Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-11 CVE-2025-23193 SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing sensitive information.
network
low complexity
CWE-204
5.3
5.3
2025-02-11 CVE-2025-24867 SAP BusinessObjects Platform (BI Launchpad) does not sufficiently handle user input, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
CWE-79
6.1
6.1
2025-02-11 CVE-2025-24868 The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due to insufficient redirect URL validation.
network
low complexity
CWE-601
7.1
7.1
2025-02-10 CVE-2025-1160 Unspecified vulnerability in Remyandrade Employee Management System 1.0
A vulnerability was found in SourceCodester Employee Management System 1.0.
network
low complexity
remyandrade
critical
 9.8
9.8
2025-02-10 CVE-2025-1158 A vulnerability was found in ESAFENET CDG 5.6.3.154.205_20250114.
network
low complexity
CWE-74
6.3
6.3
2025-02-10 CVE-2025-1002 Improper Certificate Validation vulnerability in Microdicom Dicom Viewer 2024.3
MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack.
high complexity
microdicom CWE-295
5.3
5.3
2025-02-10 CVE-2025-1156 A vulnerability has been found in Pix Software Vivaz 6.0.10 and classified as critical.
network
low complexity
CWE-74
7.3
7.3
2025-02-10 CVE-2025-1157 A vulnerability was found in Allims lab.online up to 20250201 and classified as critical.
network
low complexity
CWE-74
6.3
6.3
2025-02-10 CVE-2025-1154 A vulnerability, which was classified as critical, has been found in xxyopen Novel up to 3.4.1.
network
low complexity
CWE-74
6.3
6.3
2025-02-10 CVE-2024-13010 The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7 due to insufficient input sanitization and output escaping on the 'search_type' parameter.
network
low complexity
CWE-79
6.1
6.1