CVE-2025-55168 WeGIA SQL Injection via id_fichamedica at endpoint `GET /html/saude/aplicar_medicamento.php`

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/saude/aplicarmedicamento.php endpoint, specifically in the idfichamedica parameter. This vulnerability allows...

CVE-2025-22834

AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by local accessing. Successful exploitation of this vulnerability may leave the resource in an unexpected state and potentially impact confidentiality, integrity, and availability...

CVE-2025-22830

APTIOV contains a vulnerability in BIOS where a skilled user may cause “Race Condition” by local access. A successful exploitation of this vulnerability may lead to resource exhaustion and impact Confidentiality, Integrity, and Availability...

CVE-2025-22830

APTIOV contains a vulnerability in BIOS where a skilled user may cause “Race Condition” by local access. A successful exploitation of this vulnerability may lead to resource exhaustion and impact Confidentiality, Integrity, and Availability...

CVE-2025-22830 SmiFlash Race Condition Vulnerability

APTIOV contains a vulnerability in BIOS where a skilled user may cause “Race Condition” by local access. A successful exploitation of this vulnerability may lead to resource exhaustion and impact Confidentiality, Integrity, and Availability...

CVE-2025-22830 SmiFlash Race Condition Vulnerability

APTIOV contains a vulnerability in BIOS where a skilled user may cause “Race Condition” by local access. A successful exploitation of this vulnerability may lead to resource exhaustion and impact Confidentiality, Integrity, and Availability...

CVE-2025-22830

The CVE-2025-22830 entry concerns AMI Aptiov BIOS whoseRace Condition occurs when a user with local access can trigger a vulnerability in the BIOS. The root cause is a local race condition that can lead to resource exhaustion, with impacts stated as Confidentiality, Integrity, and Availability be...

CVE-2025-22834

AMI AptioV BIOS contains a vulnerability described as an “Improper Initialization” caused by local access, potentially affecting confidentiality, integrity, and availability. Affected component is BIOS firmware (AMI AptioV); root cause is improper initialization. Exploitation details are not prov...

CVE-2025-22834 ThirdPartyVideo SetVariable Vulnerability

AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by local accessing. Successful exploitation of this vulnerability may leave the resource in an unexpected state and potentially impact confidentiality, integrity, and availability...

DoS (Denial of Service) Third-Party Dependency in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 5.12.0, 10.3.0, 10.7.1, and 11.0.0 of Jira Service Management Data Center and Server This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

CVE-2025-40743

A vulnerability has been identified in SINUMERIK 828D PPU.4 All versions V4.95 SP5, SINUMERIK 828D PPU.5 All versions V5.25 SP1, SINUMERIK 840D sl All versions V4.95 SP5, SINUMERIK MC All versions V1.25 SP1, SINUMERIK MC V1.15 All versions V1.15 SP5, SINUMERIK ONE All versions V6.25 SP1, SINUMERI...

CVE-2025-40743

CVE-2025-40743 affects multiple Siemens SINUMERIK controllers (828D PPU.4, 828D PPU.5, 840D sl, MC, MC V1.15, ONE, ONE V6.15) with VNC access authentication that does not validate passwords sufficiently. This could enable unauthorized remote access to affected systems and potentially impact confi...

CVE-2025-40743

A vulnerability has been identified in SINUMERIK 828D PPU.4 All versions V4.95 SP5, SINUMERIK 828D PPU.5 All versions V5.25 SP1, SINUMERIK 840D sl All versions V4.95 SP5, SINUMERIK MC All versions V1.25 SP1, SINUMERIK MC V1.15 All versions V1.15 SP5, SINUMERIK ONE All versions V6.25 SP1, SINUMERI...

Announcing General Availability (GA) of Exchange Subscription Edition (SE) Release to Manufacturing (RTM)

Announcing General Availability GA of Exchange Subscription Edition SE Release to Manufacturing RTM Exchange Server Subscription Edition SE was released for general availability on July 1, 2025. This release continues Microsoft’s commitment to supporting enterprise email services across cloud,...

CVE-2025-42955

Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance, hence a low-impact on availability of...

CVE-2025-42945

SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or it...

CVE-2025-42946

Due to directory traversal vulnerability in SAP S/4HANA Bank Communication Management, an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to sensitive operating system files. This could allow the attacke...

CVE-2025-42951

Due to broken authorization, SAP Business One SLD allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a result , it has a high impact on the confidentiality, integrity, and availability of the application...

CVE-2025-42936

The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impac...

CVE-2025-42942

SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon successful exploitation, the attacker could...