CVE Database

111521+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-42896
5.4 MEDIUM

SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This …

Dec 9, 2025
CVE-2025-42891
5.5 MEDIUM

Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database …

Dec 9, 2025
CVE-2025-42880
9.9 CRITICAL

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide …

Dec 9, 2025
CVE-2025-42878
8.2 HIGH

SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access …

Dec 9, 2025
CVE-2025-42877
7.5 HIGH

SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption …

Dec 9, 2025
CVE-2025-42876
7.1 HIGH

Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials General Ledger), an authenticated attacker with authorization limited to a single …

Dec 9, 2025
CVE-2025-42875
6.6 MEDIUM

The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating …

Dec 9, 2025
CVE-2025-42874
7.9 HIGH

SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system due to …

Dec 9, 2025
CVE-2025-42873
5.9 MEDIUM

SAPUI5 (and OpenUI5) packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting …

Dec 9, 2025
CVE-2025-42872
6.1 MEDIUM

Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of …

Dec 9, 2025
CVE-2025-41752
7.1 HIGH

An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by …

Dec 9, 2025
CVE-2025-41751
7.1 HIGH

An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by …

Dec 9, 2025
CVE-2025-41750
7.1 HIGH

An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by …

Dec 9, 2025
CVE-2025-41749
7.1 HIGH

An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by …

Dec 9, 2025
CVE-2025-41748
7.1 HIGH

An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by …

Dec 9, 2025
CVE-2025-41747
7.1 HIGH

An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to …

Dec 9, 2025
CVE-2025-41746
7.1 HIGH

An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to …

Dec 9, 2025
CVE-2025-41745
7.1 HIGH

An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to …

Dec 9, 2025
CVE-2025-41697
6.8 MEDIUM

An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with the credentials obtained from CVE-2025-41692.

Dec 9, 2025
CVE-2025-41696
4.6 MEDIUM

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read …

Dec 9, 2025
CVE-2025-41695
7.1 HIGH

An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to …

Dec 9, 2025
CVE-2025-41694
6.5 MEDIUM

A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, …

Dec 9, 2025
CVE-2025-41693
4.3 MEDIUM

A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads …

Dec 9, 2025
CVE-2025-41692
6.8 MEDIUM

A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a …

Dec 9, 2025
CVE-2025-40941
4.3 MEDIUM

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected devices exposes server information in its responses. This could allow …

Dec 9, 2025
CVE-2025-40940
4.9 MEDIUM

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability …

Dec 9, 2025
CVE-2025-40939
4.6 MEDIUM

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device contains a USB port which allows unauthenticated connections. This …

Dec 9, 2025
CVE-2025-40938
8.1 HIGH

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device stores sensitive information in the firmware. This could allow …

Dec 9, 2025
CVE-2025-40937
8.3 HIGH

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected application do not properly validate input parameters in its REST …

Dec 9, 2025
CVE-2025-40935
4.3 MEDIUM

A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions …

Dec 9, 2025
CVE-2025-40831
6.5 MEDIUM

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application lacks input validation of date parameter in report generation …

Dec 9, 2025
CVE-2025-40830
6.7 MEDIUM

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application does not have proper authorization checks for the file_transfer …

Dec 9, 2025
CVE-2025-40820
7.5 HIGH

Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated …

Dec 9, 2025
CVE-2025-40819
4.3 MEDIUM

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications do not properly validate license restrictions against the …

Dec 9, 2025
CVE-2025-40818
3.3 LOW

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that …

Dec 9, 2025
CVE-2025-40807
6.3 MEDIUM

A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to capture-replay of authentication tokens. This could …

Dec 9, 2025
CVE-2025-40806
5.3 MEDIUM

A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to user enumeration due to distinguishable responses. …

Dec 9, 2025
CVE-2025-40801
8.1 HIGH

A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), JT Bi-Directional Translator for STEP (All versions), …

Dec 9, 2025
CVE-2025-40800
7.4 HIGH

A vulnerability has been identified in COMOS V10.6 (All versions < V10.6.1), COMOS V10.6 (All versions < V10.6.1), NX V2412 (All versions < V2412.8700), NX …

Dec 9, 2025
CVE-2025-40344

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Disable periods-elapsed work when closing PCM avs_dai_fe_shutdown() handles the shutdown procedure for …

Dec 9, 2025
CVE-2025-40343

In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoid scheduling association deletion twice When forcefully shutting down a port via the configfs …

Dec 9, 2025
CVE-2025-40342

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock accessing port_state and rport state nvme_fc_unregister_remote removes the remote port on a …

Dec 9, 2025
CVE-2025-40341

In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robust_list pointer on exec race sys_get_robust_list() and compat_get_robust_list() use ptrace_may_access() to check …

Dec 9, 2025
CVE-2025-40340

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test. I saw an oops in xe_gem_fault …

Dec 9, 2025
CVE-2025-40339

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix nullptr err of vm_handle_moved If a amdgpu_bo_va is fpriv->prt_va, the bo of this …

Dec 9, 2025
CVE-2025-40338

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly, …

Dec 9, 2025
CVE-2025-40337

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Correctly handle Rx checksum offload errors The stmmac_rx function would previously set skb->ip_summed …

Dec 9, 2025
CVE-2025-40336

In the Linux kernel, the following vulnerability has been resolved: drm/gpusvm: fix hmm_pfn_to_map_order() usage Handle the case where the hmm range partially covers a huge …

Dec 9, 2025
CVE-2025-40335

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args, and …

Dec 9, 2025
CVE-2025-40334

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq buffer virtual address and size It needs to validate the userq object …

Dec 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.