SAP NetWeaver AS ABAP Authorization Bypass Vulnerability

The remote SAP NetWeaver ABAP server may be affected by an authorization bypass vulnerability. SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the...

CVE-2025-31331

SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper...

CVE-2024-47166

Gradio CVE-2024-47166 is a one-level read path traversal in the /custom_component endpoint. An attacker can leak source code from custom Gradio components by manipulating the file path, potentially exposing proprietary or private code on publicly accessible servers. Affected: Gradio (Python packa...

CVE-2024-47166 One-level read path traversal in `/custom_component` in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...

CVE-2024-47166 One-level read path traversal in `/custom_component` in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...

NPM IP package incorrectly identifies some private IP addresses as public

The isPublic function in the NPM package ip doesn't correctly identify certain private IP addresses in uncommon formats such as 0x7F.1 as private. Instead, it reports them as public by returning true. This can lead to security issues such as Server-Side Request Forgery SSRF if isPublic is used to...

sudo: Memory Manipulation

Background sudo allows a system administrator to give users the ability to run commands as other users. Description Multiple vulnerabilities have been discovered in sudo. Please review the CVE identifiers referenced below for details. Impact Stack/register variables can be flipped via fault...

CVE-2023-4911: Looney Tunables – Local Privilege Escalation in the glibc’s ld.so

The Qualys Threat Research Unit TRU has discovered a buffer overflow vulnerability in GNU C Librarys dynamic loaders processing of the GLIBCTUNABLES environment variable. We have successfully identified and exploited this vulnerability a local privilege escalation that grants full root privileges...

CVE-2022-38453 Contec Health CMS8000

Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debuginfo' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities...

p5-PathTools -- File::Spec::canonpath loses taint

Ricardo Signes reports: Beginning in PathTools 3.47 and/or perl 5.20.0, the File::Spec::canonpath routine returned untained strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach...