Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-11 CVE-2025-23190 Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to.
network
low complexity
CWE-862
4.3
4.3
2025-02-11 CVE-2025-23191 Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request.
network
high complexity
CWE-644
3.1
3.1
2025-02-11 CVE-2025-23193 SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing sensitive information.
network
low complexity
CWE-204
5.3
5.3
2025-02-11 CVE-2025-24867 SAP BusinessObjects Platform (BI Launchpad) does not sufficiently handle user input, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
CWE-79
6.1
6.1
2025-02-11 CVE-2025-24868 The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due to insufficient redirect URL validation.
network
low complexity
CWE-601
7.1
7.1
2025-02-10 CVE-2025-1160 Unspecified vulnerability in Remyandrade Employee Management System 1.0
A vulnerability was found in SourceCodester Employee Management System 1.0.
network
low complexity
remyandrade
critical
 9.8
9.8
2025-02-10 CVE-2025-1158 A vulnerability was found in ESAFENET CDG 5.6.3.154.205_20250114.
network
low complexity
CWE-74
6.3
6.3
2025-02-10 CVE-2025-1002 Improper Certificate Validation vulnerability in Microdicom Dicom Viewer 2024.3
MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack.
high complexity
microdicom CWE-295
5.3
5.3
2025-02-10 CVE-2025-1156 A vulnerability has been found in Pix Software Vivaz 6.0.10 and classified as critical.
network
low complexity
CWE-74
7.3
7.3
2025-02-10 CVE-2025-1157 A vulnerability was found in Allims lab.online up to 20250201 and classified as critical.
network
low complexity
CWE-74
6.3
6.3