Remote Desktop Client RCE Vulnerability (Apr 2025) - Windows

Remote Desktop Client is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-22010 RDMA/hns: Fix soft lockup during bt pages loop

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup during bt pages loop Driver runs a for-loop when allocating bt pages and mapping them with buffer pages. When a large buffer e.g. MR over 100GB is being allocated, it may require a considerable loop coun...

CVE-2025-30017

Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application...

CVE-2025-27428

Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on...

CVE-2025-30017

CVE-2025-30017 affects SAP Solution Manager 7.1. The issue is a missing authorization check that could let an authenticated attacker upload a file as a template for solution documentation, with limited impact on the application’s integrity and availability. Remediation is via SAP security patches...

CVE-2025-30017 Missing Authorization check in SAP Solution Manager

Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application...

CVE-2025-30017 Missing Authorization check in SAP Solution Manager

Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application...

CVE-2025-27428 Directory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection)

Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on...

SAP Solution Manager 安全漏洞

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as a system management platform. A file upload vulnerability exists in SAP Solution Manager that stems from the application's lack of effective...

SAP Solution Manager 安全漏洞

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as a system management platform. A directory traversal vulnerability exists in SAP Solution Manager, which stems from a lack of validity checkin...

📄 UNA CMS 14.0.0-RC4 PHP Object Injection

UNA CMS versions 14.0.0-RC4 and below suffer from a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php. ------------------------------------------------------------------------------------ UNA CMS = 14.0.0-RC4 BxBaseMenuSetAclLevel.php PHP Object Injection Vulnerability...

PT-2025-15375 · Sap · Sap Solution Manager

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager version 7.1 Description: The issue is caused by a missing authorization check, allowing an authenticated attacker to upload a file as a template for solution documentation. This can lead to limited impact on the integrity...

PT-2025-15367 · Sap · Sap Solution Manager

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager affected versions not specified Description: The issue is related to a directory traversal vulnerability. An authorized attacker could access critical information by using an RFC enabled function module. If successfully...

Microsoft PC Manager Elevation of Privilege Vulnerability (Apr 2025) - Windows

Microsoft PC Manager is prone to an elevation of privilege vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-32352

A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. A solution requires moving from MD5 to bcrypt...

Photon OS 5.0: Linux PHSA-2025-5.0-0493

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0493. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Security advisory: A Denial-of-Service type of security issue in Qt XML module impacts Qt

A Denial-of-Service type of security issue in QDom classes of Qt XML module has been discovered and has been assigned the CVE id CVE-2025-30348. Affected versions: Up to 5.15.18, 6.0.0 to 6.5.8, and 6.6.0 to 6.7.3. Impact: When QDom classes are used to write XML with long text segments,...

OpenVPN Privilege Escalation Vulnerability (Apr 2025) - Windows

OpenVPN is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openvpn:openvpn";...

Debian: Security Advisory (DSA-5893-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-5895-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...