Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-05-13 CVE-2025-4396 The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 (Free) and <= 2.27.4 (Premium) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-05-13 CVE-2025-26662 The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script.
network
high complexity
CWE-79
4.4
4.4
2025-05-13 CVE-2025-30009 he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim?s browser.
network
low complexity
CWE-79
6.1
6.1
2025-05-13 CVE-2025-30010 The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a malicious link, which when clicked by a victim, redirects the browser to a malicious site.
network
low complexity
CWE-601
6.1
6.1
2025-05-13 CVE-2025-30011 The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected system.
network
low complexity
CWE-497
5.3
5.3
2025-05-13 CVE-2025-30012 The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM stack to accept binary Java objects in specific encoding format.
high complexity
CWE-502
3.9
3.9
2025-05-13 CVE-2025-30018 The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data.
network
low complexity
CWE-611
8.6
8.6
2025-05-13 CVE-2025-31329 SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings.
network
low complexity
CWE-141
6.2
6.2
2025-05-13 CVE-2025-42997 Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application.
network
low complexity
CWE-732
6.6
6.6
2025-05-13 CVE-2025-43000 Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application.
local
low complexity
CWE-862
7.9
7.9