Latest CVE Feed
-
9.0
HIGHCVE-2025-5907
A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation leads to buffer overflow... Read more
- Published: Jun. 10, 2025
- Modified: Jun. 16, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-5906
A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the file /data/. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has b... Read more
- Published: Jun. 10, 2025
- Modified: Jun. 13, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-42998
The security settings in the SAP Business One Integration Framework are not adequately checked, allowing attackers to bypass the 403 Forbidden error and access restricted pages. This leads to low impact on confidentiality of the application, there is no i... Read more
Affected Products :- Published: Jun. 10, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Authorization
-
5.6
MEDIUMCVE-2025-42996
SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the ability to access or modify non-sensitive information or consume sufficient resources which could degr... Read more
Affected Products :- Published: Jun. 10, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-42995
SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on con... Read more
Affected Products :- Published: Jun. 10, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-42994
SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact ... Read more
Affected Products :- Published: Jun. 10, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-42993
Due to a missing authorization check vulnerability in SAP S/4HANA (Enterprise Event Enablement), an attacker with access to the Inbound Binding Configuration could create an RFC destination and assign an arbitrary high-privilege user. This allows the atta... Read more
Affected Products :- Published: Jun. 10, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-42991
SAP S/4HANA (Bank Account Application) does not perform necessary authorization checks. This allows an authenticated 'approver' user to delete attachment from bank account application of other user, leading to a low impact on integrity, with no impact on ... Read more
Affected Products :- Published: Jun. 10, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Authorization
-
3.0
LOWCVE-2025-42990
Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidential... Read more
Affected Products :- Published: Jun. 10, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Cross-Site Scripting
-
9.6
CRITICALCVE-2025-42989
RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application.... Read more
Affected Products :- Published: Jun. 10, 2025
- Modified: Jun. 12, 2025
-
3.7
LOWCVE-2025-42988
Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable t... Read more
Affected Products :- Published: Jun. 10, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-42987
SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the attacker can edit rules that should be restricted, compr... Read more
Affected Products :- Published: Jun. 10, 2025
- Modified: Jun. 12, 2025
-
5.4
MEDIUMCVE-2025-42984
SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function import on the entity making it inaccessible for unrestricted user. This has low imp... Read more
Affected Products :- Published: Jun. 10, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Authorization
-
8.5
HIGHCVE-2025-42983
SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. On successful exploitation, an attacker can completely delete da... Read more
Affected Products :- Published: Jun. 10, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-42982
SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials. This causes high impact on confidentiality, integrity and availability of the application.... Read more
Affected Products :- Published: Jun. 10, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Authentication
-
7.6
HIGHCVE-2025-42977
SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privileged user. This allows an attacker to read or modify arbitrary files, resulting in a high impact on confid... Read more
Affected Products :- Published: Jun. 10, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Path Traversal
-
5.8
MEDIUMCVE-2025-31325
Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Keyword Documentation), an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected parameter. When a victim accesses the affected page, the script... Read more
Affected Products :- Published: Jun. 10, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Cross-Site Scripting
-
8.2
HIGHCVE-2025-23192
SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to p... Read more
Affected Products :- Published: Jun. 10, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Cross-Site Scripting
-
9.0
HIGHCVE-2025-5905
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been rated as critical. Affected by this issue is the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument Passw... Read more
- Published: Jun. 10, 2025
- Modified: Jun. 16, 2025
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2025-5904
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argume... Read more
- Published: Jun. 10, 2025
- Modified: Jun. 16, 2025
- Vuln Type: Memory Corruption