NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-42880	Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function...	2025-12-09	9.9	NETWORK	CRITICAL	NVD
CVE-2025-42878	SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could ex...	2025-12-09	8.2	NETWORK	HIGH	NVD
CVE-2025-42877	SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to ...	2025-12-09	7.5	NETWORK	HIGH	NVD
CVE-2025-42876	Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials General Ledger), an authenticated attacker with authoriza...	2025-12-09	7.1	NETWORK	HIGH	NVD
CVE-2025-42875	The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to...	2025-12-09	6.6	NETWORK	MEDIUM	NVD
CVE-2025-42874	SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on the affected system ...	2025-12-09	7.9	NETWORK	HIGH	NVD
CVE-2025-42873	SAPUI5 (and OpenUI5) packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed inpu...	2025-12-09	5.9	NETWORK	MEDIUM	NVD
CVE-2025-42872	Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that ...	2025-12-09	6.1	NETWORK	MEDIUM	NVD
CVE-2025-41752	An XSS vulnerability in pxc_portSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided...	2025-12-09	7.1	NETWORK	HIGH	NVD
CVE-2025-41751	An XSS vulnerability in pxc_portCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provide...	2025-12-09	7.1	NETWORK	HIGH	NVD
CVE-2025-41750	An XSS vulnerability in pxc_PortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided...	2025-12-09	7.1	NETWORK	HIGH	NVD
CVE-2025-41749	An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided b...	2025-12-09	7.1	NETWORK	HIGH	NVD
CVE-2025-41748	An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provide...	2025-12-09	7.1	NETWORK	HIGH	NVD
CVE-2025-41747	An XSS vulnerability in pxc_vlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POS...	2025-12-09	7.1	NETWORK	HIGH	NVD
CVE-2025-41746	An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST...	2025-12-09	7.1	NETWORK	HIGH	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.