CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-45864 |
Description: TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface.
CVSS: MEDIUM (5.4) EPSS Score: 0.02%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-45859 |
Description: TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface.
CVSS: MEDIUM (5.4) EPSS Score: 0.02%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-44039 |
Description: CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing internal system details and sensitive information without any authentication.
CVSS: MEDIUM (5.1) EPSS Score: 0.02%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-43009 |
Description: SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.
CVSS: MEDIUM (6.3) EPSS Score: 0.04% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-43007 |
Description: SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on confidentiality, integrity and availability of the application.
CVSS: MEDIUM (6.3) EPSS Score: 0.04% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-43006 |
Description: SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity.
CVSS: MEDIUM (6.1) EPSS Score: 0.08% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-43005 |
Description: SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrity or Availability of the application, it may have a Low impact on the Confidentiality of data.
CVSS: MEDIUM (4.3) EPSS Score: 0.02% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-43004 |
Security Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator Dashboard)
Description: Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicious unauthenticated users can view non-sensitive customer information. However, this does not affect data integrity or availability.
CVSS: MEDIUM (5.3) EPSS Score: 0.09% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-43003 |
Description: SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. On performing this step the attacker could gain access to highly sensitive information. This could cause a high impact on confidentiality and minimal impact on integrity and availability of the application.
CVSS: MEDIUM (6.4) EPSS Score: 0.05% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-43002 |
Description: SAP S4CORE OData meta-data property allows an authenticated attacker to access restricted information due to missing authorization check. This could cause a low impact on confidentiality but integrity and availability of the application are not impacted.
CVSS: MEDIUM (4.3) EPSS Score: 0.03% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|