Skip to main content
CVE-2025-40751 MEDIUM Monitor

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Simatic Rtls Locating Manager
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-40746 CRITICAL This Week

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Simatic Rtls Locating Manager
NVD
CVSS 4.0
9.4
EPSS
0.5%
CVE-2025-40743 HIGH This Month

A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-40584 MEDIUM This Month

A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-40570 LOW Monitor

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 <. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
2.4
EPSS
0.0%
CVE-2025-33023 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-30034 MEDIUM This Month

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Simatic Rtls Locating Manager
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-30033 HIGH This Month

The affected setup component is vulnerable to DLL hijacking. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2024-52504 HIGH This Month

A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-41986 MEDIUM This Month

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 <. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Opcenter Quality
NVD
CVSS 4.0
6.1
EPSS
0.0%
CVE-2024-41985 LOW Monitor

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 <. Rated low severity (CVSS 2.1), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Opcenter Quality
NVD
CVSS 4.0
2.1
EPSS
0.0%
CVE-2024-41984 LOW Monitor

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 <. Rated low severity (CVSS 2.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Opcenter Quality
NVD
CVSS 4.0
2.1
EPSS
0.0%
CVE-2024-41983 MEDIUM This Month

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 <. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Opcenter Quality
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2024-41982 MEDIUM This Month

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 <. Rated medium severity (CVSS 5.9). No vendor patch available.

Information Disclosure Opcenter Quality
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2024-41980 LOW Monitor

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 <. Rated low severity (CVSS 2.0). No vendor patch available.

Authentication Bypass Opcenter Quality
NVD
CVSS 4.0
2.0
EPSS
0.0%
CVE-2024-41979 HIGH This Month

A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 <. Rated high severity (CVSS 7.5). No vendor patch available.

Authentication Bypass Opcenter Quality
NVD
CVSS 4.0
7.5
EPSS
0.0%
CVE-2025-43736 MEDIUM PATCH This Month

A Denial Of Service via File Upload (DOS) vulnerability in the Liferay Portal 7.4.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service File Upload Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-8885 MEDIUM PATCH This Month

Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Java Red Hat Suse
NVD GitHub
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-41686 HIGH This Month

A low-privileged local attacker can exploit improper permissions on nssm.exe to escalate their privileges and gain administrative access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-26398 MEDIUM PATCH This Month

SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. Rated medium severity (CVSS 5.6). This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Database Performance Analyzer
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-8874 MEDIUM This Month

The Master Addons - Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8767 MEDIUM Monitor

The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 0.16.17 via the 'download_csv_players' and 'download_csv_games' functions. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE PHP
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-8482 MEDIUM Monitor

The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-8418 HIGH This Month

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress RCE PHP
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-8081 MEDIUM PATCH Monitor

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Website Builder PHP Elementor
NVD GitHub
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-6253 HIGH This Month

The UiCore Elements - Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the prepare_template() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-3892 MEDIUM This Month

ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Axis Os
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-30027 MEDIUM This Month

An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Axis Os
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-8314 MEDIUM This Month

The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg parameter in all versions up to, and including, 5.0.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8059 CRITICAL This Week

The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-7622 MEDIUM This Month

During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

SSRF Camera Station Camera Station Pro
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-8690 MEDIUM This Month

The Simple Responsive Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8688 MEDIUM This Month

The Inline Stock Quotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock shortcode in all versions up to, and including, 0.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8685 MEDIUM This Month

The Wp chart generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpchart shortcode in all versions up to, and including, 1.0.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8621 MEDIUM This Month

The Mosaic Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘c’ parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8568 MEDIUM This Month

The GMap Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘h’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8462 MEDIUM This Month

The RT Easy Builder - Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social URL parameter in all versions up to, and including, 2.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-4390 MEDIUM This Month

The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validate_restrictions' function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-42976 HIGH This Month

SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow SAP Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-42975 MEDIUM This Month

SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-42957 CRITICAL This Week

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-42955 LOW Monitor

Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass SAP
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-42951 HIGH This Month

Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a result , it has a high. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-42950 CRITICAL This Week

SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-42949 MEDIUM Monitor

Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-42948 MEDIUM This Month

Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-42946 MEDIUM This Month

Due to directory traversal vulnerability in SAP S/4HANA (Bank Communication Management), an attacker with high privileges and access to a specific transaction and method in Bank Communication. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass SAP Path Traversal
NVD
CVSS 3.1
6.9
EPSS
0.1%
CVE-2025-42945 MEDIUM This Month

SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SAP Code Injection
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-42943 MEDIUM Monitor

SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2025-42942 MEDIUM This Month

SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
Prev Page 7 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy