CVE-2025-27912
CVE-2025-27911
CVE-2025-27893
CVE-2025-27494
CVE-2025-27493
CVE-2025-27438
CVE-2025-27436
CVE-2025-27434
CVE-2025-27433
CVE-2025-27432
CVE-2025-27431
CVE-2025-27430
CVE-2025-27398
CVE-2025-27397
CVE-2025-27396
CVE-2025-27395
CVE-2025-27394
CVE-2025-27393
CVE-2025-27392
CVE-2025-26707
An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or (2) when username/password or Active Directory authentication is in use and a user visits a compromised/malicious site under the same effective top-level domain as the Seq server. Exploitation of the vulnerability allows the attacker to conduct impersonation attacks and perform actions in Seq on behalf of the targeted user.
Maximum CVSS Score : 8.8
Exploit Availability: Not available
CVE-2025-27911
An issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message templates can be used to bypass the system "Event body limit bytes" setting, leading to increased resource consumption. With sufficiently large events, there can be disk space exhaustion (if saved to disk) or a termination of the server process with an out-of-memory error.
Maximum CVSS Score : 6.5
Exploit Availability: Not available
CVE-2025-27893
In Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation privileges can manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request via a GenericContent/Record.aspx?id= URI. This enables unauthorized modification of system-generated metadata, compromising data integrity and potentially impacting auditing, compliance, and security controls.
Maximum CVSS Score : 1.8
Exploit Availability: Not available
CVE-2025-27494
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.
Maximum CVSS Score : 9.4
Exploit Availability: Not available
CVE-2025-27493
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.
Maximum CVSS Score : 9.3
Exploit Availability: Not available
CVE-2025-27438
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions < V14.3.0.13), Teamcenter Visualization V2312 (All versions < V2312.0009), Teamcenter Visualization V2406 (All versions < V2406.0007), Teamcenter Visualization V2412 (All versions < V2412.0002), Tecnomatix Plant Simulation V2302 (All versions < V2302.0021), Tecnomatix Plant Simulation V2404 (All versions < V2404.0010). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.
This could allow an attacker to execute code in the context of the current process.
This could allow an attacker to execute code in the context of the current process.
Maximum CVSS Score : 7.8
Exploit Availability: Not available
CVE-2025-27436
The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a low impact on integrity, with no impact on the confidentiality of the data or the availability of the application.
Maximum CVSS Score : 4.3
Exploit Availability: Not available
CVE-2025-27434
Due to insufficient input validation, SAP Commerce (Swagger UI) allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a cross-site scripting (XSS) attack. This could lead to a high impact on the confidentiality, integrity, and availability of data in SAP Commerce.
Maximum CVSS Score : 8.8
Exploit Availability: Not available
CVE-2025-27433
The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on confidentiality and availability of the application.
Maximum CVSS Score : 4.3
Exploit Availability: Not available
CVE-2025-27432
The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. By executing the specific ABAP method within the ABAP system, an unauthorized attacker could call each transaction and view the inbound delivery details. This vulnerability has a low impact on the confidentiality with no effect on the integrity and the availability of the application.
Maximum CVSS Score : 2.4
Exploit Availability: Not available
CVE-2025-27431
User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS). This could enable an attacker to inject malicious payload that gets stored and executed when a user accesses the functionality, hence leading to information disclosure or unauthorized data modifications within the scope of victim�s browser. There is no impact on availability.
Maximum CVSS Score : 5.4
Exploit Availability: Not available
CVE-2025-27430
Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application's confidentiality. There is no impact on integrity or availability
Maximum CVSS Score : 3.5
Exploit Availability: Not available
CVE-2025-27398
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log paths.
This could allow an authenticated highly-privileged remote attacker to execute a limited set of binaries that are already present on the filesystem.
This could allow an authenticated highly-privileged remote attacker to execute a limited set of binaries that are already present on the filesystem.
Maximum CVSS Score : 2.7
Exploit Availability: Not available
CVE-2025-27397
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit user controlled paths to which logs are written and from where they are read.
This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files in the filesystem, if and only if the malicious path ends with 'log' .
This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files in the filesystem, if and only if the malicious path ends with 'log' .
Maximum CVSS Score : 5.1
Exploit Availability: Not available
CVE-2025-27396
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the elevation of privileges required to perform certain valid functionality.
This could allow an authenticated lowly-privileged remote attacker to escalate their privileges.
This could allow an authenticated lowly-privileged remote attacker to escalate their privileges.
Maximum CVSS Score : 8.8
Exploit Availability: Not available
CVE-2025-27395
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit the scope of files accessible through and the privileges of the SFTP functionality.
This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files.
This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files.
Maximum CVSS Score : 8.6
Exploit Availability: Not available
CVE-2025-27394
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new SNMP users.
This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device.
This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device.
Maximum CVSS Score : 8.6
Exploit Availability: Not available
CVE-2025-27393
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new users.
This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device.
This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device.
Maximum CVSS Score : 8.6
Exploit Availability: Not available
CVE-2025-27392
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new VXLAN configurations.
This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device.
This could allow an authenticated highly-privileged remote attacker to execute arbitrary code on the device.
Maximum CVSS Score : 8.6
Exploit Availability: Not available
CVE-2025-26707
Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05.
Maximum CVSS Score : 5.3
Exploit Availability: Not available
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
