CVE-2025-31329 - SAP NetWeaver Information Disclosure Injection Vulnerability
CVE ID : CVE-2025-31329
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31329
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42997 - SAP Gateway Client Information Disclosure
CVE ID : CVE-2025-42997
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application. Due to the possibility of influencing application behavior or performance through misuse of the exposed data, this may potentially lead to low impact on confidentiality, integrity, and availability.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42997
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application. Due to the possibility of influencing application behavior or performance through misuse of the exposed data, this may potentially lead to low impact on confidentiality, integrity, and availability.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42999 - SAP NetWeaver Remote Code Execution
CVE ID : CVE-2025-42999
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42999
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43000 - Apache Struts Information Disclosure Vulnerability
CVE ID : CVE-2025-43000
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application.
Severity: 7.9 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43000
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application.
Severity: 7.9 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43002 - SAP S4CORE OData Information Disclosure
CVE ID : CVE-2025-43002
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP S4CORE OData meta-data property allows an authenticated attacker to access restricted information due to missing authorization check. This could cause a low impact on confidentiality but integrity and availability of the application are not impacted.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43002
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP S4CORE OData meta-data property allows an authenticated attacker to access restricted information due to missing authorization check. This could cause a low impact on confidentiality but integrity and availability of the application are not impacted.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43003 - SAP S/4 HANA Configuration Privilege Escalation
CVE ID : CVE-2025-43003
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. On performing this step the attacker could gain access to highly sensitive information. This could cause a high impact on confidentiality and minimal impact on integrity and availability of the application.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43003
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. On performing this step the attacker could gain access to highly sensitive information. This could cause a high impact on confidentiality and minimal impact on integrity and availability of the application.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43004 - Apache Cassandra Authentication Bypass Vulnerability
CVE ID : CVE-2025-43004
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicious unauthenticated users can view non-sensitive customer information. However, this does not affect data integrity or availability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43004
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicious unauthenticated users can view non-sensitive customer information. However, this does not affect data integrity or availability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43005 - SAP GUI for Windows Insecure Credential Storage Vulnerability
CVE ID : CVE-2025-43005
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low impact on the Confidentiality of data.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43005
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low impact on the Confidentiality of data.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43006 - SAP Supplier Relationship Management XSS Vulnerability
CVE ID : CVE-2025-43006
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43006
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43007 - SAP Service Parts Management Privilege Escalation Vulnerability
CVE ID : CVE-2025-43007
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on confidentiality, integrity and availability of the application.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43007
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on confidentiality, integrity and availability of the application.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43008 - Microsoft SharePoint Information Disclosure Vulnerability
CVE ID : CVE-2025-43008
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43008
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43009 - SAP Service Parts Management Privilege Escalation Vulnerability
CVE ID : CVE-2025-43009
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43009
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43010 - SAP S/4HANA Cloud Private Edition or on Premise ABAP Program Replacement Remote Code Execution Vulnerability
CVE ID : CVE-2025-43010
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation and no authorization checks. This has low Confidentiality impact but high impact on integrity and availability to the application.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43010
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation and no authorization checks. This has low Confidentiality impact but high impact on integrity and availability to the application.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43011 - SAP Landscape Transformation Authorization Bypass Vulnerability
CVE ID : CVE-2025-43011
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : Under certain conditions, SAP Landscape Transformation's PCL Basis module does not perform the necessary authorization checks, allowing authenticated users to access restricted functionalities or data. This can lead to a high impact on confidentiality with no impact on the integrity or availability of the application.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43011
Published : May 13, 2025, 1:15 a.m. | 4 hours, 3 minutes ago
Description : Under certain conditions, SAP Landscape Transformation's PCL Basis module does not perform the necessary authorization checks, allowing authenticated users to access restricted functionalities or data. This can lead to a high impact on confidentiality with no impact on the integrity or availability of the application.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-35471 - Conda Forge OpenSSL-Feedstock Local Privilege Escalation
CVE ID : CVE-2025-35471
Published : May 13, 2025, 2:15 a.m. | 3 hours, 3 minutes ago
Description : conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary code with the privileges of the user or process loading openssl-feedstock DLLs. Miniforge before 24.5.0 is also affected.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-35471
Published : May 13, 2025, 2:15 a.m. | 3 hours, 3 minutes ago
Description : conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary code with the privileges of the user or process loading openssl-feedstock DLLs. Miniforge before 24.5.0 is also affected.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47858 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-47858
Published : May 13, 2025, 4:16 a.m. | 1 hour, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47858
Published : May 13, 2025, 4:16 a.m. | 1 hour, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47859 - Apache HTTP Server Information Disclosure
CVE ID : CVE-2025-47859
Published : May 13, 2025, 4:16 a.m. | 1 hour, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47859
Published : May 13, 2025, 4:16 a.m. | 1 hour, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47860 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-47860
Published : May 13, 2025, 4:16 a.m. | 1 hour, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47860
Published : May 13, 2025, 4:16 a.m. | 1 hour, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47861 - Apache HTTP Server Denial of Service
CVE ID : CVE-2025-47861
Published : May 13, 2025, 4:16 a.m. | 1 hour, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47861
Published : May 13, 2025, 4:16 a.m. | 1 hour, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47862 - Apache HTTP Web Server Information Disclosure
CVE ID : CVE-2025-47862
Published : May 13, 2025, 4:16 a.m. | 1 hour, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47862
Published : May 13, 2025, 4:16 a.m. | 1 hour, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47863 - Google Chrome Denial of Service
CVE ID : CVE-2025-47863
Published : May 13, 2025, 4:16 a.m. | 1 hour, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47863
Published : May 13, 2025, 4:16 a.m. | 1 hour, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...