VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-05-13
CVE-2025-4396
The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 (Free) and <= 2.27.4 (Premium) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-05-13
CVE-2025-26662
The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script.
network
high complexity
CWE-79
4.4
4.4
2025-05-13
CVE-2025-30009
he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim?s browser.
network
low complexity
CWE-79
6.1
6.1
2025-05-13
CVE-2025-30010
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a malicious link, which when clicked by a victim, redirects the browser to a malicious site.
network
low complexity
CWE-601
6.1
6.1
2025-05-13
CVE-2025-30011
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected system.
network
low complexity
CWE-497
5.3
5.3
2025-05-13
CVE-2025-30012
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM stack to accept binary Java objects in specific encoding format.
high complexity
CWE-502
3.9
3.9
2025-05-13
CVE-2025-30018
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data.
network
low complexity
CWE-611
8.6
8.6
2025-05-13
CVE-2025-31329
SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings.
network
low complexity
CWE-141
6.2
6.2
2025-05-13
CVE-2025-42997
Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application.
network
low complexity
CWE-732
6.6
6.6
2025-05-13
CVE-2025-43000
Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application.
local
low complexity
CWE-862
7.9
7.9
«
Previous
1
2
...
114
115
116
(current)
117
118
...
17188
17189
»
Next