CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-27431 – Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java
https://notcve.org/view.php?id=CVE-2025-27431
11 Mar 2025 — This could enable an attacker to inject malicious payload that gets stored and executed when a user accesses the functionality, hence leading to information disclosure or unauthorized data modifications within the scope of victim�s browser. • https://me.sap.com/notes/3567246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23185 – Information Disclosure in SAP Business Objects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2025-23185
11 Mar 2025 — Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access to this disclosed information, and they could use it to craft further exploits. There is no impact on the integrity and availability of the application. • https://me.sap.com/notes/3549494 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-0071 – Information Disclosure vulnerability in SAP Web Dispatcher and Internet Communication Manager
https://notcve.org/view.php?id=CVE-2025-0071
11 Mar 2025 — SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability. • https://me.sap.com/notes/3558132 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26701
https://notcve.org/view.php?id=CVE-2025-26701
11 Mar 2025 — The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. • https://www.percona.com/blog/security-advisory-cve-affecting-percona-monitoring-and-management-pmm • CWE-1393: Use of Default Password •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2137 – Debian Security Advisory 5877-1
https://notcve.org/view.php?id=CVE-2025-2137
10 Mar 2025 — (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2136 – Debian Security Advisory 5877-1
https://notcve.org/view.php?id=CVE-2025-2136
10 Mar 2025 — (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2135 – Debian Security Advisory 5877-1
https://notcve.org/view.php?id=CVE-2025-2135
10 Mar 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1920 – Debian Security Advisory 5877-1
https://notcve.org/view.php?id=CVE-2025-1920
10 Mar 2025 — (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56187
https://notcve.org/view.php?id=CVE-2024-56187
10 Mar 2025 — This could lead to local information disclosure with System execution privileges needed. • https://source.android.com/security/bulletin/pixel/2025-03-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56186
https://notcve.org/view.php?id=CVE-2024-56186
10 Mar 2025 — This could lead to local information disclosure with no additional execution privileges needed. • https://source.android.com/security/bulletin/pixel/2025-03-01 • CWE-125: Out-of-bounds Read •