CVE-2026-0490

SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impact on the availability but no impact on th...

CVE-2026-24323 Multiple vulnerabilities in BSP Applications of SAP Document Management System

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...

CVE-2026-0509 Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required SRFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the...

CVE-2026-0490

CVE-2026-0490 affects SAP BusinessObjects BI Platform. An unauthenticated attacker can craft a specific network request to a trusted endpoint that breaks authentication, resulting in a high impact on availability and no impact on confidentiality or integrity. CVSS v3.1 metrics: AV:N/AC:L/PR:N/UI:...

CVE-2026-0490 Denial of service (DOS) in SAP BusinessObjects BI Platform

SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impact on the availability but no impact on th...

CVE-2026-0485 Denial of service (DOS) vulnerability in SAP BusinessObjects BI Platform

SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server CMS to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, renderin...

PT-2026-7201

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects BI Platform affected versions not specified Description An unauthenticated attacker can send specially crafted requests to the Content Management Server CMS, potentially causing it to crash and automatically restart. Repeat...

PT-2026-7222

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...

PT-2026-7204

Name of the Vulnerable Software and Affected Versions SAP BusinessObjects BI Platform affected versions not specified Description An unauthenticated attacker can send a crafted network request to the trusted endpoint, bypassing authentication and preventing legitimate users from accessing the...

PT-2026-7301

Name of the Vulnerable Software and Affected Versions TDX Module versions prior to tdx1.5 Description A race condition exists within the hypervisor in Ring 0 for some TDX Module versions prior to tdx1.5, potentially leading to a denial of service. An authorized adversary with privileged user...

PT-2026-7267

The Simplicity Device Manager Tool has a Reflected XSS Cross-site-scripting vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs can affect confidentiality, integrity, and availability of the system that has Simplicity Device...

Robust Vision Systems for Connected and Autonomous Vehicles: Security Challenges and Attack Vectors

This article investigates the robustness of vision systems in Connected and Autonomous Vehicles CAVs, which is critical for developing Level-5 autonomous driving capabilities. Safe and reliable CAV navigation undeniably depends on robust vision systems that enable accurate detection of objects,...

PT-2026-7213

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

PT-2026-7286

Name of the Vulnerable Software and Affected Versions IntelR OptaneTM PMem management software versions CR MGMT 01.00.00.3584, CR MGMT 02.00.00.4052, CR MGMT 03.00.00.0538 Description The software has default permissions that may allow a privilege escalation. An unprivileged software adversary wi...

OPENSUSE-SU-2026:10165-1 keylime-config-7.14.0+0-1.1 on GA media

These are all security issues fixed in the keylime-config-7.14.0+0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10170-1 keylime-ima-policy-0.2.8+116-1.1 on GA media

These are all security issues fixed in the keylime-ima-policy-0.2.8+116-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10171-1 lemon-3.51.2-1.1 on GA media

These are all security issues fixed in the lemon-3.51.2-1.1 package on the GA media of openSUSE Tumbleweed...

kernel: vrf: use RCU protection in l3mdev_l3_out()

A use-after-free vulnerability was found in the Linux kernel. l3mdevl3out can be called without RCU being held, causing damage to the availability of the system...

CVE-2026-2241

A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function osstrftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is...

Security Bulletin: IBM® Db2® is vulnerable to sensitive information disclosure under specific HADR configuration (CVE-2025-36425)

Summary IBM® Db2® could allow an authenticated user to obtain sensitive information under specific HADR configuration. Vulnerability Details CVEID:CVE-2025-36425 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to obtain sensitive...