Aggregator

CVE-2025-42918 | SAP NetWeaver Application Server for ABAP up to 816 authorization

VulDB Recent Entries
5 months ago
A vulnerability classified as problematic has been found in SAP NetWeaver Application Server for ABAP up to 816. This affects an unknown function. Performing manipulation results in missing authorization. This vulnerability was named CVE-2025-42918. The attack may be initiated remotely. There is no available exploit. Applying a patch is the recommended action to fix this issue.
vuldb.com

CVE-2025-58453 | LabRedesCefetRJ WeGIA up to 3.4.10 exibe_anexo.php id_anexo sql injection (GHSA-gg48-pg9f-39fx)

VulDB Recent Entries
5 months ago
A vulnerability marked as critical has been reported in LabRedesCefetRJ WeGIA up to 3.4.10. The affected element is an unknown function of the file /WeGIA/html/memorando/exibe_anexo.php. This manipulation of the argument id_anexo causes sql injection. This vulnerability is handled as CVE-2025-58453. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-58454 | LabRedesCefetRJ WeGIA up to 3.4.10 listar_despachos.php id_memorando sql injection (GHSA-ghfh-g6rg-jmqf)

VulDB Recent Entries
5 months ago
A vulnerability labeled as critical has been found in LabRedesCefetRJ WeGIA up to 3.4.10. Impacted is an unknown function of the file /WeGIA/html/memorando/listar_despachos.php. The manipulation of the argument id_memorando results in sql injection. This vulnerability is known as CVE-2025-58454. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2025-42925 | SAP NetWeaver AS Java 7.50 JAVA IIOP Service predictable state

VulDB Recent Entries
5 months ago
A vulnerability categorized as problematic has been discovered in SAP NetWeaver AS Java 7.50. This vulnerability affects unknown code of the component JAVA IIOP Service. Executing manipulation can lead to predictable from observable state. This vulnerability appears as CVE-2025-42925. The attack may be performed from remote. There is no available exploit. Applying a patch is advised to resolve this issue.
vuldb.com

CVE-2025-58745 | LabRedesCefetRJ WeGIA up to 3.4.10 PHP File controla_xlsx.php code injection (GHSA-hq96-gvmx-qrwp)

VulDB Recent Entries
5 months ago
A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.10. It has been declared as critical. Affected by this issue is some unknown functionality of the file /html/socio/sistema/controller/controla_xlsx.php of the component PHP File Handler. Such manipulation leads to code injection. This vulnerability is documented as CVE-2025-58745. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-58449 | MahoCommerce maho up to 25.8.x PHP File Parser reliance on file name or extension of externally-supplied file (GHSA-vgmm-27fc-vmgp)

VulDB Recent Entries
5 months ago
A vulnerability was found in MahoCommerce maho up to 25.8.x. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component PHP File Parser. This manipulation causes reliance on file name or extension of externally-supplied file. This vulnerability is registered as CVE-2025-58449. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

Connected cars are racing ahead, but security is stuck in neutral

Help Net Security
5 months ago

Connected cars are already on Europe’s roads, loaded with software, sensors, and constant data connections. Drivers love the features these vehicles bring, from remote apps to smart navigation, but each new connection also opens a door to potential cyber risks. What makes cars smarter is the same thing that makes them more vulnerable. A new study from Óbuda University in Budapest and the University of Oslo sheds light on these threats, where current rules fall … More →

The post Connected cars are racing ahead, but security is stuck in neutral appeared first on Help Net Security.

Mirko Zorz

CVE-2025-42927 | SAP NetWeaver AS Java 7.50 Adobe Document Service vulnerable third-party component

VulDB Recent Entries
5 months ago
A vulnerability has been found in SAP NetWeaver AS Java 7.50 and classified as problematic. This impacts an unknown function of the component Adobe Document Service. The manipulation leads to dependency on vulnerable third-party component. This vulnerability is listed as CVE-2025-42927. The attack must be carried out locally. There is no available exploit. To fix this issue, it is recommended to deploy a patch.
vuldb.com

Chinese Hackers Salt Typhoon and UNC4841 Team Up to Breach Critical Infrastructure

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
5 months ago

Cybersecurity researchers at Silent Push have uncovered a sophisticated Chinese espionage operation linking two prominent threat actors, Salt Typhoon and UNC4841, revealing previously unreported infrastructure used to target government and corporate networks across more than 80 countries. The discovery of 45 malicious domains dating back to 2020 demonstrates the extensive reach and long-term persistence of […]

The post Chinese Hackers Salt Typhoon and UNC4841 Team Up to Breach Critical Infrastructure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

Managed ad