CVE-2025-12985

CVE-2025-12985 affects IBM Licensing Operator, where privileges are incorrectly assigned to security-critical files, enabling local root escalation inside the container. The cited IBM Cloud Pak for Business Automation bulletin lists remediation: apply 25.0.0-IF003 for 25.0.0, or 24.0.1-IF006 for ...

CVE-2025-40744

A vulnerability has been identified in Solid Edge SE2025 All versions V225.0 Update 11. Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks...

CVE-2025-61037

A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...

CVE-2025-40744

A vulnerability has been identified in Solid Edge SE2025 All versions V225.0 Update 11. Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks...

CVE-2025-40744

A vulnerability has been identified in Solid Edge SE2025 All versions V225.0 Update 11. Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks...

CVE-2025-40744

A vulnerability has been identified in Solid Edge SE2025 All versions V225.0 Update 11. Affected applications do not properly validate client certificates to connect to License Service endpoint. This could allow an unauthenticated remote attacker to perform man in the middle attacks...

CVE-2025-40744

Summary: CVE-2025-40744 affects Solid Edge SE2025 prior to V225.0 Update 11, where the License Service endpoint fails to properly validate client certificates, enabling a potential man-in-the-middle for unauthenticated attackers. Both Red Hat and PT security sources confirm the issue and the affe...

PT-2025-46538

Name of the Vulnerable Software and Affected Versions Solid Edge SE2025 versions prior to V225.0 Update 11 Description The application does not properly validate client certificates when connecting to the License Service endpoint. This could allow a remote attacker to perform man-in-the-middle...

EUVD-2020-2194

Malware in sbrugna...

EUVD-2022-32013

Malicious code in bioql PyPI...

Security Bulletin: NVIDIA License System - September 2025

NVIDIA has released an update for the Delegated License Service DLS component of NVIDIA License System to address a security issue that might lead to impacts described in this bulletin. To protect your system, download and install the latest version of the DLS. To simplify the upgrade of an...

CVE-2020-0701

An elevation of privilege vulnerability exists in the way that the Windows Client License Service ClipSVC handles objects in memory, aka 'Windows Client License Service Elevation of Privilege Vulnerability'...

The vulnerability of the Delegated License Service (DLS) component of the NVIDIA licensing system allows a perpetrator to gain unauthorized access to protected information and cause service failures.

The vulnerability of the Delegated License Service DLS component of NVIDIA’s licensing system lies in the absence of authentication procedures. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information and cause service...

Security Bulletin: NVIDIA Delegated License System - November 2024

NVIDIA has released a software update for the Delegated License Service DLS virtual appliance component of NVIDIA License System to address the security issues listed below. To protect your system, download and install this software update through the NVIDIA Licensing Portal. To simplify the...

Security Bulletin: IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710.

Summary IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerabl...

The vulnerability of the HTTP Request Handler component in the SAP Business One License service API allows a perpetrator to execute arbitrary code due to incorrect authentication.

The vulnerability of the HTTP Request Handler component in the SAP Business One License service API is related to incorrect authentication. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted HTTP request...

SAP Business One License service API授权问题漏洞

SAP Business One License service API is a service of SAP Germany. It provides a unified service endpoint that can be used to access business data from source systems outside of the SAP Business One system via API calls.The SAP Business One License service API contains an authorization issue...

CVE-2022-28771

Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible...

CVE-2022-28771

Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible...

CVE-2022-28771

Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible...