CVE-2025-42943

CVE-2025-42943 affects SAP GUI for Windows. The vulnerability involves leakage of NTLM hashes when UNC paths are used with certain ABAP frontend services, triggered by user-side execution of SAP GUI for Windows. The underlying issue is exposure of credentials during automatic NTLM authentication,...

The vulnerability of the FortiSIEM security management graphical interface lies in the lack of protective measures for the SQL query structure, allowing attackers to disclose protected information.

The vulnerability of the FortiSIEM security management graphical interface is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to disclose the protected information remotely...

The vulnerability in the Git GUI graphical user interface relates to the insertion or modification of arguments, allowing attackers to create or overwrite arbitrary files.

The vulnerability of the Git GUI graphical user interface is related to the implementation or modification of arguments. Exploiting this vulnerability allows an attacker to create or overwrite arbitrary files...

The vulnerability of the graphical interface of the Fortinet FortiSOAR software for coordinating the operation of cybersecurity systems and for managing real-time incident responses allows attackers to gain unauthorized access to protected information.

The vulnerability of the graphical interface of the software platform for coordinating the operation of cybersecurity systems and for managing real-time incident responses in Fortinet FortiSOAR is related to inconsistencies in the responses to incoming requests. Exploiting this vulnerability can...

git: Git GUI can create and overwrite files for which the user has write permission

A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify th...

The vulnerability of the graphical interface of Git, a distributed version control system for software development by Microsoft Visual Studio, allows a hacker to execute arbitrary commands.

The vulnerability of the graphical interface of Git, a distributed version control system for software development by Microsoft Visual Studio, exists due to the failure to address the issues related to special elements used in operating system commands. Exploiting this vulnerability could allow a...

CVE-2025-53840

Icinga DB Web provides a graphical interface for Icinga monitoring. Starting in version 1.2.0 and prior to version 1.2.2, users with access to Icinga Dependency Views, are allowed to see hosts and services that they weren't meant to on the dependency map. However, the name of an object will not b...

LaSM: Layer-Wise Scaling Mechanism for Defending Pop-Up Attack on GUI Agents

Graphical user interface GUI agents built on multimodal large language models MLLMs have recently demonstrated strong decision-making abilities in screen-based interaction tasks. However, they remain highly vulnerable to pop-up-based environmental injection attacks, where malicious visual element...

USN-7626-2 git regression

USN-7626-1 fixed vulnerabilities in Git. The update introduced a regression in gitk and git-gui. This update reverts the corresponding fixes for CVE-2025-27613 and CVE-2025-46835 pending further investigation. We apologize for the inconvenience. Original advisory details: Avi Halachmi discovered...

UBUNTU-CVE-2025-46835

Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permissio...

Hijacking JARVIS: Benchmarking Mobile GUI Agents against Unprivileged Third Parties

Mobile GUI agents are designed to autonomously execute diverse device-control tasks by interpreting and interacting with mobile screens. Despite notable advancements, their resilience in real-world scenarios where screen content may be partially manipulated by untrustworthy third parties remains...

CVE-2025-27026

A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but...

Astra Linux – Vulnerability in Git

Git GUI allows you to use Git source control management tools through a graphical interface. When a user clones an untrusted repository and is tricked into editing a file located in a directory with a malicious name in the repository, Git GUI can create and overwrite files for which the user has...

Vulnerabilities fixed in SAP products

SAP has fixed multiple vulnerabilities in various SAP products, including NetWeaver, NetWeaver Visual Composer, SAP GUI, pcde, Business Objects, HANA and other components. The vulnerabilities include an unlimited file upload error that allows unauthenticated users to upload malicious files, which...

The vulnerability of the graphical interface of the FortiSIEM security management system allows attackers to increase their privileges.

The vulnerability of the FortiSIEM security management graphical interface is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to enhance their privileges by sending specially crafted HTTP requests remotely...

The vulnerability of the graphical interface of the Fortinet FortiDeceptor tool for detecting and responding to external and internal security threats allows a perpetrator to execute arbitrary code.

The vulnerability of the graphical interface of the Fortinet FortiDeceptor tool for detecting and responding to external and internal security threats is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerabilities of the FortiOS graphical interface, the FortiProxy proxy server for protecting against internet attacks, and the scalable cloud-based security system FortiSASE allow attackers to execute arbitrary code.

The vulnerability of the FortiOS graphical interface, the FortiProxy proxy server for protecting against internet attacks, and the scalable cloud-based security system FortiSASE are related to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a remote...

The vulnerability of the graphical interface of the Fortinet FortiPortal security analysis and management tool allows a attacker to execute arbitrary code.

The vulnerability of the Fortinet FortiPortal graphical interface for security analysis and management involves the failure to remove script-related HTML tags from web pages. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

The vulnerability of the authentication system for microprogrammed Ethernet switch FortiSwitch lies in the lack of necessary checks when changing passwords via the graphical user interface. This allows attackers to escalate their privileges.

The vulnerability of the authentication system for Microprogrammed Ethernet switches of FortiSwitch lies in the lack of necessary checks during password changes in the graphical user interface. Exploiting this vulnerability allows a malicious actor to enhance their privileges by altering the...

The vulnerability of the graphical interface of the FortiSIEM security management system allows attackers to increase their privileges.

The vulnerability of the FortiSIEM security management graphical interface is related to errors in processing the relative path to the catalog. Exploiting this vulnerability can allow a malicious actor to enhance their privileges through specially crafted HTTP requests...