EUVD-2024-39315

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-21894

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: enetc: VFs do not support HWTSTAMPTXONESTEPSYNC Actually ENETC VFs do not support HWTSTAMPTXONESTEPSYNC because only ENETC PF can access PMaSINGLESTEP...

CVE-2025-8197

...

CVE-2025-42974

CVE-2025-42974 involves SAP NetWeaver/ABAP Platform (SDCCN) with a missing authorization check that allows an authenticated non-administrative user to call a remote-enabled function module. The resulting exposure is limited to confidentiality (low impact); there is no reported impact on integrity...

CVE-2025-42968

CVE-2025-42968 affects SAP NetWeaver. An authenticated non-administrative user can invoke a remote-enabled function module (RFC) and access information about the SAP system and OS that is not sensitive, with low impact on confidentiality and no impact on integrity or availability. The root cause ...

PT-2025-28292 · Sap Se · Sap Netweaver/Abap Platform

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is due to a missing authorization check, allowing an attacker authenticated as a non-administrative user to call a remote-enabled function module. This could enable access to...

PT-2025-27360

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.14.6 Description: A null pointer dereference issue was found in the function H5C flush single entry of the file src/H5Centry.c. The manipulation leads to this issue, and the attack needs to be approached locally. Recommendation...

CVE-2025-5192

Affected software: Soar Cloud HRD Human Resource Management System (client application) up to version 7.3.2025.0408. Vulnerability: Missing authentication for a critical function, allowing remote attackers to bypass authentication and access application functions. Root cause / details: Described ...

CVE-2024-43272

Missing Authentication for Critical Function vulnerability in icegram Icegram allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Icegram: from n/a through 3.1.24...

PT-2025-18356 · NetGear · Netgear Ex6200

Name of the Vulnerable Software and Affected Versions: Netgear EX6200 version 1.0.3.94 Description: A critical issue has been discovered, affecting the function sub 54014. The manipulation of the argument host leads to a buffer overflow. This issue can be exploited remotely. The vendor was...

PT-2025-18676 · Tenda · Tenda W20E

Name of the Vulnerable Software and Affected Versions: Tenda W20E version 15.11.0.6 Description: A command injection issue was discovered in the formSetDebugCfg function via the module parameter. This issue allows attackers to execute arbitrary commands through a manipulated request...

PT-2025-18150 · Code Projects · Code-Projects Clothing Store Management System

Name of the Vulnerable Software and Affected Versions: code-projects Clothing Store Management System version 1.0 Description: A critical vulnerability was found in the code-projects Clothing Store Management System. The issue affects the add item function, where manipulation of the st.productnam...

PT-2025-22292 · Unknown · Fw-Wgs-804Hpt

Name of the Vulnerable Software and Affected Versions: FW-WGS-804HPT version 1.305b241111 Description: A stack overflow issue was discovered via the stp conf name parameter in the web stp globalSetting post function. Recommendations: For FW-WGS-804HPT version 1.305b241111, as a temporary...

SUSE CVE-2025-38104

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB...

PT-2025-16271 · Unknown · Jsonschema2Pojo

Name of the Vulnerable Software and Affected Versions: joelittlejohn jsonschema2pojo version 1.2.2 Description: A vulnerability has been found in the JSON File Handler component, affecting the apply function of the org/jsonschema2pojo/rules/SchemaRule.java file. This issue leads to a stack-based...

PT-2025-13784

Name of the Vulnerable Software and Affected Versions PyTorch version 2.6.0 Description An issue exists in the torch.jit.script function that can lead to memory corruption. This flaw allows an attack to be launched on the local host. Recommendations At the moment, there is no information about a...

CVE-2024-35277

A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending...

Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os

For more PoC details, see: https://pc.fenchuan8.com//index?fo...

PT-2024-32519

Name of the Vulnerable Software and Affected Versions Templately versions prior to 3.1.3 Description The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations For versions prior to 3.1.3, update to version...

QNAP Systems QTS和QNAP Systems QuTS hero 安全漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are both products of China's Weilian Technology QNAP Systems.QNAP Systems QTS is an operating system used by entry to mid-level QNAP NAS.QNAP Systems QuTS hero is an operating system. A security vulnerability exists in QNAP Systems QTS version 5.1.8.282...