6
CVE-2025-66578 - robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature valiβ¦
xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. Versions 3.1.3 contain an authentication bypass vulnerability due to a flaw in the libxml2 canonicalization process during document transformation. When libxml2βs canonicalization is invoked on an invalid XML inpβ¦
9.1
CVE-2025-42928 - Deserialization Vulnerability in SAP jConnect - SDK for ASE
Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may be vulnerable when specially crafted input is used to exploit the vulnerability resulting in high impact on confidentiality, integrity and aβ¦
6.5
CVE-2025-42904 - Information Disclosure vulnerability in Application Server ABAP
Due to an Information Disclosure vulnerability in Application Server ABAP, an authenticated attacker could read unmasked values displayed in ABAP Lists. Successful exploitation could lead to unauthorized disclosure of data, resulting in a high impact on confidentiality without affecting integrity oβ¦
5.4
CVE-2025-42896 - Server-Side Request Forgery (SSRF) in SAP BusinessObjects Business Intelligence Platform
SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrity,β¦
5.5
CVE-2025-42891 - Missing Authorization check in SAP Enterprise Search for ABAP
Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on applicβ¦
9.9
CVE-2025-42880 - Code Injection vulnerability in SAP Solution Manager
Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availability β¦
8.2
CVE-2025-42878 - Sensitive Data Exposure in SAP Web Dispatcher and Internet Communication Manager (ICM)
SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability aβ¦
7.5
CVE-2025-42877 - Memory Corruption vulnerability in SAP Web Dispatcher, Internet Communication Manager and SAP Conteβ¦
SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on confidentiality or integrity of the application.
7.1
CVE-2025-42876 - Missing Authorization Check in SAP S/4 HANA Private Cloud (Financials General Ledger)
Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials General Ledger), an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all company codes. Successful exploitation could β¦
6.6
CVE-2025-42875 - Missing Authentication check in SAP NetWeaver Internet Communication Framework
The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the appliβ¦