Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2025-27430

    Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Server-Side Request Forgery

  • 8.8

    HIGH
    CVE-2025-26661

    Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. On successful exploitation, this could result in disclosure of highly sens... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-26660

    SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls wi... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-26659

    SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to DOM-basedCross-Site Scripting (XSS) vulnerability. This allows an attacker with no privileges, to craft a malicious web message that exploits WEBGUI func... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-26658

    The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions. Due to the improper session management, the attackers can elevate themselves to... Read more

    Affected Products : business_one
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-26656

    OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application.... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2025-26655

    SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidential... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-25245

    SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On s... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2025-25244

    SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-25242

    SAP NetWeaver Application Server ABAP allows malicious scripts to be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impa... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-23194

    SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidenti... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-23188

    An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on conf... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authorization

  • 4.1

    MEDIUM
    CVE-2025-23185

    Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access ... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2025-0071

    SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentia... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Information Disclosure

  • 4.7

    MEDIUM
    CVE-2025-0062

    SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitat... Read more

    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-49823

    IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Denial of Service

  • 3.7

    LOW
    CVE-2024-41760

    IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2024-22340

    IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-1828

    Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Cryp... Read more

    Affected Products : crypt\
    • Published: Mar. 11, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cryptography

  • 4.3

    MEDIUM
    CVE-2025-27926

    In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 292767 Results