1178 matches found
CVE-2025-27434
CVE-2025-27434 affects SAP Commerce (Swagger UI). The issue is caused by insufficient input validation, allowing an unauthenticated attacker to inject remote code and perform a cross-site scripting (XSS) attack, with high impact to confidentiality, integrity, and availability (CVSSv3.1: AV:N/AC:L...
PT-2025-10680 · Sap · Sap Commerce
Name of the Vulnerable Software and Affected Versions: SAP Commerce affected versions not specified Description: The issue is caused by insufficient input validation in SAP Commerce Swagger UI, allowing an unauthenticated attacker to inject malicious code from remote sources. This can be leverage...
The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, Thunderbird ESR, are related to authentication process errors. These errors allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, Thunderbird ESR, are related to authentication process errors. Exploiting these vulnerabilities can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the zswap_pool_create() function in the mm/zswap.c module of the Linux kernel’s memory management subsystem allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the zswappoolcreate function in the mm/zswap.c module of the Linux kernel’s memory management subsystem is related to the reutilization of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...
The vulnerability of the IOMobileFrameBuffer component in operating systems such as MacOs, tvOs, watchOs, iPadOs, and iOS allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the IOMobileFrameBuffer component in operating systems such as MacOs, tvOS, watchOS, iPadOS, and iOS lies in the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and...
The vulnerability of the Monitoring and Diagnostics component of the JD Edwards EnterpriseOne Tools in the enterprise resource management system makes it possible for a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Monitoring and Diagnostics component of the JD Edwards EnterpriseOne Tools system’s resource management system is related to the lack of authentication checks for a critical function. Exploiting this vulnerability allows an attacker, operating remotely, to compromise the...
The vulnerability of the smb2_write() function in the fs/ksmbd/smb2pdu.c module allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the smb2write function in the fs/ksmbd/smb2pdu.c module is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of DHCP servers for real-time operating systems like Wind River VxWorks allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of DHCP servers for real-time operating systems from Wind River VxWorks relates to operations that go beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the ma35_pinctrl_dt_node_to_map_func() function in the drivers/pinctrl/nuvoton/pinctrl-ma35.c file of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the ma35pinctrldtnodetomapfunc function in the drivers/pinctrl/nuvoton/pinctrl-ma35.c file of the Linux kernel is related to the repeated release of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity,...
The vulnerability of the edge_bulk_out_cmd_callback() function in the drivers/usb/serial/io_edgeport.c file of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the edgebulkoutcmdcallback function in the drivers/usb/serial/ioedgeport.c file of the Linux kernel is related to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility...
The vulnerability of the bitmap_ip_uadt() function in the net/netfilter/ipset/ip_set_bitmap_ip.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the bitmapipuadt function in the net/netfilter/ipset/ipsetbitmapip.c module of the Linux kernel is related to incorrect validation of input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...
The vulnerability of the kunit_try_catch_run() function in the KUnit framework (lib/kunit/try-catch.c) in the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the kunittrycatchrun function in the KUnit framework lib/kunit/try-catch.c in the Linux kernel is related to the reallocation of memory after its deallocation due to concurrent access to resources race condition. Exploiting this vulnerability could allow an attacker to...
The vulnerability of the Translate component in Microsoft Edge and Google Chrome browsers allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Translate component in Microsoft Edge and Google Chrome relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the application software interface “lan_apply” of the microprogrammed wireless access points of Advantech models EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the “lanapply” application programming interface of the microprogramming-based wireless access points of Advantech models EKI-6333AC-2G, EKI-6333AC-2GD, and EKI-6333AC-1GPO exists due to the failure to take measures to neutralize the special elements used in the operating...
The vulnerability of the `of_modalities()` function in the Linux operating system’s kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the ofmodalities function in the drivers/of/module.c module of the Linux kernel is related to access to memory beyond the allocated buffer. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the...
The vulnerability of the mmap_mutex function in the Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of data.
The vulnerability of the mmapmutex function in Linux operating systems is related to the recovery of unreliable data in memory. Exploiting this vulnerability can allow a remote attacker to compromise confidentiality, integrity, and accessibility of data...
The vulnerability of the ucma_cleanup_multicast() function in the InfiniBand driver for Linux operating systems allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the ucmacleanupmulticast function in the drivers/infiniband/core/ucma.c file of the Linux kernel’s InfiniBand driver is related to the reutilization of previously released memory due to competitive access to resources race condition. Exploiting this vulnerability could allow ...
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations beyond the buffer in memory, which allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the issue of operations occurring outside of the buffer in memory during object cloning. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibili...
The vulnerability in the implementation of the WebRTC technology in Google Chrome browser allows attackers to compromise the confidentiality, integrity, and accessibility of data.
The vulnerability of WebRTC implementations in Google Chrome and Microsoft Edge relates to the use of memory after deallocation. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of data through a specially crafted HTML page...
The vulnerability of the switchtec_ntbremove() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the switchtecntbremove function in the drivers/ntb/hw/mscc/ntb hw switchtec.c file of the Linux kernel is related to the reutilization of previously freed memory due to competitive access to resources race condition. Exploiting this vulnerability could allow an attacker to...