Latest CVE Feed
-
6.7
MEDIUMCVE-2025-43722
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper privilege management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.... Read more
Affected Products : powerscale_onefs- Published: Sep. 08, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-42912
SAP HCM My Timesheet Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and avai... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-42917
SAP HCM Approve Timesheets Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality an... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-55141
Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authen... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
5.8
MEDIUMCVE-2025-10107
A vulnerability has been found in TRENDnet TEW-831DR 1.0 (601.130.1.1410). Impacted is an unknown function of the file /boafrm/formSysCmd. The manipulation of the argument sysHost leads to command injection. The attack is possible to be carried out remote... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2025-42923
Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no impact on confidentiality and avail... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.6
MEDIUMCVE-2025-43776
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13,... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-52288
Assertion failure in function ngap_build_downlink_nas_transport in file src/amf/ngap-build.c, the Access and Mobility Management Function (AMF) component, in Open5GS thru 2.7.5 allowing attackers to cause a denial of service or other unspecified impacts v... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Denial of Service
-
7.0
HIGHCVE-2025-9160
A code execution security issue exists in the affected product. An attacker with physical access could abuse the maintenance menu of the controller with a crafted payload. The security issue can result in arbitrary code execution.... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Misconfiguration
-
3.1
LOWCVE-2025-40803
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions). The affected device exposes certain non-critical information from the device. This could allow an unauthenticated attacker to access sensitive data, potentially lead... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Information Disclosure
-
6.1
MEDIUMCVE-2025-55143
Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote una... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Cross-Site Scripting
-
9.1
CRITICALCVE-2025-10183
A blind XML External Entity (XXE) injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. TecConnect 4.1 is considered end-of-life as of December... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: XML External Entity
-
8.8
HIGHCVE-2025-52389
An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitive data for other users via a crafted HTTP request.... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
9.3
CRITICALCVE-2025-40804
A vulnerability has been identified in SIMATIC Virtualization as a Service (SIVaaS) (All versions). The affected application exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper ... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authentication
-
8.0
HIGHCVE-2025-9539
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the automatorwp_ajax_import_automation_fro... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-42930
SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on ... Read more
Affected Products : business_planning_and_consolidation- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Denial of Service
-
10.0
CRITICALCVE-2025-42944
Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbit... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-9114
The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.4.8. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-10121
A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kami_list. This manipulation of the argument note causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Injection
-
9.1
CRITICALCVE-2025-42958
Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalit... Read more
Affected Products : netweaver- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authentication