Microsoft PC Manager Elevation of Privilege Vulnerability (Apr 2025) - Windows

Microsoft PC Manager is prone to an elevation of privilege vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SAP Solution Manager 安全漏洞

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as a system management platform. A file upload vulnerability exists in SAP Solution Manager that stems from the application's lack of effective...

SAP Solution Manager 安全漏洞

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as a system management platform. A directory traversal vulnerability exists in SAP Solution Manager, which stems from a lack of validity checkin...

📄 UNA CMS 14.0.0-RC4 PHP Object Injection

UNA CMS versions 14.0.0-RC4 and below suffer from a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php. ------------------------------------------------------------------------------------ UNA CMS = 14.0.0-RC4 BxBaseMenuSetAclLevel.php PHP Object Injection Vulnerability...

PT-2025-15375 · Sap · Sap Solution Manager

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager version 7.1 Description: The issue is caused by a missing authorization check, allowing an authenticated attacker to upload a file as a template for solution documentation. This can lead to limited impact on the integrity...

PT-2025-15367 · Sap · Sap Solution Manager

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager affected versions not specified Description: The issue is related to a directory traversal vulnerability. An authorized attacker could access critical information by using an RFC enabled function module. If successfully...

CVE-2025-32352

A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. A solution requires moving from MD5 to bcrypt...

Debian: Security Advisory (DSA-5895-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenVPN Privilege Escalation Vulnerability (Apr 2025) - Windows

OpenVPN is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openvpn:openvpn";...

Debian: Security Advisory (DSA-5893-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security advisory: A Denial-of-Service type of security issue in Qt XML module impacts Qt

A Denial-of-Service type of security issue in QDom classes of Qt XML module has been discovered and has been assigned the CVE id CVE-2025-30348. Affected versions: Up to 5.15.18, 6.0.0 to 6.5.8, and 6.6.0 to 6.7.3. Impact: When QDom classes are used to write XML with long text segments,...

Photon OS 5.0: Linux PHSA-2025-5.0-0493

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0493. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-32352

A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpreted as numbers. A solution requires moving from MD5 to bcrypt...

Debian: Security Advisory (DSA-5891-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7412-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Woffice Core plugin <= 5.4.21 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability

Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin Woffice Core versions = 5.4.21...

Debian: Security Advisory (DLA-4109-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenVPN DoS Vulnerability (Apr 2025) - Windows

OpenVPN is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openvpn:openvpn";...

WordPress Botnet Attack Blocker plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Botnet Attack Blocker versions = 2.0.0...

Mozilla Thunderbird ESR Security Update (mfsa_2025-24) - Mac OS X

Mozilla Thunderbird ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...