CVE-2025-42914

Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiali...

PT-2025-37113

Name of the Vulnerable Software and Affected Versions: lokibhardwaj PHP-Code-For-Unlimited-File-Upload versions up to 124fe96324915490c81eaf7db3234b0b4e4bab3c Description: A weakness exists in the file /f.php within the software. Manipulation of the argument h can lead to cross-site scripting...

ROS-20250911-07

A vulnerability in the Apache Commons Compress archiver is related to the execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker to affect the integrity, availability, and confidentiality of protected information. confidentiality of...

Xen 安全漏洞

Xen is an open source virtual machine monitor product from Xen Open Source. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime. Xen has a security vulnerability that can be exploited by...

OPENSUSE-SU-2025:15547-1 xen-4.20.1_04-1.1 on GA media

These are all security issues fixed in the xen-4.20.104-1.1 package on the GA media of openSUSE Tumbleweed...

Moderate: Red Hat Security Advisory: resource-agents security update

An update for resource-agents is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability...

Moderate: Red Hat Security Advisory: resource-agents security update

An update for resource-agents is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common...

RHEL 8 : resource-agents (RHSA-2025:15618)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15618 advisory. The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several servic...

Linux Distros Unpatched Vulnerability : CVE-2011-1190

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to...

OPENSUSE-SU-2025:15540-1 rustup-1.28.2~0-2.1 on GA media

These are all security issues fixed in the rustup-1.28.20-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15542-1 trivy-0.66.0-1.1 on GA media

These are all security issues fixed in the trivy-0.66.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-8007

A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable MNFR fault. This condition may lead to unexpected system crashes and loss of device availability...

CVE-2025-8007 Rockwell Automation 1756-ENT2R, EN4TR, EN4TRXT Vulnerability

A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable MNFR fault. This condition may lead to unexpected system crashes and loss of device availability...

Advisory ROSA-SA-2025-2970

software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-8 affected versions tomcat-9.0.37-8 CVE-ID: CVE-2025-31651 BDU-ID: 2025-05707 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the Apache Tomcat application server is related to a flaw in the output encoding or escaping...

CVE-2025-42916

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on...

CVE-2025-42929 Missing input validation vulnerability in SAP Landscape Transformation Replication Server

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database...

CVE-2025-42927 Information Disclosure due to Outdated OpenSSL Version in SAP NetWeaver AS Java (Adobe Document Service)

SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modify system information.This vulnerability ha...

CVE-2025-42916 Missing input validation vulnerability in SAP S/4HANA (Private Cloud or On-Premise)

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on...

CVE-2025-42916 Missing input validation vulnerability in SAP S/4HANA (Private Cloud or On-Premise)

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on...

PT-2025-36558

Name of the Vulnerable Software and Affected Versions: SAP ABAP affected versions not specified Description: The issue involves a missing input validation in ABAP reports. An attacker with high privilege access could delete the content of arbitrary database tables not protected by an authorizatio...