SAP Fiori App Manage Work Center Groups 跨站请求伪造漏洞

SAP Fiori App Manage Work Center Groups is an enterprise application from SAP with the ability to manage and maintain work center groups. A cross-site request forgery vulnerability exists in SAP Fiori App Manage Work Center Groups, which stems from insufficient CSRF protection and can be exploite...

PT-2025-36549

Name of the Vulnerable Software and Affected Versions: SAP ABAP Reports affected versions not specified Description: Due to missing input validation in ABAP reports, an attacker with high privilege access could delete the content of arbitrary database tables if the tables are not protected by an...

PT-2025-36998

Name of the Vulnerable Software and Affected Versions: Himmelblau versions 0.9.0 through 0.9.22 Description: Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. The software derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf id...

A Decade-Long Landscape of Advanced Persistent Threats: Longitudinal Analysis and Global Trends

An advanced persistent threat APT refers to a covert, long-term cyberattack, typically conducted by state-sponsored actors, targeting critical sectors and often remaining undetected for long periods. In response, collective intelligence from around the globe collaborates to identify and trace...

Linux Distros Unpatched Vulnerability : CVE-2024-25980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided...

Linux Distros Unpatched Vulnerability : CVE-2024-25981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided...

Improper Access Control

github.com/aws/amazon-ecs-agent is vulnerable to improper access control. The vulnerability is due to the introspection server being accessible off-host under certain security group configurations, which allows an attacker from another instance to gain unauthorized access to the server...

btrfs: fix block group refcount race in btrfs_create_pending_block_groups()

...

Linux Distros Unpatched Vulnerability : CVE-2019-3808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did...

Linux Distros Unpatched Vulnerability : CVE-2025-2498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain...

PT-2025-38557

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.17.0-rc2-virtme-g2a89cb21162c through 6.17.0-rc2-virtmne-g6ee90cb26014 Description A null pointer dereference NPD issue was identified in the vxlan module when using nexthop objects with the "proxy" option enabled. This...

CVE-2025-49035

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in chaimchaikin Admin Menu Groups admin-menu-groups allows Stored XSS.This issue affects Admin Menu Groups: from n/a through = 0.1.2...

CVE-2024-39335

Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the 'Current submissions' page: Administration - Groups - Submissions...

Linux Distros Unpatched Vulnerability : CVE-2021-39876

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups. CVE-2021-39876 Note that...

Linux Distros Unpatched Vulnerability : CVE-2021-3738

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handle...

CVE-2025-49035

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in chaimchaikin Admin Menu Groups admin-menu-groups allows Stored XSS.This issue affects Admin Menu Groups: from n/a through = 0.1.2...

CVE-2025-49035

CVE-2025-49035 corresponds to a Stored XSS weakness in the WordPress plugin Admin Menu Groups. Affected: Admin Menu Groups versions up to 0.1.2. Root cause: improper neutralization of user input during web page generation. Impact per the sources is stored XSS that could affect authenticated users...

CVE-2025-49035 WordPress Admin Menu Groups plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in chaimchaikin Admin Menu Groups admin-menu-groups allows Stored XSS.This issue affects Admin Menu Groups: from n/a through = 0.1.2...

CVE-2025-49035 WordPress Admin Menu Groups plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in chaimchaikin Admin Menu Groups allows Stored XSS.This issue affects Admin Menu Groups: from n/a through 0.1.2...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in helpers-7.24.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of helpers-7.24.0.tgz Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular...