7491 matches found
USN-7567-1: ModSecurity vulnerabilities
Simon Studer discovered that ModSecurity incorrectly handled certain JSON objects. An attacker could possibly use this issue to cause a denial of service. CVE-2025-47947 It was discovered that ModSecurity incorrectly handled requests when parsing certain form data. An attacker could possibly use...
CVE-2025-42988
Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable the researcher to cause SSRF. It has no...
Security update for transfig
This update for transfig fixes the following issues: Update to fig2dev version 3.2.9a CVE-2025-46397: Fixed a stack buffer overflow in fig2dev in bezierspline function bsc1243260. CVE-2025-46398: Fixed a stack buffer overflow in fig2dev in readobjects function bsc1243262. CVE-2025-46399: Fixed a...
firefox: thunderbird: Out-of-bounds access when resolving Promise objects
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object...
CVE-2025-43699
Client-Side Enforcement of Server-Side Security vulnerability in Salesforce OmniStudio FlexCards allows bypass of required permission check. This impacts OmniStudio: before Spring 2025...
CVE-2025-43699
Client-Side Enforcement of Server-Side Security vulnerability in Salesforce OmniStudio FlexCards allows bypass of required permission check. This impacts OmniStudio: before Spring 2025...
Vulnerabilities fixed in SAP Products
SAP has fixed vulnerabilities in various SAP products such as HANA, Business Objects and Netweaver. The vulnerabilities include a lack of authorization controls, allowing attackers to execute functions without restrictions. This can lead to unauthorized actions within the application, which can...
CVE-2025-42988
Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable the researcher to cause SSRF. It has no...
CVE-2025-42988
Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable the researcher to cause SSRF. It has no...
CVE-2025-42988
CVE-2025-42988 affects SAP Business Objects Business Intelligence Platform. The issue allows an unauthenticated attacker to enumerate HTTP endpoints on the internal network by crafting specific HTTP requests, enabling information disclosure that could facilitate SSRF. The provided documents descr...
CVE-2025-42988 Server-Side Request Forgery in SAP Business Objects Business Intelligence Platform
Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable the researcher to cause SSRF. It has no...
CVE-2025-42988 Server-Side Request Forgery in SAP Business Objects Business Intelligence Platform
Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable the researcher to cause SSRF. It has no...
PT-2025-24590 · Sap · Sap Businessobjects Business Intelligence Platform
Name of the Vulnerable Software and Affected Versions: SAP Business Objects Business Intelligence Platform affected versions not specified Description: The issue allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by manipulating specific HTTP requests. This...
SAP Business Objects Business Intelligence Platform 代码问题漏洞
SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. A code issue vulnerability exists in SAP Business Objects Business...
Adobe Acrobat Reader DC Collab Object Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...
Security update for transfig
This update for transfig fixes the following issues: Update to fig2dev version 3.2.9a CVE-2025-31162: Fixed a floating point exception in fig2dev in getslope function bsc1240380. CVE-2025-31163: Fixed a segmentation fault in fig2dev in putpatternarc function bsc1240381. CVE-2025-31164: Fixed a he...
firefox: thunderbird: Out-of-bounds access when resolving Promise objects
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object...
firefox: thunderbird: Out-of-bounds access when resolving Promise objects
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object...
firefox: thunderbird: Out-of-bounds access when resolving Promise objects
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object...
firefox: thunderbird: Out-of-bounds access when resolving Promise objects
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object...