CVE-2025-62360 - WeGIA SQL Injection via 'id_dependente' param at endpoint `/html/funcionario/dependente_documento.php`
CVE ID : CVE-2025-62360
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_documento.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62360
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_documento.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.5.1.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62361 - WeGIA Open Redirect Vulnerability in `control.php` endpoint `nextPage` parameter (metodo=listarTodos nomeClasse=AlmoxarifeControle)
CVE ID : CVE-2025-62361
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0, an Open Redirect vulnerability was identified in the control.php endpoint of the WeGIA application, specifically in the nextPage parameter (metodo=listarTodos nomeClasse=AlmoxarifeControle). This vulnerability allows attackers to redirect users to arbitrary external domains, enabling phishing campaigns, malicious payload distribution, or user credential theft. This vulnerability is fixed in 3.5.0.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62361
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0, an Open Redirect vulnerability was identified in the control.php endpoint of the WeGIA application, specifically in the nextPage parameter (metodo=listarTodos nomeClasse=AlmoxarifeControle). This vulnerability allows attackers to redirect users to arbitrary external domains, enabling phishing campaigns, malicious payload distribution, or user credential theft. This vulnerability is fixed in 3.5.0.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62362 - Name and e-mail of employee that has done a publication is discoverable in gpp-burgerportaal
CVE ID : CVE-2025-62362
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information disclosure may violate employee privacy expectations and could be used for targeted attacks or unwanted contact. This issue has been patched in versions 2.0.3, 3.0.2, and 4.0.1. No known workarounds exist.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62362
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information disclosure may violate employee privacy expectations and could be used for targeted attacks or unwanted contact. This issue has been patched in versions 2.0.3, 3.0.2, and 4.0.1. No known workarounds exist.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62363 - yt-grabber-tui allows arbitrary code execution via configurable yt-dlp path
CVE ID : CVE-2025-62363
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the path_to_yt_dlp configuration setting. An attacker with write access to the configuration file or the filesystem location of the configured executable can replace the executable with malicious code or create a symlink to an arbitrary executable. When the application invokes yt-dlp, the malicious code is executed with the privileges of the user running yt-grabber-tui. This vulnerability has been patched in version 1.0-rc.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62363
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the path_to_yt_dlp configuration setting. An attacker with write access to the configuration file or the filesystem location of the configured executable can replace the executable with malicious code or create a symlink to an arbitrary executable. When the application invokes yt-dlp, the malicious code is executed with the privileges of the user running yt-grabber-tui. This vulnerability has been patched in version 1.0-rc.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62365 - LibreNMS vulnerable to Reflected-XSS in `report_this` function
CVE ID : CVE-2025-62365
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in `report_this` function in `librenms/includes/functions.php`. The `report_this` function had improper filtering (`htmlentities` function was incorrectly use in a href environment), which caused the `project_issues` parameter to trigger an XSS vulnerability. This vulnerability is fixed in 25.7.0.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62365
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in `report_this` function in `librenms/includes/functions.php`. The `report_this` function had improper filtering (`htmlentities` function was incorrectly use in a href environment), which caused the `project_issues` parameter to trigger an XSS vulnerability. This vulnerability is fixed in 25.7.0.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62383 - Ivanti Endpoint Manager SQL Injection
CVE ID : CVE-2025-62383
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62383
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62384 - Ivanti Endpoint Manager SQL Injection Vulnerability
CVE ID : CVE-2025-62384
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62384
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62385 - Ivanti Endpoint Manager SQL Injection Vulnerability
CVE ID : CVE-2025-62385
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62385
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62386 - Ivanti Endpoint Manager SQL Injection Vulnerability
CVE ID : CVE-2025-62386
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62386
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62387 - Ivanti Endpoint Manager SQL Injection Vulnerability
CVE ID : CVE-2025-62387
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62387
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62388 - Ivanti Endpoint Manager SQL Injection Vulnerability
CVE ID : CVE-2025-62388
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62388
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62389 - Ivanti Endpoint Manager SQL Injection Vulnerability
CVE ID : CVE-2025-62389
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62389
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62390 - Ivanti Endpoint Manager SQL Injection Vulnerability
CVE ID : CVE-2025-62390
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62390
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62391 - Ivanti Endpoint Manager SQL Injection
CVE ID : CVE-2025-62391
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62391
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62392 - Ivanti Endpoint Manager SQL Injection Vulnerability
CVE ID : CVE-2025-62392
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62392
Published : Oct. 13, 2025, 10:15 p.m. | 1 hour, 50 minutes ago
Description : SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42901 - Code Injection vulnerability in SAP Application Server for ABAP (BAPI Browser)
CVE ID : CVE-2025-42901
Published : 2025年10月14日1:15 | 2時間, 50分 ago
Description : SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability of the application.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42901
Published : 2025年10月14日1:15 | 2時間, 50分 ago
Description : SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability of the application.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42902 - Memory Corruption vulnerability in SAP Netweaver AS ABAP and ABAP Platform
CVE ID : CVE-2025-42902
Published : 2025年10月14日1:15 | 2時間, 50分 ago
Description : Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which makes the work process crash. As a result, it has a low impact on the availability but no impact on the confidentiality and integrity.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42902
Published : 2025年10月14日1:15 | 2時間, 50分 ago
Description : Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This leads to a dereference of NULL which makes the work process crash. As a result, it has a low impact on the availability but no impact on the confidentiality and integrity.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42903 - User Enumeration and Sensitive Data Exposure via RFC Function in SAP Financial Service Claims Management
CVE ID : CVE-2025-42903
Published : 2025年10月14日1:15 | 2時間, 50分 ago
Description : A vulnerability in SAP Financial Service Claims Management RFC function ICL_USER_GET_NAME_AND_ADDRESS allows user enumeration and potential disclosure of personal data through response discrepancies, causing low impact on confidentiality with no impact on integrity or availability.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42903
Published : 2025年10月14日1:15 | 2時間, 50分 ago
Description : A vulnerability in SAP Financial Service Claims Management RFC function ICL_USER_GET_NAME_AND_ADDRESS allows user enumeration and potential disclosure of personal data through response discrepancies, causing low impact on confidentiality with no impact on integrity or availability.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42906 - Directory Traversal vulnerability in SAP Commerce Cloud
CVE ID : CVE-2025-42906
Published : 2025年10月14日1:15 | 2時間, 50分 ago
Description : SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configured access restrictions, resulting in a low impact on confidentiality, with no impact on the integrity or availability of the application.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42906
Published : 2025年10月14日1:15 | 2時間, 50分 ago
Description : SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configured access restrictions, resulting in a low impact on confidentiality, with no impact on the integrity or availability of the application.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42908 - Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAP
CVE ID : CVE-2025-42908
Published : 2025年10月14日1:15 | 2時間, 50分 ago
Description : Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAP, an authenticated attacker could initiate transactions directly via the session manager, bypassing the first transaction screen and the associated authorization check. This vulnerability could allow the attacker to perform actions and execute transactions that would normally require specific permissions, compromising the integrity and confidentiality of the system by enabling unauthorized access to restricted functionality. There is no impact to availability from this vulnerability.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42908
Published : 2025年10月14日1:15 | 2時間, 50分 ago
Description : Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAP, an authenticated attacker could initiate transactions directly via the session manager, bypassing the first transaction screen and the associated authorization check. This vulnerability could allow the attacker to perform actions and execute transactions that would normally require specific permissions, compromising the integrity and confidentiality of the system by enabling unauthorized access to restricted functionality. There is no impact to availability from this vulnerability.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-42909 - Security Misconfiguration vulnerability in SAP Cloud Appliance Library Appliances
CVE ID : CVE-2025-42909
Published : 2025年10月14日1:15 | 2時間, 50分 ago
Description : SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in an existing SAP CAL appliances to gain access to other appliances. This has low impact on confidentiality of the application, integrity and availability is not impacted.
Severity: 3.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-42909
Published : 2025年10月14日1:15 | 2時間, 50分 ago
Description : SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in an existing SAP CAL appliances to gain access to other appliances. This has low impact on confidentiality of the application, integrity and availability is not impacted.
Severity: 3.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...