CVE-2025-49080

Absolute Secure Access server versions 9.0–13.54 contain a memory management vulnerability that can be exploited remotely to cause a Denial of Service. The issue allows a low-complexity, network-based attack requiring no privileges or user interaction, with high availability impact (no confidenti...

CVE-2025-49080 Memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54

There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the server can cause a Denial of Service by sending a specially crafted sequence of packets to the server. The attack complexity is low, there are no attack...

Multiple vulnerabilities in SICK Field Analytics and SICK Media Server

SICK has found multiple vulnerabilities in the products SICK Field Analytics and SICK Media Server. The vulnerabilities could potentially affect the confidentiality, integrity an availability of the products. Therefore it is strongly recommended to apply general security practices when operating...

CVE-2025-42998

The security settings in the SAP Business One Integration Framework are not adequately checked, allowing attackers to bypass the 403 Forbidden error and access restricted pages. This leads to low impact on confidentiality of the application, there is no impact on integrity and availability...

CVE-2025-42994

SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the...

CVE-2025-42989

RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application...

CVE-2025-42995

SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the...

PT-2025-25342 · Unknown · Absolute Secure Access

Name of the Vulnerable Software and Affected Versions: Absolute Secure Access versions prior to 13.55 Description: The issue is related to insufficient input validation in the warehouse component. Attackers with system administrator permissions can impair the availability of the Secure Access...

CVE-2025-48053

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance...

kernel: powerpc/lib: Validate size for vector operations

A potential stack corruption flaw was found in arch/powerpc/lib/sstep.c in the Linux kernel. This may lead to compromised Confidentiality, Integrity, or Availability...

NETGEAR WNR614 Improper Authentication Vulnerability

The NETGEAR WNR614 is a wireless router for home and small office environments with basic network management features and 150Mbps wireless transmission performance. The NETGEAR WNR614 suffers from an improper authentication vulnerability that originates from an input to currentsetting.htm, which...

CVE-2025-27818

A flaw was found in apache-kafka. This issue occurs due to improper handling of configuration data when using a Kafka client SASL JAAS, allowing an attacker with access to alterConfig for a cluster resource or Kafka Connect worker to inject arbitrary configuration. This injection can lead to the...

BIT-MARIADB-MIN-2023-22084

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serve...

BIT-MARIADB-MIN-2022-21595

Vulnerability in the MySQL Server product of Oracle MySQL component: C API. Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

BIT-MARIADB-MIN-2020-2814

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

BIT-MARIADB-MIN-2020-2780

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

BIT-MARIADB-MIN-2020-15180

A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in wsrepsstmethod allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and...

BIT-MARIADB-MIN-2020-14765

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

CVE-2024-13089

An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these...

CVE-2024-13089

CVE-2024-13089 describes an OS command injection vulnerability in the update functionality of Nozomi Networks Guardian and CMC. The issue allows an authenticated administrator (high-privilege user) to upload update packages, and despite signatures being validated, an improper signature validation...