The vulnerability of the network management system for monitoring industrial networks in Siemens SINEC NMS lies in the lack of measures taken to protect the SQL query structure. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Siemens SINEC NMS network management system for monitoring industrial networks is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibili...

PT-2025-30703 · Atlassian · Sourcetree For Mac

Name of the Vulnerable Software and Affected Versions: Sourcetree for Mac versions 4.2.8 and later Description: This is an arbitrary code execution issue that allows a locally authenticated attacker to execute arbitrary code. The issue has a high impact on confidentiality, integrity, and...

CVE-2025-7382

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to adjacent attackers achieving pre-auth code execution on High Availability HA auxiliary devices, if OTP authentication for the admin user is enabled...

CVE-2025-6704

An arbitrary file writing vulnerability in the Secure PDF eXchange SPX feature of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability HA mode...

CVE-2025-42947 Code Injection vulnerability in SAP FICA ODN framework

SAP FICA ODN framework allows a high privileged user to inject value inside the local variable which can then be executed by the application. An attacker could thereby control the behaviour of the application causing high impact on integrity, low impact on availability and no impact on...

The vulnerability of the libsavsvc.so library in Android operating systems allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the libsavsvc.so library in Android operating systems is related to writing beyond the buffer boundaries when processing MPEG4 files. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information...

OPENSUSE-SU-2025:15374-1 viewvc-1.3.0~dev20250722-1.1 on GA media

These are all security issues fixed in the viewvc-1.3.0dev20250722-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15371-1 firefox-esr-140.1.0-1.1 on GA media

These are all security issues fixed in the firefox-esr-140.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

Building a Robust OAuth Token Based API Security: a High Level Overview

APIs Application Programming Interfaces or Web Services are the foundational building blocks that enable interconnected systems. However this proliferation of APIs has also introduced security challenges that require systematic and scalable solutions for secure authentication and authorization...

CVE-2025-6704

An arbitrary file writing vulnerability in the Secure PDF eXchange SPX feature of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability HA mode...

CVE-2025-7382

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to adjacent attackers achieving pre-auth code execution on High Availability HA auxiliary devices, if OTP authentication for the admin user is enabled...

CVE-2025-7382

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to adjacent attackers achieving pre-auth code execution on High Availability HA auxiliary devices, if OTP authentication for the admin user is enabled...

CVE-2025-7382

Summary (CVE-2025-7382) : A command-injection vulnerability exists in the WebAdmin component of Sophos Firewall versions older than 21.0 MR2 (21.0.2). If OTP authentication for the admin user is enabled, adjacent attackers can achieve pre-auth code execution on High Availability (HA) auxiliary de...

CVE-2025-7382

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to adjacent attackers achieving pre-auth code execution on High Availability HA auxiliary devices, if OTP authentication for the admin user is enabled...

CVE-2025-7382

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to adjacent attackers achieving pre-auth code execution on High Availability HA auxiliary devices, if OTP authentication for the admin user is enabled...

CVE-2025-6704

An arbitrary file writing vulnerability in the Secure PDF eXchange SPX feature of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability HA mode...

CVE-2025-6704

An arbitrary file writing vulnerability in the Secure PDF eXchange SPX feature of Sophos Firewall versions older than 21.0 MR2 21.0.2 can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability HA mode...

CVE-2025-6704

CVE-2025-6704 is an arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall . The pre-auth remote code execution condition requires a specific SPX configuration enabled in combination with the firewall running in High Availability (HA) mode. Multiple sourc...

The vulnerability of the Demon Routing Protocol Daemon (RPD) in Juniper Networks’ Junos OS and Junos OS Evolved operating systems allows a attacker to compromise the availability of the device.

The vulnerability of the Demon Routing Protocol Daemon RPD in Juniper Networks’ Junos OS and Junos OS Evolved operating systems is related to the lack of memory release after the effective lifespan of the protocol. Exploiting this vulnerability can allow an attacker to compromise the availability...

The vulnerability of the Demon Routing Protocol Daemon (RPD) in Juniper Networks’ Junos OS and Junos OS Evolved operating systems allows a attacker to compromise the availability of the device.

The vulnerability of the Demon Routing Protocol Daemon RPD in Juniper Networks’ Junos OS and Junos OS Evolved operating systems is related to the assignment of the zero pointer. Exploiting this vulnerability can allow a malicious actor to compromise the availability of the device...