CVE-2025-42882 Missing Authorization check in SAP NetWeaver Application Server for ABAP

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system...

CVE-2025-42882

SAP NetWeaver Application Server for ABAP is affected by a missing authorization check that allows an authenticated, low-privilege attacker to run a specific ABAP function module and exfiltrate restricted environment details. Impact is described as low confidentiality with no impact to integrity ...

CVE-2025-62232

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit:...

PT-2025-46179

Name of the Vulnerable Software and Affected Versions Tenda AX-3 version 16.03.12.10 CN Description The Tenda AX-3 device contains a stack overflow issue through the shareSpeed parameter within the fromSetWifiGusetBasic function. A crafted request can lead to a Denial of Service DoS...

CVE-2025-48090

Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through 1.5...

CLSA-2025-1762437868 cups: Fix of CVE-2025-58060

CVE-2025-58060: fix authentication bypass by checking password when AuthType is set to anything but Basic...

BIT-APISIX-2025-62232 Apache APISIX: basic-auth logs plaintext credentials at info level

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989771)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989771 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix resource leak in lpfcsli4sendseqtoulp If no handler is found in...

ALSA-2025:19447 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: wifi: mac80211: check S1G action frame size CVE-2023-53257 kernel: wifi: mwifiex: Fix OOB and integer underflow when rx packets CVE-2023-53226 kernel: wifi: cfg80211: fix use-after-free i...

Astra Linux – Vulnerability in edk2

EDK2 contains a vulnerability in the BIOS, where an attacker can cause a “Protection Mechanism Failure” through local access. Successful exploitation of this vulnerability will lead to the execution of arbitrary code, compromising Confidentiality, Integrity, and Availability...

Astra Linux – Vulnerability in Firefox, Thunderbird

The username:password portion was not properly removed from URLs in CSP reports, which could potentially expose HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

EUVD-2025-37317

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...

CVE-2025-62232

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...

CVE-2025-62232

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...

CVE-2025-62232 Apache APISIX: basic-auth logs plaintext credentials at info level

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...

CVE-2025-62232

Apache APISIX is affected by a logging-related data exposure (CVE-2025-62232) where basic-auth credentials are written in plaintext to error logs and forwarded to log sinks when the log level is INFO/DEBUG. The issue is caused by logging sensitive data during normal operation, creating a high ris...

CVE-2025-62232 Apache APISIX: basic-auth logs plaintext credentials at info level

Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access. It has been fixed in the following commit: ...

Apache Apisix 安全漏洞

Apache Apisix is a cloud-native microservices API gateway service from the Apache USA Foundation. The software is implemented based on OpenResty and etcd, with dynamic routing and plugin hot loading, suitable for API management under the microservices system. A security vulnerability exists in...

PT-2025-44457

Name of the Vulnerable Software and Affected Versions Apache APISIX versions prior to 3.14 Description A flaw exists where sensitive data, specifically usernames and passwords used in basic authentication, are exposed through logging. When the log level is set to INFO or DEBUG, these credentials...

SUSE CVE-2025-40071

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Don't block input queue by waiting MSC Currently gsmqueue processes incoming frames and when opening a DLC channel it calls gsmdlciopen which calls gsmmodemupdate. If basic mode is used it calls gsmmodemupdviamsc and i...