Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-26659

    SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to DOM-basedCross-Site Scripting (XSS) vulnerability. This allows an attacker with no privileges, to craft a malicious web message that exploits WEBGUI func... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.8

    MEDIUM
    CVE-2025-26658

    The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions. Due to the improper session management, the attackers can elevate themselves to... Read more

    Affected Products : business_one
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-26656

    OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application.... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2025-26655

    SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidential... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2025-25245

    SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On s... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Injection

  • 5.7

    MEDIUM
    CVE-2025-25244

    SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authorization

  • 6.1

    MEDIUM
    CVE-2025-25242

    SAP NetWeaver Application Server ABAP allows malicious scripts to be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impa... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-23194

    SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidenti... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2025-23188

    An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on conf... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authorization

  • 4.1

    MEDIUM
    CVE-2025-23185

    Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access ... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Information Disclosure

  • 4.9

    MEDIUM
    CVE-2025-0071

    SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentia... Read more

    Affected Products :
    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Information Disclosure

  • 4.7

    MEDIUM
    CVE-2025-0062

    SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitat... Read more

    • Published: Mar. 11, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-49823

    IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Denial of Service

  • 3.7

    LOW
    CVE-2024-41760

    IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cryptography

  • 6.5

    MEDIUM
    CVE-2024-22340

    IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cryptography

  • 8.8

    HIGH
    CVE-2025-1828

    Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Cryp... Read more

    Affected Products : crypt\
    • Published: Mar. 11, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Cryptography

  • 4.3

    MEDIUM
    CVE-2025-27926

    In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Information Disclosure

  • 8.5

    HIGH
    CVE-2025-27925

    Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2025-27924

    Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the "Navigate to a URL" action.... Read more

    Affected Products :
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Cross-Site Scripting

  • 7.5

    HIGH
    CVE-2025-27610

    Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `ro... Read more

    Affected Products : rack
    • Published: Mar. 10, 2025
    • Modified: Mar. 10, 2025
    • Vuln Type: Path Traversal
Showing 20 of 293304 Results