CVE-2023-40623

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited...

CVE-2021-27602

SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malicious code in the...

CVE-2021-27635

SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise...

EUVD-2021-14382

Malware in sbrugna...

EUVD-2019-16139

Malware in sbrugna...

EUVD-2019-16133

Malware in sbrugna...

EUVD-2023-24687

Malicious code in bioql PyPI...

EUVD-2023-45179

Malicious code in bioql PyPI...

CVE-2025-42953

SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system...

TencentOS Server 3: edk2 (TSSA-2024:0090)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0090 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2024-31988

XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, b...

CVE-2024-31984

XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the Solr-based search in XWiki. This allows any user who can edi...

CVE-2022-34467

A vulnerability has been identified in Mendix Excel Importer Module Mendix 8 compatible All versions V9.2.2, Mendix Excel Importer Module Mendix 9 compatible All versions V10.1.2. The affected component is vulnerable to XML Entity Expansion Injection. An attacker may use this to compromise the...

CVE-2021-21480

SAP MII allows users to create dashboards and save them as JSP through the SSCE Self Service Composition Environment. An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by users having at least SAPXMII...

CVE-2019-6578

A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 with NXG I control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- All Versions with option G28, SINAMICS PERFECT HARMONY GH180 with NXG II control, MLFBs: 6SR2...-, 6SR3...-, 6SR4...- All Versions with option G28. A denial of service...

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-02241)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that can be exploited by an attacker to compromise availability...

Huawei HarmonyOS HUKS Module Incorrect Memory Address Protection Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. An incorrect memory address protection vulnerability exists in the Huawei HarmonyOS HUKS module, which can be exploited by an attacker to cause availability ...

CVE-2024-43658

CVE-2024-43658 concerns Iocharger Home firmware prior to 25010801. The issue is a patch traversal/external control of file name or path vulnerability that allows an authenticated attacker to delete arbitrary files on the charging station, potentially removing binaries and compromising integrity a...

CVE-2024-41947 XWiki Platform XSS through conflict resolution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the...

CVE-2024-4315

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion LFI attacks due to insufficient path sanitization. The sanitizepathfromendpoint function fails to properly sanitize Windows-style paths backward slash , allowing attackers to perform directory traversal attacks on Windows systems...