CVE-2025-42933

When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs. This leads to exposure of sensitive credentials within http response body. As a result, it has a high impact on the confidentiality, integrity, and availability of t...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a programming error in HCIUTRLNEXUSTYPE, which could lead to undefined behavior...

PT-2025-37091

Name of the Vulnerable Software and Affected Versions: ChanCMS versions up to 3.3.0 Description: A SQL injection weakness exists in the Search function within the app/modules/api/service/Api.js file. Manipulation of the key argument can lead to SQL injection. The exploit has been publicly release...

CVE-2025-42918 Missing Authorization check in SAP NetWeaver Application Server for ABAP (Background Processing)

SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access to profile parameters. This results in a low impact on confidentiality, with no impact on integrity or availability...

CVE-2025-42916 Missing input validation vulnerability in SAP S/4HANA (Private Cloud or On-Premise)

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on...

Aspect-Oriented Programming in Secure Software Development: a Case Study of Security Aspects in Web Applications

Security remains a critical challenge in modern web applications, where threats such as unauthorized access, data breaches, and injection attacks continue to undermine trust and reliability. Traditional Object-Oriented Programming OOP often intertwines security logic with business functionality,...

AZL-67079 CVE-2025-40928 affecting package perl-JSON-XS for versions less than 4.04-1

JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact...

The API Security Dilemma: Why Traditional Approaches Are Failing in the AI Era

Throughout the past few years, APIs have become the backbone of digital infrastructure. They enable software-to-software communication, improve integration and interoperability, support modular architecture, and more. But as API use has exploded, so has API traffic volume and complexity, making...

sslscan

This is a tool for scanning SSL/TLS protocols and ciphers on a target server. The tool is called sslscan and is written in C. It is designed to be a command-line interface for scanning SSL/TLS protocols and ciphers on a target server. The tool can be built on various platforms, including Linux an...

PT-2025-36418

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A vulnerability exists in Portabilis i-Educar that allows for improper access controls. This issue affects unknown code within the /cancelar-enturmacao-em-lote/ API endpoint and can be...

awesome-windows-exploitation

This is a curated list of Windows Exploitation resources and tools. The list is organized by category, including Windows stack overflows, Windows heap overflows, kernel-based Windows overflows, Windows kernel memory corruption, return-oriented programming, Windows memory protections, bypassing...

MAL-2025-45663 Malicious code in python-programming-net-zh (npm)

The package python-programming-net-zh was found to contain malicious code...

Malicious code in python-programming-net-zh (npm)

The package python-programming-net-zh was found to contain malicious code...

Cisco Evolved Programmable Network Manager Information Disclosure (cisco-sa-epnm-info-dis-zhPPMfgz)

The version of Cisco Evolved Programmable Network Manager installed on the remote host is affected by an information disclosure vulnerability. A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to...

Cisco Prime Infrastructure Information Disclosure (cisco-sa-epnm-info-dis-zhPPMfgz)

The version of Cisco Prime Infrastructure installed on the remote host is prior to 3.10.6.2. It is therefore affected by an information disclosure vulnerability. A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to...

The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.

...

Linux Distros Unpatched Vulnerability : CVE-2022-21713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle use...

CVE-2025-58355 Soft Serve is vulnerable to arbitrary file writing through its SSH API

Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0...

CVE-2025-58355 Soft Serve is vulnerable to arbitrary file writing through its SSH API

Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0...

CVE-2025-20270 Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of reques...