Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: sr9800: Added a check for usbnetgetendpoints. Added a check for usbnetgetendpoints and returned an error if it fails, in order to transfer the error...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the GET /api/extclients/network or GET /api/nodes/network endpoints. An attacker can obtain sensitive WireGuard private keys belonging to other users by sending requests to these API endpoints, as the respons...

PT-2025-52686

Name of the Vulnerable Software and Affected Versions Xiongmai XM530 IP cameras version V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 Description An authentication bypass issue exists in Xiongmai XM530 IP cameras. This allows unauthenticated remote attackers to access sensitive device information...

EUVD-2025-203310

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

EUVD-2025-20344

Malicious code in bioql PyPI...

EUVD-2025-4007

Malicious code in bioql PyPI...

CVE-2025-25065

SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints...

SAP CRM 代码问题漏洞

SAP CRM is a customer relationship management system from SAP, a German company. A code issue vulnerability exists in SAP CRM. An authenticated attacker could exploit this vulnerability to enumerate HTTP endpoints in the internal network via specially crafted HTTP requests...

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices

Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerability "exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious...

SAP Financial Consolidation Cross-Site Scripting Vulnerability

SAP Financial Consolidation is a financial statement solution from SAP. The product is designed to automate intercompany reconciliations and offsets, currency conversions, and provide financial statement generation. A cross-site scripting vulnerability exists in SAP Financial Consolidation FINANC...

10 Critical Endpoint Security Tips You Should Know

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets. According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide...

CVE-2022-22534

Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the...

CVE-2022-22534

Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the...

PT-2022-15504 · Sap · Sap Netweaver

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver affected versions not specified Description: The issue is caused by insufficient encoding of user input, allowing an unauthenticated attacker to inject code. This can expose sensitive data, such as user id and password. The...

PYSEC-2019-184

Ladon since 0.6.1 since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059 is affected by: XML External Entity XXE. The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers. For instance:...

Trend Micro OfficeScan Client ActiveX Control Buffer Overflow (CVE-2007-0325)

A vulnerability has been reported in the Trend Micro OfficeScan Client ActiveX control.OfficeScan Client is an integrated client which provides security protection for the network endpoints.A remote attacker could cause the browser to crash allowing execution of arbitrary commands.The vulnerabili...