CVE-2025-42950 Code Injection Vulnerability in SAP Landscape Transformation (Analysis Platform)

SAP Landscape Transformation SLT allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as...

CVE-2025-42950

SAP Landscape Transformation (SLT) is affected by a CVE-2025-42950 vulnerability in which an attacker with user privileges can exploit a flaw in a function module exposed via RFC to inject arbitrary ABAP code, bypassing authorization checks and potentially compromising confidentiality, integrity,...

SAP S/4HANA 代码注入漏洞

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A code injection vulnerability exists in SAP S/4HANA, which can be exploited to inject arbitrary ABAP code via RFC...

PT-2025-32613

Name of the Vulnerable Software and Affected Versions SAP S/4HANA versions prior to August 2025 Description SAP S/4HANA contains a critical vulnerability that allows an attacker with user privileges to exploit a flaw in a function module exposed via RFC. This allows the injection of arbitrary ABA...

PT-2025-32610

Name of the Vulnerable Software and Affected Versions: SAP Landscape Transformation SLT affected versions not specified Description: SAP Landscape Transformation SLT allows an attacker with user privileges to exploit a flaw in a function module exposed via Remote Function Call RFC. This enables t...

CVE-2025-42986

Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...

CVE-2025-42986

Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...

CVE-2025-42986

Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...

CVE-2025-42986

CVE-2025-42986 concerns SAP BASIS with a missing authorization check in an obsolete RFC-enabled function module. The root cause allows an authenticated, low-privilege attacker to invoke a Remote Function Call (RFC) and potentially access restricted system information. The documented impact is lim...

CVE-2025-42986 Missing Authorization check in SAP NetWeaver and ABAP Platform

Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...

CVE-2025-42986 Missing Authorization check in SAP NetWeaver and ABAP Platform

Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call RFC, potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on...

SAP NetWeaver Business Warehouse 安全漏洞

SAP NetWeaver Business Warehouse is a data warehouse solution from SAP, Germany. A security vulnerability exists in SAP NetWeaver Business Warehouse, which originates from a privileged attacker who can execute an RFC function module without input parameters resulting in a high CPU load, which may...

Static Analysis for Detecting Transaction Conflicts in Ethereum Smart Contracts

Ethereum smart contracts operate in a concurrent environment where multiple transactions can be submitted simultaneously. However, the Ethereum Virtual Machine EVM enforces sequential execution of transactions within each block to prevent conflicts arising from concurrent access to the same state...

CVE-2025-28993 WordPress Content No Cache plugin <= 0.1.4 - Arbitrary Function Call vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Jose Mortellaro Content No Cache content-no-cache allows Code Injection.This issue affects Content No Cache: from n/a through = 0.1.4...

CVE-2025-28993

CVE-2025-28993 concerns the WordPress plugin Content No Cache . The vulnerability is an Improper Control of Generation of Code (Code Injection) , allowing an arbitrary function call due to flaws in the plugin’s code generation logic. Affected versions are listed as up to 0.1.3 (n/a through 0.1.3)...

CVE-2022-50017

In the Linux kernel, the following vulnerability has been resolved: mips: cavium-octeon: Fix missing ofnodeput in octeon2usbclocksstart We should call ofnodeput for the reference 'uctlnode' returned by ofgetparent which will increase the refcount. Otherwise, there will be a refcount leak bug...

CVE-2022-49941

...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a missing cleanup helper function call, which could lead to a resource leak...

SAP S/4HANA 安全漏洞

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A security vulnerability exists in SAP S/4HANA that stems from insufficient authorization checking, which could lead to the creation of RFC targets and the assignment of...

CVE-2025-37999 fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio()

In the Linux kernel, the following vulnerability has been resolved: fs/erofs/fileio: call erofsonlinefoliosplit after bioaddfolio If bioaddfolio fails because it is full, erofsfileioscanfolio needs to submit the I/O request via erofsfileiorqsubmit and allocate a new I/O request with an empty stru...