105 new CVEs published on 2025-04-08 (CVSS: 7.3 - 10.0)
CybersecurityVulnerabilitiesExploitsSoftwareSecurity
This content is an AI-generated summary. If you encounter any misinformation or problematic content, please report it to cyb.hub@proton.me.
| CVE ID | CVSS | Description |
|---|---|---|
| CVE-2024-54092 | 9.8 | A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions). |
| CVE-2025-2004 | 9.1 | The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX function. |
| CVE-2024-41788 | 9.1 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
The web interface of affected devices does not sanitize the input. |
| CVE-2024-41789 | 9.1 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the language. |
| CVE-2024-41790 | 9.1 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions).
The web interface of affected devices does not sanitize the request. |
| CVE-2024-41794 | 10.0 | A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access. |
| CVE-2025-27429 | 9.9 | SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC.
This flaw enables the injection of arbitrary commands. |
| CVE-2025-31330 | 9.9 | SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary commands. |
| CVE-2025-30016 | 9.8 | SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account.
The vulnerability arises due to improper access control. |
| CVE-2025-23186 | 8.5 | In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restrict access. |
| CVE-2025-27428 | 7.7 | Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. |
| CVE-2025-3248 | 9.8 | Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint.
A remote and unauthenticated attacker can send arbitrary code. |
| CVE-2025-3361 | 9.8 | The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands. |
| CVE-2025-29087 | 9.8 | Sqlite 3.49.0 is susceptible to integer overflow through the concat function. |
| CVE-2025-20946 | 8.8 | Improper handling of exceptional conditions in pairing specific Bluetooth devices in Galaxy Watch Bluetooth pairing prior to SMR Apr-2025 Release 1 allows attackers to exploit vulnerabilities. |
|
ps://www.cyberhub.blog/cves/CVE-2025-3371" target="_blank" rel="noopener noreferrer">CVE-2025-3371 | 7.3 | A vulnerability has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component. |
| CVE-2025-3372 | 7.3 | A vulnerability has been found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component MKDIR Command. |
| CVE-2025-3373 | 7.3 | A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical.
Affected by this vulnerability is an unknown functionality of the component. |
| CVE-2025-3374 | 7.3 | A vulnerability was found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this issue is some unknown functionality of the component. |