CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-30010 |
Description: The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a malicious link, which when clicked by a victim, redirects the browser to a malicious site. On successful exploitation, the attacker could cause low impact on confidentiality and integrity with no impact on the availability of the application.
CVSS: MEDIUM (6.1) EPSS Score: 0.06% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-30009 |
Description: he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on confidentiality and integrity within the scope of that victim�s browser, with no effect on availability of the application
CVSS: MEDIUM (6.1) EPSS Score: 0.08% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-26662 |
Description: The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks on the compromised link, the injected script gets executed within the scope of victim�s browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted.
CVSS: MEDIUM (4.4) EPSS Score: 0.03% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-22859 |
Description: A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests.
CVSS: MEDIUM (5.0) EPSS Score: 0.08%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2024-36340 |
Description: A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure.
CVSS: MEDIUM (6.6) EPSS Score: 0.01% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-43008 |
Description: Due to missing authorization check, an unauthorized user can view the files of other company. This might lead to disclosure of personal data of employees. There is no impact on integrity and availability.
CVSS: MEDIUM (5.8) EPSS Score: 0.03% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-42997 |
Description: Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application. Due to the possibility of influencing application behavior or performance through misuse of the exposed data, this may potentially lead to low impact on confidentiality, integrity, and availability.
CVSS: MEDIUM (6.6) EPSS Score: 0.04% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-31329 |
Description: SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability.
CVSS: MEDIUM (6.2) EPSS Score: 0.04% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-4649 |
Description: Improper Privilege Management vulnerability in Centreon web allows Privilege Escalation.
ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.
This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26.
CVSS: MEDIUM (4.9) EPSS Score: 0.02%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-32917 |
Description: Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate privileges.
CVSS: MEDIUM (5.2) EPSS Score: 0.02%
May 13th, 2025 (about 1 month ago)
|