CVE ID : CVE-2025-42974
Published : July 8, 2025, 1:15 a.m. | 35 minutes ago
Description : Due to missing authorization check, an attacker authenticated as a non-administrative user could call a remote-enabled function module. This could enable access to information normally restricted, resulting in low impact on confidentiality. There is no impact on integrity or availability.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-42978
Published : July 8, 2025, 1:15 a.m. | 35 minutes ago
Description : The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote TLS server. This might lead to the outbound connection being established to a possibly malicious remote TLS server and hence disclose information. Integrity and Availability are not impacted.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-42971
Published : July 8, 2025, 1:15 a.m. | 35 minutes ago
Description : A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by SAPCAR on their system, resulting in out-of-bounds memory read and write. This could lead to file extraction and file overwrite outside the intended directories. This vulnerability has low impact on the confidentiality, integrity and availability of the application.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-42969
Published : July 8, 2025, 1:15 a.m. | 35 minutes ago
Description : SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject a malicious script into a dynamically crafted URL. The victim, when tricked into clicking on this crafted URL unknowingly executes the malicious payload in their browser. On successful exploitation, the attacker can access or modify sensitive information within the scope of victim’s web browser, with no impact on availability of the application.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-42980
Published : July 8, 2025, 1:15 a.m. | 1 hour, 36 minutes ago
Description : SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-42979
Published : July 8, 2025, 1:15 a.m. | 35 minutes ago
Description : The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive of this user�s windows registry could recreate the original password. There is no impact on integrity or availability of the application
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-42981
Published : July 8, 2025, 1:15 a.m. | 35 minutes ago
Description : Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not properly sanitized. When a victim clicks on this link, the script executes within the victim’s browser, redirecting them to a site controlled by the attacker. This allows the attacker to access and/or modify restricted information related to the web client. While the vulnerability poses no impact on data availability, it presents a considerable risk to confidentiality and integrity.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-42985
Published : July 8, 2025, 1:15 a.m. | 35 minutes ago
Description : Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality and integrity, with no impact on application availability.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-42986
Published : July 8, 2025, 1:15 a.m. | 35 minutes ago
Description : Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-42992
Published : July 8, 2025, 1:15 a.m. | 35 minutes ago
Description : SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has high impact on integrity, but low impact on confidentiality and availability of the system.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43001
Published : July 8, 2025, 1:15 a.m. | 35 minutes ago
Description : SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7154
Published : July 8, 2025, 1:15 a.m. | 35 minutes ago
Description : A vulnerability, which was classified as critical, has been found in TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216. Affected by this issue is the function sub_41A0F8 of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-7155
Published : July 8, 2025, 1:15 a.m. | 35 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Online Notes Sharing System 1.0. This affects an unknown part of the file /Dashboard of the component Cookie Handler. The manipulation of the argument sessionid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The original researcher disclosure suspects an XPath Injection vulnerability; however, the provided attack payload appears to be characteristic of an SQL Injection attack.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Public exploits released for CitrixBleed 2 NetScaler flaw, patch now
Researchers have released proof-of-concept (PoC) exploits for a critical Citrix NetScaler vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, warning that the flaw is easily exploitable a …
Read more
Published Date:
Jul 07, 2025 (3 hours, 52 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-5777
CVE-2023-4966
CVE-2025-41672 (CVSS 10): Critical JWT Certificate Flaw in WAGO Device Sphere Allows Full Remote Takeover
A coordinated disclosure by CERT@VDE and WAGO has unveiled a devastating vulnerability—CVE-2025-41672—impacting WAGO’s industrial automation platform Device Sphere. Rated CVSS 10.0, the flaw enables r …
Read more
Published Date:
Jul 08, 2025 (2 hours, 49 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-41672
CVE-2023-4149
CVE-2023-48238
CVE-2023-37266
Critical Vulnerabilities Found in Nimesa Backup and Recovery Software
JPCERT/CC has issued a warning about two serious vulnerabilities in the Nimesa Backup and Recovery solution, a widely used disaster recovery and backup platform for enterprise applications on AWS. The …
Read more
Published Date:
Jul 08, 2025 (2 hours, 36 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-53473
CVE-2025-48501
CVE-2025-6031
CVE-2023-20873
Critical Frauscher Flaws (CVE-2025-3626 CVSS 9.1, CVE-2025-3705 CVSS 6.8): OS Command Injection Threatens Railway Systems
A newly published security advisory coordinated by CERT@VDE and Frauscher Sensortechnik GmbH reveals two severe OS command injection vulnerabilities affecting Frauscher’s FDS101, FDS102, and FDS-SNMP1 …
Read more
Published Date:
Jul 08, 2025 (2 hours, 18 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3705
CVE-2025-3626
Apple Appeals €500M EU DMA Fine: Challenges “Unprecedented” Ruling on App Store Policies
In response to the European Union’s €500 million fine levied for alleged violations of the Digital Markets Act (DMA), Apple has formally filed an appeal with the General Court of the European Union, d …
Read more
Published Date:
Jul 08, 2025 (55 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2023-23529
This paper was presented at the Workshop on Reliable and Responsible Foundation Models at ICML 2025. Large Language Models (LLMs)…
Wearable devices record physiological and behavioral signals that can improve health predictions. While foundation models are increasingly used for such…