CVE-2025-42880 Code Injection vulnerability in SAP Solution Manager

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availabilit...

CVE-2025-42880 Code Injection vulnerability in SAP Solution Manager

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availabilit...

CVE-2025-42880

CVE-2025-42880 concerns SAP Solution Manager. Underlying issue is missing input sanitation that allows an authenticated attacker to insert arbitrary code when calling a remote-enabled function module, potentially giving full control of the system and high impact to confidentiality, integrity, and...

PT-2025-49769

Name of the Vulnerable Software and Affected Versions SAP Solution Manager affected versions not specified Description SAP Solution Manager is susceptible to a code injection issue stemming from inadequate input sanitation. An authenticated attacker can inject malicious code when invoking a...

SAP Solution Manager 代码注入漏洞

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

HCLTech DRAGON 安全漏洞

HCLTech DRAGON is a data retention / archiving / mass data storage and retrieval solution from HCL Corporation, USA. A security vulnerability exists in HCLTech DRAGON versions prior to 7.6.0, which stems from a missing instruction and could lead to the remote execution of arbitrary code...

SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities

Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it when was the last time you checked?, and keeping track of all the vulnerability alerts, notifications, and updates can be a burden on resources an...

Security Bulletin: Vulnerability in IBM DevOps Solution Workbench

Summary The following vulnerability was addressed in IBM DevOps Solution Workbench version 5.1. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent...

Beyond NSX: A Strategic Alternative for VMware Customers

Broadcom’s VMware acquisition has driven up costs and complexity. Akamai Guardicore Segmentation offers a modern, secure, and cost-efficient path beyond NSX...

Quantum-Resistant Authentication Scheme for RFID Systems Using Lattice-Based Cryptography

We propose a novel quantum-resistant mutual authentication scheme for radio-frequency identification RFID systems. Our scheme uses lattice-based cryptography and, in particular, achieves quantum-resistance by leveraging the hardness of the inhomogeneous short integer solution ISIS problem. In...

CVE-2025-13239

A security vulnerability has been detected in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution 5. Affected by this issue is some unknown functionality of the file /submitcheckout. Such manipulation of the argument ordertotalamount/carttotalamount leads to enforcement of...

CVE-2025-13186

A weakness has been identified in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution up to 4.0. This impacts an unknown function of the file /dashboard/Ccustomer/managecustomer. This manipulation of the argument Search causes cross site scripting. The attack may be initiated...

CVE-2025-13186 Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution manage_customer cross site scripting

A weakness has been identified in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution up to 4.0. This impacts an unknown function of the file /dashboard/Ccustomer/managecustomer. This manipulation of the argument Search causes cross site scripting. The attack may be initiated...

Unspecified Vulnerability in Rockwell Automation DataMosaix Private Cloud

Rockwell Automation DataMosaix Private Cloud is an industrial DataOps solution from Rockwell Automation, Inc. It is used to simplify and control access to relevant, reliable and contextualized data. A security vulnerability exists in Rockwell Automation DataMosaix Private Cloud that can be...

SAP Pushes Emergency Patch for 9.9 Rated CVE-2025-42887 After Full Takeover Risk

CVE 2025 42887 vulnerability, rated 9.9, allows code injection through Solution Manager giving attackers full SAP control urgent patch needed to block system takeover...

CVE-2025-42887

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availabilit...

CVE-2025-42889

SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. As a result, this vulnerability has a low impact on the application's confidentiality and integrity but no impact on its availability...

CVE-2025-42889

SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. As a result, this vulnerability has a low impact on the application's confidentiality and integrity but no impact on its availability...

CVE-2025-42887

Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availabilit...

CVE-2025-42889

CVE-2025-42889 affects SAP Starter Solution. An authenticated attacker can execute crafted database queries, exposing the back-end database. Impact is described as low for confidentiality and integrity, with no availability impact. Multiple connected sources (NVD/Red Hat/NCSc/CVE listing) confirm...