CVE-2025-42955

Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance, hence a low-impact on availability of...

CVE-2025-42950

SAP Landscape Transformation SLT allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as...

CVE-2025-42941

SAP Fiori Launchpad is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary...

CVE-2025-42946

Due to directory traversal vulnerability in SAP S/4HANA Bank Communication Management, an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to sensitive operating system files. This could allow the attacke...

CVE-2025-42936

The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impac...

CVE-2025-42945

SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or it...

PT-2025-33141 · Sourcecodester · Covid19 Testing Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester COVID 19 Testing Management System version 1.0 Description: A SQL injection issue exists in the /check availability.php file due to the manipulation of the employeeid argument. This allows for remote attacks. The exploit has be...

SourceCodester COVID 19 Testing Management System 安全漏洞

SourceCodester COVID 19 Testing Management System is a SourceCodester open source web-based application that provides an online platform for personal and Covid test management to manage individual testing processes and results. A security vulnerability exists in version 1.0 of the SourceCodester...

Ubuntu: Security Advisory (USN-7691-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2025:15442-1 tomcat11-11.0.9-1.1 on GA media

These are all security issues fixed in the tomcat11-11.0.9-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15440-1 tomcat-9.0.107-1.1 on GA media

These are all security issues fixed in the tomcat-9.0.107-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15441-1 tomcat10-10.1.43-1.1 on GA media

These are all security issues fixed in the tomcat10-10.1.43-1.1 package on the GA media of openSUSE Tumbleweed...

qemu-10.0.3-1.1 on GA media (moderate)

qemu-10.0.3-1.1 on GA media Announcement ID: openSUSE-SU-2025:15437-1 Rating: moderate Cross-References: CVE-2025-54566 CVSS scores: CVE-2025-54566 SUSE : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2025-54566 SUSE : 2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N...

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.19.0, 9.4.0, and 9.6.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

OPENSUSE-SU-2025:15438-1 rz-pm-0.3.3+git~14~gcee0d0d-1.1 on GA media

These are all security issues fixed in the rz-pm-0.3.3+git14gcee0d0d-1.1 package on the GA media of openSUSE Tumbleweed...

DoS (Denial of Service) Third-Party Dependency in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 5.12.0, 10.3.0, 10.6.0, 10.7.1, and 11.0.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

CVE-2025-25248

An Integer Overflow or Wraparound vulnerability CWE-190 in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions and...

CVE-2025-25248

An Integer Overflow or Wraparound vulnerability CWE-190 in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions and...

CVE-2025-25248

An Integer Overflow or Wraparound vulnerability CWE-190 in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions and...

CVE-2025-55168 WeGIA SQL Injection via id_fichamedica at endpoint `GET /html/saude/aplicar_medicamento.php`

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/saude/aplicarmedicamento.php endpoint, specifically in the idfichamedica parameter. This vulnerability allows...