CVE-2025-10115 - SiempreCMS user_search_ajax.php sql injection
CVE ID : CVE-2025-10115
Published : Sept. 9, 2025, 12:32 a.m. | 22 minutes ago
Description : A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file user_search_ajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10115
Published : Sept. 9, 2025, 12:32 a.m. | 22 minutes ago
Description : A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file user_search_ajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42911 - Missing Authorization check in SAP NetWeaver (Service Data Download)
CVE ID : CVE-2025-42911
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : SAP NetWeaver (Service Data Download) allows an authenticated user to call a remote-enabled function module, which could grant access to information about the SAP system and operating system. This leads to a low impact on confidentiality, with no effect on the integrity and availability of the application
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42911
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : SAP NetWeaver (Service Data Download) allows an authenticated user to call a remote-enabled function module, which could grant access to information about the SAP system and operating system. This leads to a low impact on confidentiality, with no effect on the integrity and availability of the application
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42912 - Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application)
CVE ID : CVE-2025-42912
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : SAP HCM My Timesheet Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42912
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : SAP HCM My Timesheet Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42913 - Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application)
CVE ID : CVE-2025-42913
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiality and availability are not impacted.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42913
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiality and availability are not impacted.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42914 - Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application)
CVE ID : CVE-2025-42914
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiality and availability are not impacted.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42914
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiality and availability are not impacted.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42915 - Missing Authorization Check in Fiori app (Manage Payment Blocks)
CVE ID : CVE-2025-42915
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an attacker with basic user privileges to abuse functionalities that should be restricted to specific user groups.This issue could impact both the confidentiality and integrity of the application without affecting the availability.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42915
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an attacker with basic user privileges to abuse functionalities that should be restricted to specific user groups.This issue could impact both the confidentiality and integrity of the application without affecting the availability.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42916 - Missing input validation vulnerability in SAP S/4HANA (Private Cloud or On-Premise)
CVE ID : CVE-2025-42916
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on confidentiality.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42916
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on confidentiality.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42917 - Missing Authorization check in SAP HCM (Approve Timesheets Fiori 2.0 application)
CVE ID : CVE-2025-42917
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : SAP HCM Approve Timesheets Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42917
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : SAP HCM Approve Timesheets Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42918 - Missing Authorization check in SAP NetWeaver Application Server for ABAP (Background Processing)
CVE ID : CVE-2025-42918
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access to profile parameters. This results in a low impact on confidentiality, with no impact on integrity or availability
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42918
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access to profile parameters. This results in a low impact on confidentiality, with no impact on integrity or availability
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42920 - Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management
CVE ID : CVE-2025-42920
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim clicks on the link, the injected input is processed during the page generation, resulting in the execution of malicious content. This execution allows the attacker to access and modify information within the victim's browser scope, impacting confidentiality and integrity, while availability remains unaffected.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42920
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim clicks on the link, the injected input is processed during the page generation, resulting in the execution of malicious content. This execution allows the attacker to access and modify information within the victim's browser scope, impacting confidentiality and integrity, while availability remains unaffected.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42922 - Insecure File Operations vulnerability in SAP NetWeaver AS Java (Deploy Web Service)
CVE ID : CVE-2025-42922
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of the system.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42922
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of the system.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42923 - Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (F4044 Manage Work Center Groups)
CVE ID : CVE-2025-42923
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no impact on confidentiality and availability of the application.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42923
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no impact on confidentiality and availability of the application.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42925 - Predictable Object Identifier vulnerability in SAP NetWeaver AS Java (IIOP Service)
CVE ID : CVE-2025-42925
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledge of several identifiers generated close to the same time, the attacker could determine a desired identifier which could enable them to access limited system information. This poses a low risk to confidentiality without impacting the integrity or availability of the service.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42925
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledge of several identifiers generated close to the same time, the attacker could determine a desired identifier which could enable them to access limited system information. This poses a low risk to confidentiality without impacting the integrity or availability of the service.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42926 - Missing Authentication check in SAP NetWeaver Application Server Java
CVE ID : CVE-2025-42926
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthenticated attacker could access these files to gather additional sensitive information about the system.This vulnerability has a low impact on confidentiality and does not affect the integrity or availability of the server.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42926
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthenticated attacker could access these files to gather additional sensitive information about the system.This vulnerability has a low impact on confidentiality and does not affect the integrity or availability of the server.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42927 - Information Disclosure due to Outdated OpenSSL Version in SAP NetWeaver AS Java (Adobe Document Service)
CVE ID : CVE-2025-42927
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modify system information.This vulnerability has a low impact on confidentiality and integrity, with no impact on availability.
Severity: 3.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42927
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modify system information.This vulnerability has a low impact on confidentiality and integrity, with no impact on availability.
Severity: 3.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42929 - Missing input validation vulnerability in SAP Landscape Transformation Replication Server
CVE ID : CVE-2025-42929
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42929
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42930 - Denial of Service (DoS) vulnerability in SAP Business Planning and Consolidation
CVE ID : CVE-2025-42930
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there is no impact on confidentiality or integrity.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42930
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there is no impact on confidentiality or integrity.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42933 - Insecure Storage of Sensitive Information in SAP Business One (SLD)
CVE ID : CVE-2025-42933
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs. This leads to exposure of sensitive credentials within http response body. As a result, it has a high impact on the confidentiality, integrity, and availability of the application.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42933
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs. This leads to exposure of sensitive credentials within http response body. As a result, it has a high impact on the confidentiality, integrity, and availability of the application.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42938 - Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform
CVE ID : CVE-2025-42938
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to a Cross-Site Scripting (XSS) vulnerability in the SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is processed during the website�s page generation, resulting in the creation of malicious content. When executed, this content allows the attacker to access or modify information within the victim's browser scope, impacting the confidentiality and integrity�while availability remains unaffected.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42938
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to a Cross-Site Scripting (XSS) vulnerability in the SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is processed during the website�s page generation, resulting in the creation of malicious content. When executed, this content allows the attacker to access or modify information within the victim's browser scope, impacting the confidentiality and integrity�while availability remains unaffected.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42944 - Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4)
CVE ID : CVE-2025-42944
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42944
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high impact to the application's confidentiality, integrity, and availability.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42958 - Missing Authentication check in SAP NetWeaver
CVE ID : CVE-2025-42958
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalities. This results in a high impact on the confidentiality, integrity, and availability of the application.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42958
Published : Sept. 9, 2025, 2:15 a.m. | 2 hours, 38 minutes ago
Description : Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalities. This results in a high impact on the confidentiality, integrity, and availability of the application.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...