Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper access control in the getValue for objects. An attacker can gain unauthorized access to, create, edit, or relate data and object entries or definitions across different virtu...

cups: Authentication Bypass in CUPS Authorization Handling

A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize...

jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin

Vulnerability in jsondiffpatch Versions of jsondiffpatch prior to 0.7.2 are vulnerable to Cross-site Scripting XSS in the HtmlFormatter HtmlFormatter::nodeBegin. When diffs are rendered to HTML using the built-in formatter, untrusted payloads can inject scripts and execute in the context of a...

CVE-2025-42944

Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high...

[SECURITY] Fedora 41 Update: bustle-0.12.0-3.fc41

Bustle draws sequence diagrams of D-Bus activity, showing signal emissions, method calls and their corresponding returns, with timestamps for each individual event and the duration of each method call. This can help you check for unwanted D-Bus traffic, and pinpoint why your D-Bus-based applicati...

[SECURITY] Fedora 42 Update: bustle-0.12.0-3.fc42

Bustle draws sequence diagrams of D-Bus activity, showing signal emissions, method calls and their corresponding returns, with timestamps for each individual event and the duration of each method call. This can help you check for unwanted D-Bus traffic, and pinpoint why your D-Bus-based applicati...

PT-2025-37182

Name of the Vulnerable Software and Affected Versions: SEAT Queue Ticket Kiosk versions up to 20250827 Description: A flaw exists in the Java RMI Registry Handler component of SEAT Queue Ticket Kiosk. This issue allows for deserialization, and can only be exploited within a local network. The...

CVE-2025-10232 299ko FileManagerAPIController.php delete path traversal

A weakness has been identified in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has...

Linux Distros Unpatched Vulnerability : CVE-2025-27789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named...

Linux Distros Unpatched Vulnerability : CVE-2021-22095

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the...

Linux Distros Unpatched Vulnerability : CVE-2021-39575

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function dumpmethod located in abc.c. It allows an attacker to...

CVE-2025-42944

Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high...

CVE-2025-42944 Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4)

Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high...

CVE-2025-42944

The CVE-2025-42944 vulnerability affects SAP NetWeaver (notably the NetWeaver Application Server Java) via insecure deserialization in the RMI-P4 module. An unauthenticated, remote attacker can send a malicious payload to an open port, leading to arbitrary OS command execution with the attacker g...

CVE-2025-42944 Insecure Deserialization vulnerability in SAP Netweaver (RMI-P4)

Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to an open port. The deserialization of such untrusted Java objects could lead to arbitrary OS command execution, posing a high...

PT-2025-36562

SAP NetWeaver and Affected Versions SAP NetWeaver versions 5.3 through 10.0 SAP NetWeaver AS Java affected versions not specified Description SAP NetWeaver contains a critical deserialization flaw in the RMI-P4 module. This allows an unauthenticated attacker to execute arbitrary operating system...

CVE-2025-58438

internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal path traversal vulnerability in the File.download method of the internetarchive library. The file.download method does not properly sanitize user-supplied filenames or...

Authentication Bypass

Liferay Portal is vulnerable to Authentication Bypass. The vulnerability is due to improper request method validation due to MFA-enabled login requests allowing attackers to bypass authentication by changing the POST method to GET...

CVE-2025-32347

In onStart of BiometricEnrollIntroduction.java, there is a possible way to determine the device's location due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2025-48523

In onCreate of SelectAccountActivity.java, there is a possible way to add contacts without permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...