CVE-2025-42953

SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with no impact on confidentiality of the system...

CVE-2025-42959

An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code HMAC credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation...

Fedora 41 : chromium (2025-c05ae72339)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c05ae72339 advisory. Update to 138.0.7204.92 High CVE-2025-6554: Type Confusion in V8 Tenable has extracted the preceding description block directly from the Fedora...

CVE-2025-53186

Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability...

The vulnerability of the scomp_acomp_comp_decomp() function in the crypto/scompress.c module of the Linux kernel’s cryptographic subsystem allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the scompacompcompdecomp function in the crypto/scompress.c module of the Linux kernel security subsystem is related to buffer overflow based on a stack. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of t...

OPENSUSE-SU-2025:15329-1 go1.24-1.24.5-1.1 on GA media

These are all security issues fixed in the go1.24-1.24.5-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15327-1 coreutils-9.7-3.1 on GA media

These are all security issues fixed in the coreutils-9.7-3.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15333-1 libmruby3_4_0-3.4.0-1.1 on GA media

These are all security issues fixed in the libmruby340-3.4.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15325-1 MozillaFirefox-140.0.2-1.1 on GA media

These are all security issues fixed in the MozillaFirefox-140.0.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15328-1 go1.23-1.23.11-1.1 on GA media

These are all security issues fixed in the go1.23-1.23.11-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-47978 Windows Kerberos Denial of Service Vulnerability

...

CVE-2025-47978 Windows Kerberos Denial of Service Vulnerability

...

CVE-2025-42956

SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page generation to create...

CVE-2025-42963

A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected...

CVE-2025-42966

SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object. This could lead to high impact on confidentiality, integrity, and availability ...

CVE-2025-42952

SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system unusable. On successful exploitation, an attacker can render the system unusable by triggering short dumps on login. Thi...

CVE-2025-42959

An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code HMAC credential, extracted from a system missing specific security patches, is reused in a replay attack against a different system. Even if the target system is fully patched, successful exploitation...

CVE-2025-42980

CVE-2025-42980 affects SAP NetWeaver Enterprise Portal Federated Portal Network. The initial and linked sources describe an insecure deserialization vulnerability where a privileged user can upload untrusted or malicious content, which, when deserialized, can compromise confidentiality, integrity...

CVE-2025-42970

CVE-2025-42970 affects SAPCAR: vulnerability arises from improper sanitization of file paths during extraction, enabling a malicious archive with directory traversal sequences. When a high-privilege user extracts such an archive, SAPCAR processes it and files can be extracted outside the intended...

CVE-2025-42970 Directory Traversal vulnerability in SAPCAR

SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on their system,...