Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-1169

    A vulnerability was found in SourceCodester Image Compressor Tool 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /image-compressor/compressor.php. The manipulation of the argument image leads to cross site sc... Read more

    Affected Products : image_compressor_tool
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 9.8

    CRITICAL
    CVE-2025-1168

    A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-contact.php. The manipulation of the argument contact leads to sql i... Read more

    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-1167

    A vulnerability was found in Mayuri K Employee Management System up to 192.168.70.3 and classified as critical. Affected by this issue is some unknown functionality of the file /hr_soft/admin/Update_User.php. The manipulation of the argument id leads to s... Read more

    Affected Products : employee_management_system
    • Published: Feb. 11, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-1166

    A vulnerability has been found in SourceCodester Food Menu Manager 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file endpoint/update.php. The manipulation leads to unrestricted upload. The attack can be... Read more

    Affected Products : food_menu_manager food_menu_manager
    • Published: Feb. 11, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Misconfiguration

  • 8.6

    HIGH
    CVE-2025-25243

    SAP Supplier Relationship Management (Master Data Management Catalog) allows an unauthenticated attacker to use a publicly available servlet to download an arbitrary file over the network without any user interaction. This can reveal highly sensitive info... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Information Disclosure

  • 5.4

    MEDIUM
    CVE-2025-25241

    Due to a missing authorization check, an attacker who is logged in to application can view/ delete �My Overtime Requests� which could allow the attacker to access employee information. This leads to low impact on confidentiality, integrity of the applicat... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authorization

  • 8.1

    HIGH
    CVE-2025-24876

    The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting malicious payload causing High impact on confidentiality a... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authentication

  • 6.8

    MEDIUM
    CVE-2025-24875

    SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None (SameSite=None). This includes authentication cookies utilized in SAP Commerce Backoffice. Applying this setting reduces defense in depth against CSRF and may le... Read more

    Affected Products : commerce
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.8

    MEDIUM
    CVE-2025-24874

    SAP Commerce (Backoffice) uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. While this protection remains effective now, it may not be the case in the future as browsers might discontinue support for this header in favor of the f... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-24872

    The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction. By executing the add-on build functionality within the ABAP Build Framework, an attacker could call the transaction and v... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authorization

  • 6.0

    MEDIUM
    CVE-2025-24870

    SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation. On successful exploitation, this could result i... Read more

    Affected Products : gui_for_windows
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2025-24869

    SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose information about deployed server components, including their XML definitions. This information should ideally be restricted to customer administrators, even ... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Information Disclosure

  • 7.1

    HIGH
    CVE-2025-24868

    The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser t... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2025-24867

    SAP BusinessObjects Platform (BI Launchpad) does not sufficiently handle user input, resulting in Cross-Site Scripting (XSS) vulnerability. The application allows an unauthenticated attacker to craft a URL that embeds a malicious script within an unprotec... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2025-23193

    SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing sensitive information. This issue does not enable data ... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2025-23191

    Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter the `atom:link` values in the returned metadata redirecting them from the SAP s... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-23190

    Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the syst... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-23189

    Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 11, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2025-23187

    Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an unauthenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability.... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-1165

    A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch ... Read more

    Affected Products :
    • Published: Feb. 11, 2025
    • Modified: Feb. 18, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 291659 Results