Threat landscape for industrial automation systems in Q4 2024

Statistics across all threats In Q4 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.1 pp from the previous quarter to 21.9%. Percentage of ICS computers on which malicious objects were blocked, by quarter, 2022–2024 Compared to Q4 2023, the percentage...

CVE-2025-30347

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects...

CVE-2025-30347

CVE-2025-30347 affects Varnish Enterprise prior to 6.0.13r13. The issue is an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects, enabling remote attackers to obtain sensitive information. The provided sources confirm the affected product/version and the basic impact (infor...

Excessive Data Query Operations in a Large Data Table

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Excessive Data Query Operations in a Large Data Table through the tracking and simultaneous querying of a large number of Text objects via the web API. An attacker ca...

CVE-2024-10096

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-7804

This CVE entry is rejected/not used and does not represent an active vulnerability entry.

CVE-2024-7804

...

Aim 安全漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. A security vulnerability exists in Aim version 3.25.0 that originates when tracking a large number of Text objects and querying them simultaneously via the Web API, which can lead to server...

PT-2025-18445

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak issue has been resolved in the Linux kernel, specifically in the drm/imagination module. The issue occurred when the module was unloaded, causing memory used to hold firmwa...

Insecure Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information where vCenter credentials are stored in plaintext within the ClusterProvision object after provisioning a vSphere cluster. Users with read access to ClusterProvision objects can extract these...

SUSE CVE-2025-25196

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.4 Helm chart openfga-0.2.22, docker v.1.8.4 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users on OpenFGA...

Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

GHSA-GFH6-3PQW-X2J4 SmallRye Fault Tolerance out-of-memory (OOM) issue

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory OOM issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service DoS issue...

CVE-2025-23185

Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access to this disclosed information, and they...

CVE-2025-23185

Vulnerability summary: SAP Business Objects Business Intelligence Platform exposes internal technical details due to improper error handling. What is affected: SAP Business Objects BI Platform (information disclosure vulnerability). Root cause: Exceptions and stack traces reveal application inter...

CVE-2025-23185 Information Disclosure in SAP Business Objects Business Intelligence Platform

Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access to this disclosed information, and they...

CVE-2025-23185 Information Disclosure in SAP Business Objects Business Intelligence Platform

Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access to this disclosed information, and they...

SAP Business Objects Business Intelligence Platform 跨站脚本漏洞

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. SAP Business Objects Business Intelligence Platform suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...