SAP BusinessObjects Business Intelligence Platform Code Injection Vulnerability

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP, combining market-leading SAP data integration products, data management products and business intelligence products to eliminate system integration challenges and quickly and easily deploy...

Liferay Portal and Liferay DXP Reveals Data via Forms

The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 allows an unauthorized user to obtain entry data...

CVE-2024-8510

N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Customer data is not exposed. This vulnerability is present in all deployments of N-central prior to N-central 2024.6...

ZTE GoldenDB Unauthorized Access Vulnerability

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. An unauthorized access vulnerability exists in ZTE GoldenDB, which stems...

CVE-2025-27101

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of t...

PT-2025-9910 · Unknown · Unifiedtransform

Name of the Vulnerable Software and Affected Versions: Unifiedtransform version 2.0 Description: The issue is related to incorrect access control in Unifiedtransform, leading to privilege escalation. This allows teachers to update the personal data of fellow teachers. Recommendations: For...

Linux Distros Unpatched Vulnerability : CVE-2024-42368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry da...

Why Are Airlines a Prime Target for Cyberattacks?

...

CVE-2024-13716

The Forex Calculators plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsettingscallback function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Subscriber-level access and...

PT-2025-9159 · WordPress · Ip2Location Redirection

Name of the Vulnerable Software and Affected Versions: IP2Location Redirection plugin for WordPress versions up to, and including, 1.33.3 Description: The issue allows unauthorized access to data due to a missing capability check on the 'download ip2location redirection backup' AJAX action. This...

CVE-2025-20060 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Exposure of Private Personal Information to an Unauthorized Actor

An attacker could expose cross-user personal identifiable information PII and personal health information transmitted to the Android device via the Dario Health application database...

GHSA-V4Q9-437P-MHPG Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi)

Summary A cross-site scripting XSS vulnerability has been identified in Leantime. The vulnerability allows an attacker to inject malicious scripts into certain fields, potentially leading to the execution of arbitrary code or unauthorized access to user-sensitive information. The code does not...

Leantime has Insufficiently Protected Credentials

Due to improper cache control an attacker can view sensitive information even if they are not logged into the account anymore. Additional Information: 1.The issue was identified during routine security testing. 2.This vulnerability poses a significant risk to user privacy and data security...

CVE-2025-1222 An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data

An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac...

ROS-20250212-15

A vulnerability in the diagnosticschannel utility of the Node.js software platform is related to incorrectly set security restrictions on diagnostic data processing. incorrectly set security restrictions when processing diagnostic data. Exploitation of the vulnerability could allow an attacker to...

CVE-2023-20508

Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability...

CVE-2025-21386 Microsoft Excel Remote Code Execution Vulnerability

...

CVE-2025-21383

CVE-2025-21383 is an Microsoft Excel information-disclosure vulnerability affecting Office/Excel. The available sources (MSRC MS-Office security guidance, NC SC advisories, and related update notes) confirm Excel-specific information disclosure with potential access to sensitive data. Exploitatio...

Azure Linux 3.0 Security Update: php (CVE-2024-8925)

The version of php installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-8925 advisory. - In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form...

CVE-2025-0543

Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in...