PT-2025-17978 · Goldendb · Goldendb

Name of the Vulnerable Software and Affected Versions: GoldenDB affected versions not specified Description: There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the...

CVE-2025-20178

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system. This vulnerability is due to insufficient integrity...

CVE-2025-28076

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.4 and CO2Scope = 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the 1 timeago, 2 user, 3 filter, 4 target, 5 p1, 6 p2, 7 p3, 8 p4, 9 p5, 10 p6, 11 p7, 12 p8, 13 p9, 14 p10, 15 p11, 16 p12, 17 p13, ...

PT-2025-17546 · Ibm · Ibm Hardware Management Console

Name of the Vulnerable Software and Affected Versions: IBM Hardware Management Console - Power Systems versions 10.2.1030.0 through 10.3.1050.0 Description: The issue allows a local user to execute commands as a privileged user due to the execution of commands with unnecessary privileges...

Siemens TeleControl Server Basic SQL Injection Vulnerability (CNVD-2025-09144)

Siemens TeleControl Server Basic is an industrial remote controller from Siemens, Germany. Siemens TeleControl Server Basic suffers from a SQL injection vulnerability that originates from the internally used 'UpdateProject' method. An attacker could use this vulnerability to bypass authorization...

Google Chrome heap buffer overflow vulnerability (CNVD-2025-09156)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to submit a special Web request that can be tricked into being parsed by the user, crashing the application or executing arbitrary...

CVE-2025-32844

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockUser' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and writ...

CVE-2025-32869

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

CVE-2025-30003

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateProjectConnections' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

CVE-2025-20178

CVE-2025-20178 affects Cisco Secure Network Analytics (web-based management interface). An authenticated attacker with valid administrative credentials can restore a malicious backup file to the device, exploiting insufficient integrity checks in device backups to obtain shell access as root on t...

CVE-2025-22371

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SicommNet BASEC SaaS Service login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 De...

CVE-2024-55372

Wallos =2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unauthenticated attacker to upload malicious fil...

Adobe Framemaker Buffer Overflow Vulnerability (CNVD-2025-09269)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. Adobe Framemaker suffers from a buffer overflow vulnerability that originates from a stack buffer overflow that ca...

Security Bulletin: IBM Security QRadar EDR Software has multiple vulnerabilities

Summary IBM Security QRadar EDR Software is affected by multiple vulnerabilities which could allow a remote attacker to bypass security restrictions or execute arbitrary code on the system. These vulnerabilities have been addressed in the latest update. Vulnerability Details CVEID:CVE-2023-28154...

CVE-2025-29213

A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file...

PT-2025-16479 · Autodesk · Autodesk

Name of the Vulnerable Software and Affected Versions: Autodesk applications affected versions not specified Description: A maliciously crafted DWG file can cause an Out-of-Bounds Write issue when parsed through certain Autodesk applications. This can be leveraged by a malicious actor to cause a...

USN-7434-1 perl vulnerability

It was discovered that Perl incorrectly handled transliterating non-ASCII bytes. A remote attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code...

SAP ERP BW Business Content Code Injection Vulnerability

SAP ERP BW Business Content is a cloud-based e-commerce platform that helps companies create a personalized and seamless buying experience for their customers. SAP ERP BW Business Content suffers from a code injection vulnerability that can be exploited by an attacker to execute arbitrary code...

CVE-2025-29834

Out-of-bounds read in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

Advisory ROSA-SA-2025-2804

Software: httpd 2.4.37 OS: ROSA Virtualization 3.0 packageevrstring: httpd-2.4.37-65.rv30.3 CVE-ID: CVE-2023-31122 BDU-ID: 2023-07124 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the modmacro module of the Apache HTTP Server web server involves reading beyond memory boundaries. Exploitation of th...