CVE-2025-42893

The CVE-2025-42893 issue is an Open Redirect in SAP Business Connector. An unauthenticated attacker can craft a URL that, when visited by a victim, redirects to an attacker-controlled site displayed in an embedded frame. This can lead to disclosure of sensitive information and unauthorized action...

CVE-2025-42893 Open Redirect vulnerability in SAP Business Connector

Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal...

CVE-2025-42889

CVE-2025-42889 affects SAP Starter Solution. An authenticated attacker can execute crafted database queries, exposing the back-end database. Impact is described as low for confidentiality and integrity, with no availability impact. Multiple connected sources (NVD/Red Hat/NCSc/CVE listing) confirm...

PT-2025-46240

Name of the Vulnerable Software and Affected Versions SAP CommonCryptoLib affected versions not specified Description SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. This can lead to memory corruption and...

PT-2025-46413

Name of the Vulnerable Software and Affected Versions Intel UEFI reference platforms affected versions not specified Description The kernel on some Intel UEFI reference platforms contains debug code that may allow a denial of service and escalation of privilege. A system software adversary with...

PT-2025-46417

Name of the Vulnerable Software and Affected Versions IntelR PresentMon versions prior to 2.3.1 Description The software has default permissions that, in some cases, may allow for an escalation of privilege. An unprivileged software adversary with an authenticated user and a high complexity attac...

SAP Solution Manager 代码注入漏洞

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

AXIS OS 安全漏洞

AXIS OS is an edge device operating system from Axis Sweden. AXIS OS has a security vulnerability that stems from insufficient input validation, which could lead to process crashes and affect availability...

PT-2025-46235

Name of the Vulnerable Software and Affected Versions SAP HANA JDBC Client affected versions not specified Description The SAP HANA JDBC Client contains a flaw due to inadequate validation of connection property values. A locally authenticated, high-privilege user can provide specially crafted...

OPENSUSE-SU-2025:15725-1 binutils-2.45-2.1 on GA media

These are all security issues fixed in the binutils-2.45-2.1 package on the GA media of openSUSE Tumbleweed...

kernel: wifi: cfg80211: fix use-after-free in cmp_bss()

A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...

OPENSUSE-SU-2025:15724-1 trivy-0.67.2-1.1 on GA media

These are all security issues fixed in the trivy-0.67.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15723-1 regclient-0.10.0-1.1 on GA media

These are all security issues fixed in the regclient-0.10.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15721-1 incus-6.17-2.1 on GA media

These are all security issues fixed in the incus-6.17-2.1 package on the GA media of openSUSE Tumbleweed...

xen-4.20.1_08-1.1 on GA media (moderate)

xen-4.20.108-1.1 on GA media Announcement ID: openSUSE-SU-2025:15719-1 Rating: moderate Cross-References: CVE-2025-58149 CVSS scores: CVE-2025-58149 SUSE : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2025-58149 SUSE : 4.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N...

OPENSUSE-SU-2025:15720-1 chromedriver-142.0.7444.134-1.1 on GA media

These are all security issues fixed in the chromedriver-142.0.7444.134-1.1 package on the GA media of openSUSE Tumbleweed...

tomcat11-11.0.13-1.1 on GA media (moderate)

tomcat11-11.0.13-1.1 on GA media Announcement ID: openSUSE-SU-2025:15718-1 Rating: moderate Cross-References: CVE-2025-55752 CVE-2025-55754 CVE-2025-61795 CVSS scores: CVE-2025-55752 SUSE : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-55752 SUSE : 7.7...

CVE-2025-64481

Datasette is an open source multi-tool for exploring and publishing data. In versions 0.65.1 and below and 1.0a0 through 1.0a19, deployed instances of Datasette include an open redirect vulnerability. Hits to the path //example.com/foo/bar/ the trailing slash is required will redirect the user to...

CVE-2025-63783

A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...

OPENSUSE-SU-2025:15710-1 govulncheck-vulndb-0.0.20251105T184115-1.1 on GA media

These are all security issues fixed in the govulncheck-vulndb-0.0.20251105T184115-1.1 package on the GA media of openSUSE Tumbleweed...