Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-11 CVE-2025-1172 SQL Injection vulnerability in 1000Projects Bookstore Management System 1.0
A vulnerability, which was classified as critical, has been found in 1000 Projects Bookstore Management System 1.0.
network
low complexity
1000projects CWE-89
8.8
8.8
2025-02-11 CVE-2025-1169 Code Injection vulnerability in Rems Image Compressor Tool 1.0
A vulnerability was found in SourceCodester Image Compressor Tool 1.0.
network
low complexity
rems CWE-94
6.1
6.1
2025-02-11 CVE-2025-1170 Cross-site Scripting vulnerability in Fabian Real Estate Property Management System 1.0
A vulnerability classified as problematic has been found in code-projects Real Estate Property Management System 1.0.
network
low complexity
fabian CWE-79
5.4
5.4
2025-02-11 CVE-2025-1168 Injection vulnerability in Rems Contact Manager With Export to VCF 1.0
A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0.
network
low complexity
rems CWE-74
critical
 9.8
9.8
2025-02-11 CVE-2025-23189 Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data.
network
low complexity
CWE-862
4.3
4.3
2025-02-11 CVE-2025-23190 Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to.
network
low complexity
CWE-862
4.3
4.3
2025-02-11 CVE-2025-23191 Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request.
network
high complexity
CWE-644
3.1
3.1
2025-02-11 CVE-2025-23193 SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing sensitive information.
network
low complexity
CWE-204
5.3
5.3
2025-02-11 CVE-2025-24867 SAP BusinessObjects Platform (BI Launchpad) does not sufficiently handle user input, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
CWE-79
6.1
6.1
2025-02-11 CVE-2025-24868 The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to craft a malicious link, that, when clicked by a victim, redirects the browser to a malicious site due to insufficient redirect URL validation.
network
low complexity
CWE-601
7.1
7.1