CVE-2026-24326 Missing authorization check in SAP S/4HANA Defense & Security (Disconnected Operations)

Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low impact on integrity, with no impact on...

CVE-2026-24326 Missing authorization check in SAP S/4HANA Defense & Security (Disconnected Operations)

Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low impact on integrity, with no impact on...

CVE-2026-23681

CVE-2026-23681 affects SAP Support Tools Plug-In where a missing authorization check in a function module allows an authenticated attacker to invoke certain function modules and retrieve system and configuration information. The vulnerability risks only low confidentiality impact for the applicat...

CVE-2026-23681 Missing Authorization check in a function module in SAP Support Tools Plug-In

Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan...

Intel Memory and Storage Tool 安全漏洞

Intel Memory and Storage Tool is a utility tool developed by Intel Corporation in the United States, used for managing and monitoring Intel Solid State Disks SSD and memory modules. Prior to version 2.5.2 of Intel Memory and Storage Tool, there were security vulnerabilities. These vulnerabilities...

SAP ABAP Platform 安全漏洞

SAP ABAP Platform is an ABAP-based SAP solution developed by the German company SAP. There is a security vulnerability in SAP ABAP Platform, which stems from the unauthorized activation of functional modules that fail to perform necessary authorization checks on verified users. This vulnerability...

CVE-2025-66597

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports weak cryptographic algorithms, potentially allowing an attacker to decrypt communications with the web server. The affected products and versions are as follows: FAST/TOOLS Packages:...

CVE-2026-25632

EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field...

GHSA-4HC4-8599-XH2H OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service

Summary Critical Time-Based Blind SQL Injection vulnerability affecting multiple search modules in OpenSTAManager v2.9.8 allows authenticated attackers to extract sensitive database contents including password hashes, customer data, and financial records through time-based Boolean inference attac...

MAL-2026-797 Malicious code in @rsgweb/modules-core-feedback (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45c68d1fafad6a94ebe843e20901dd8e5251d0b27b963d07e71ecefbd16c7465 The package @rsgweb/modules-core-feedback was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview @rsgweb/modules-core-feedback is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

PT-2026-6848

Summary Critical Time-Based Blind SQL Injection vulnerability affecting multiple search modules in OpenSTAManager v2.9.8 allows authenticated attackers to extract sensitive database contents including password hashes, customer data, and financial records through time-based Boolean inference attac...

Zabbix Agent Binaries Path Abuse Scanner

This scanner performs automated static analysis of Zabbix Agent binaries to detect hardcoded OpenSSL configuration paths that may enable provider or engine abuse. It identifies embedded OPENSSLDIR, ENGINESDIR, and MODULESDIR values, extracts OpenSSL version information, and checks for dynamic...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service (CVE-2025-12758, CVE-2025-13466, CVE-2025-14874) and loss of confidentiality (CVE-2025-65945)

Summary IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and loss of confidentiality. This bulletin provides patch information to address the reported vulnerabilities in Node.js modules validator CVE-2025-12758, body-parser CVE-2025-13466, nodemailer...

CVE-2025-68119

A flaw was found in Golang's cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial hg installed, this can occur when downloading modules from...

CVE-2025-58077

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network packets containing an excessive number of host entries This iss...

CVE-2025-59482

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected...

CVE-2025-62673

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tdpserver modules allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects Archer AX53 v1.0:...

CVE-2025-62405

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected...

CVE-2025-59487

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. The vulnerability arises from improper validation of a packet field whose offset is used to determine...