Skip to main content
CVE-2025-49539 MEDIUM This Month

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to access sensitive information. Exploitation of this issue does not require user interaction. The vulnerable component is restricted to internal IP addresses.

XXE Coldfusion
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2025-27127 MEDIUM This Month

A vulnerability has been identified in TIA Project-Server (All versions < V2.1.1), TIA Project-Server V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 4), Totally Integrated Automation Portal (TIA Portal) V20 (All versions < V20 Update 3). The affected application improperly handles uploaded projects in the document root. This could allow an attacker with contributor privileges to cause denial of service by uploading a malicious project.

File Upload Denial Of Service
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-42960 MEDIUM This Month

CVE-2025-42960 is a security vulnerability (CVSS 4.3) that allows an authenticated attacker. Remediation should follow standard vulnerability management procedures.

SAP Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-42986 MEDIUM PATCH This Month

Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application.

SAP Authentication Bypass Sap Basis
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-42974 MEDIUM This Month

CVE-2025-42974 is a security vulnerability (CVSS 4.3) that allows access. Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-27369 MEDIUM This Month

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuration and internal state which is only intended for administrators of the system.

Information Disclosure IBM Openpages With Watson
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-2827 MEDIUM This Month

CVE-2025-2827 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure IBM Sterling File Gateway
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49543 MEDIUM This Month

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, scope is changed. The vulnerable component is restricted to internal IP addresses.

XSS Coldfusion
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49541 MEDIUM This Month

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, scope is changed. The vulnerable component is restricted to internal IP addresses.

XSS Coldfusion
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49540 MEDIUM This Month

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, scope is changed. The vulnerable component is restricted to internal IP addresses.

XSS Coldfusion
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-42965 MEDIUM This Month

SAP CMC Promotion Management allows an authenticated attacker to enumerate internal network systems by submitting crafted requests during job source configuration. By analysing response times for various IP addresses and ports, the attacker can infer valid network endpoints. Successful exploitation may lead to information disclosure. This vulnerability does not impact the integrity or availability of the application.

SAP Information Disclosure SSRF
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-31326 MEDIUM This Month

SAP�BusinessObjects Business�Intelligence Platform (Web Intelligence) is vulnerable to HTML Injection, allowing an attacker with basic user privileges to inject malicious code into specific input fields. This could lead to unintended redirects or manipulation of application behavior, such as redirecting users to attacker-controlled domains. This issue primarily affects the integrity of the system. However, the confidentiality and availability of the system remain unaffected.

SAP XSS
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-20999 MEDIUM This Month

Improper authorization in accessing saved Wi-Fi password for Galaxy Tablet prior to SMR Jul-2025 Release 1 allows secondary users to access owner's saved Wi-Fi password.

Authentication Bypass Android
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-21003 MEDIUM This Month

Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information.

Information Disclosure Android
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-42971 MEDIUM This Month

A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could lead to file extraction and file overwrite outside the intended directories. This vulnerability has low impact on the confidentiality, integrity and availability of the application.

Buffer Overflow Memory Corruption
NVD
CVSS 3.1
4.0
EPSS
0.0%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy