CVE-2025-42967

SAP S/4HANA and SAP SCM Characteristic Propagation contains a remote code execution vulnerability. The issue allows an attacker with user-level privileges to create a new report containing code of their own, potentially gaining full control of the affected SAP system and impacting confidentiality...

CVE-2025-42967 Code Injection vulnerability in SAP S/4HANA and SAP SCM (Characteristic Propagation)

SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, an...

CVE-2025-42963 Insecure Deserialization in SAP NetWeaver Application Server for Java (Log Viewer )

A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected...

CVE-2025-42959

CVE-2025-42959 affects SAP NetWeaver ABAP Server and SAP ABAP Platform. An unauthenticated attacker can reuse an HMAC credential extracted from a system missing a patch to perform a replay attack against another system, potentially leading to complete system compromise impacting confidentiality, ...

CVE-2025-42954

CVE-2025-42954 affects SAP NetWeaver Business Warehouse CCAW. A privileged attacker can cause high CPU load by calling RFC-enabled function modules without input parameters, leading to reduced availability (low impact) with no confidentiality or integrity impact. Public details across sources con...

CVE-2025-42953

SAP NetWeaver AS ABAP System Configuration is affected by CVE-2025-42953 due to missing authorization checks for authenticated users, enabling privilege escalation and potential full integrity/availability compromise (confidentiality not impacted). Root cause: inadequate access control in the Sys...

CVE-2025-42952 Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis

SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system unusable. On successful exploitation, an attacker can render the system unusable by triggering short dumps on login. Thi...

CVE-2025-42952 Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis

SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system unusable. On successful exploitation, an attacker can render the system unusable by triggering short dumps on login. Thi...

CVE-2025-42952

CVE-2025-42952 affects SAP Business Warehouse and SAP Plug-In Basis. An authenticated attacker can add fields to arbitrary SAP database tables/structures, potentially rendering the system unusable by triggering short dumps on login. Availability impact is High; no read/change/delete of data is in...

PT-2025-28283 · Sap · Sap Netweaver Enterprise Portal Administration

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Enterprise Portal Administration affected versions not specified Description: The issue arises when a privileged user uploads untrusted or malicious content. Upon deserialization, this content could compromise the confidentialit...

PT-2025-28276 · Sap · Sap Netweaver System Configuration

Name of the Vulnerable Software and Affected Versions: SAP Netweaver System Configuration affected versions not specified Description: The issue results from a lack of necessary authorization checks for an authenticated user, leading to escalation of privileges. This could completely compromise t...

PT-2025-28275 · Sap · Sap Plug-In Basis +1

Name of the Vulnerable Software and Affected Versions: SAP Business Warehouse and SAP Plug-In Basis affected versions not specified Description: The issue allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system unusable. ...

PT-2025-28278 · Sap Se · Sap Netweaver App Server Abap & Abap Platform

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code HMAC credential, extracted from a system missing specific security patches, is reused in a repla...

PT-2025-28282 · Sap · Sap Netweaver Application Server For Java Log Viewer

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application server for Java affected versions not specified Description: A critical issue in the Log Viewer component enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitati...

OPENSUSE-SU-2025:15320-1 avif-tools-1.3.0-2.1 on GA media

These are all security issues fixed in the avif-tools-1.3.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15319-1 djvulibre-3.5.29-1.1 on GA media

These are all security issues fixed in the djvulibre-3.5.29-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15322-1 libPocoActiveRecord112-1.14.2-1.1 on GA media

These are all security issues fixed in the libPocoActiveRecord112-1.14.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15323-1 libpoppler-cpp2-25.06.0-1.1 on GA media

These are all security issues fixed in the libpoppler-cpp2-25.06.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-3044

A hash collision flaw was found in llamaindex. The MD5 function is used in the ArxivReader class, and given the weakness in the MD5 hashing algorithm, an attacker can build colliding inputs. Mitigation Mitigation for this issue is either not available or the currently available options do not mee...

CVE-2025-32023

CVE-2025-32023 affects Redis with a stack/heap out-of-bounds write in hyperloglog operations, potentially enabling remote code execution. Affected versions range from 2.8 up to before 8.0.3, and specific 7.x/6.2 lines (8.0.3, 7.4.5, 7.2.10, 6.2.19) are fixed. The root cause is an out-of-bounds wr...