Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-04-22 CVE-2025-31327 SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application.
network
low complexity
CWE-472
4.3
4.3
2025-04-22 CVE-2025-31328 SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server.
network
low complexity
CWE-352
4.6
4.6
2025-04-22 CVE-2025-27907 IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF).
network
low complexity
CWE-918
4.1
4.1
2025-04-22 CVE-2025-1950 IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.
local
low complexity
CWE-114
critical
 9.3
9.3
2025-04-22 CVE-2025-1951 IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.
local
low complexity
CWE-250
8.4
8.4
2025-04-22 CVE-2024-11299 The Memberpress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.11.37 via the WordPress core search feature.
network
low complexity
CWE-200
5.3
5.3
2025-04-22 CVE-2025-3457 The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'oceanwp_icon' shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
CWE-79
6.4
6.4
2025-04-22 CVE-2025-3458 The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ocean_gallery_id’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4
2025-04-22 CVE-2025-3472 The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6.
network
low complexity
CWE-94
6.5
6.5
2025-04-22 CVE-2025-2839 The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
6.4
6.4