure. System software adversary with a privileged user combined with a low complexity attack may enable data exposure. [CVSS 4.1 MEDIUM]

Linux Information Disclosure
NVD VulDB
CVSS 3.1
4.1
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy