The vulnerability of the software for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP lies in the exposure of system data to unauthorized access within the controlled area. This allows attackers to disclose protected information.

The vulnerability of the software used for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP is related to the disclosure of system data that is not protected by permissions within the controlled area. Exploiting this vulnerability can allow a...

MAL-2025-142 Malicious code in next-refresh-token (npm)

This package executes a post-install script to collect system data and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1d44ee35f1e7a2f1a815de12ce539b2c3ffcb9ef5dc72eb632de64e000cf1b7 Any computer that has this package installed or runni...

Malicious code in next-refresh-token (npm)

This package executes a post-install script to collect system data and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1d44ee35f1e7a2f1a815de12ce539b2c3ffcb9ef5dc72eb632de64e000cf1b7 Any computer that has this package installed or runni...

Malicious code in openssl-node (npm)

This package executes a post-install script to collect system data and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06f19e257e800106253b9b27f14e1caac48d65284d85d47aa244d8aa9bfc97a8 Any computer that has this package installed or runni...

MAL-2025-265 Malicious code in openssl-node (npm)

This package executes a post-install script to collect system data and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06f19e257e800106253b9b27f14e1caac48d65284d85d47aa244d8aa9bfc97a8 Any computer that has this package installed or runni...

PT-2025-1215 · Microsoft · Windows Bitlocker +1

Name of the Vulnerable Software and Affected Versions: Windows BitLocker affected versions not specified Description: The issue is related to insufficient protection of system data in the BitLocker component of the Windows operating system. Exploitation of this issue may allow an attacker to...

PT-2025-1202 · Sap · Sap Gui For Java

Name of the Vulnerable Software and Affected Versions: SAP GUI for Java affected versions not specified Description: The issue is related to the disclosure of system data to unauthorized parties within a controlled area. An attacker with administrative privileges or access to the victim's user...

Malicious code in just-framework (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 95cb11d9c49d15c2a3d932930ab9d4f1567e118bf2ed951ab313856878f88859 Importing the module exfiltrates basic information using DNS queries. There is no other purpose of the package. --- Category: PROBABLYPENTEST - Packages lookin...

XML External Entity (XXE) Injection

org.fhir, ucum is vulnerable to XML External Entity XXE Injection. The vulnerability is due to XML parsing performed by the UcumEssenceService, which allows a malicious DTD tag in the XML to inject data from the host system...

CVE-2024-53961

CVE-2024-53961 affects Adobe ColdFusion 2023.11, 2021.17 and earlier, due to an improper limitation of a pathname to a restricted directory (path traversal) that can lead to arbitrary file-system reads. Impact per sources: potential disclosure of sensitive files or data outside the intended direc...

Advisory ROSA-SA-2024-2543

software: trousers 0.3.14 WASP: ROSA-CHROME packageevrstring: trousers-0.3.14-5 CVE-ID: CVE-2020-24332 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in TrouSerS: Vulnerability to create system.data files when running the tcsd daemon with root privileges. CVE-STATUS: The vulnerability has...

The vulnerability of Ollama’s system for launching and managing large language models, related to the exposure of system data to unauthorized individuals, allows a violator to trigger a service failure.

The vulnerability of Ollama’s system for running and managing large language models is related to the exposure of system data to unauthorized individuals. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Siemens Comos 代码问题漏洞

COMOS is a unified data platform for collaborative plant design, operations and management that supports the collection, processing, preservation and distribution of information throughout the plant lifecycle. Siemens COMOS suffers from an XXE injection vulnerability that can be exploited by an...

HkCms File Upload Vulnerability in Guangzhou Hengqi Education Technology Co.

HkCms is a free open-source content management system of Guangzhou Hengqi Education Technology Co. Ltd. HkCms file upload vulnerability, the vulnerability stems from a file upload vulnerability in the getFileName method in /app/common/library/Upload.php. The vulnerability can be exploited by an...

Rakuten Turbo 5G 安全漏洞

Rakuten Turbo 5G is a home router from Rakuten that requires no construction and plugs into an electrical outlet. A security vulnerability exists in Rakuten Turbo 5G V1.3.18 and earlier versions, which arises from the exposure of sensitive system information to unauthorized control, where an...

CVE-2024-47701

...

Malicious code in bytedps (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 89403fd14357b9969879ed80062b26ab63de5566bf285532ffa46382f1886e7c A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Circumvention of security measu...

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Access to sensitive data Access to system data Manipulation of data Circumvention of security measure Apple...

SUSE CVE-2024-47701

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem When looking up for an entry in an inlined directory, if evalueoffs is changed underneath the filesystem by some change in the block device, it will lead to...