Latest CVE Feed
-
9.9
CRITICALCVE-2025-42922
SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of ... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2025-9542
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on multiple plugin's functions in ... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
3.4
LOWCVE-2025-42927
SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modif... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Cryptography
-
3.1
LOWCVE-2025-42914
Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the i... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-10116
A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/file_upload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly availab... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Misconfiguration
-
6.9
MEDIUMCVE-2025-40594
A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
8.2
HIGHCVE-2025-33045
APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure of Sensitive Information to an Unauthorized Actor” through local access. The successful exploitation of these vulnerabilities can lead... Read more
Affected Products : aptio_v- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Information Disclosure
-
4.8
MEDIUMCVE-2025-43778
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.11, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-47416
A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList. A third-party researcher... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Path Traversal
-
8.0
HIGHCVE-2025-9539
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the automatorwp_ajax_import_automation_fro... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
9.1
CRITICALCVE-2025-42958
Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalit... Read more
Affected Products : netweaver- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authentication
-
8.4
HIGHCVE-2025-55849
WeiPHP v5.0 and before is vulnerable to SQL Injection via the SucaiController.class.php file and the cancelTemplatee... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-58450
pREST (PostgreSQL REST), is an API that delivers an application on top of a Postgres database. SQL injection is possible in versions prior to 2.0.0-rc3. The validation present in versions prior to 2.0.0-rc3 does not provide adequate protection from inject... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-58449
Maho is a free and open source ecommerce platform. In Maho prior to 25.9.0, an authenticated staff user with access to the `Dashboard` and `Catalog\Manage Products` permissions can create a custom option on a listing with a file input field. By allowing f... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authentication
-
5.8
MEDIUMCVE-2025-10122
A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exp... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Injection
-
4.8
MEDIUMCVE-2025-43763
A server-side request forgery (SSRF) vulnerability exist in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 that affects ... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Server-Side Request Forgery
-
6.4
MEDIUMCVE-2025-9061
The Wilmer Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for aut... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-42938
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is processe... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Cross-Site Scripting
-
10.0
CRITICALCVE-2025-42944
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbit... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authentication
-
9.1
CRITICALCVE-2025-10134
The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the alone_import_pack_restore_data() function in all versions up to, and including, 3.2.2. This makes it ... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Path Traversal