Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-04-08 CVE-2025-30000 A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3).
local
high complexity
CWE-295
6.7
6.7
2025-04-08 CVE-2025-3064 The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1.
network
low complexity
CWE-352
8.8
8.8
2025-04-08 CVE-2025-3432 The AAWP Obfuscator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-aawp-web' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-08 CVE-2025-3433 The Advanced Advertising System plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.3.1.
network
low complexity
CWE-601
6.1
6.1
2025-04-08 CVE-2025-3436 The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'order' and 'orderby' parameters in all versions up to, and including, 2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
6.5
6.5
2025-04-08 CVE-2025-23186 In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service.
network
high complexity
CWE-94
8.5
8.5
2025-04-08 CVE-2025-26653 SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability.
network
high complexity
CWE-79
4.7
4.7
2025-04-08 CVE-2025-26654 SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS).
high complexity
CWE-319
6.8
6.8
2025-04-08 CVE-2025-26657 SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application.
network
low complexity
CWE-862
5.3
5.3
2025-04-08 CVE-2025-27428 Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module.
network
low complexity
CWE-862
7.7
7.7