Aggregator

CVE-2025-64167 | Combodo iTop up to 2.7.12/3.2.1 export.php URL cross site scripting (GHSA-pr7w-2cr9-5h38)

VulDB Recent Entries
3 months ago
A vulnerability labeled as problematic has been found in Combodo iTop up to 2.7.12/3.2.1. Affected by this vulnerability is an unknown functionality of the file export.php. The manipulation of the argument URL results in cross site scripting. This vulnerability is reported as CVE-2025-64167. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.
vuldb.com

CVE-2025-42883 | SAP NetWeaver Application Server for ABAP SAP_BASIS 700 up to SAP_BASIS 758 Migration Workbench unrestricted upload

VulDB Recent Entries
3 months ago
A vulnerability identified as critical has been detected in SAP NetWeaver Application Server for ABAP. Affected is an unknown function of the component Migration Workbench. The manipulation leads to unrestricted upload. This vulnerability is documented as CVE-2025-42883. The attack can be initiated remotely. There is not any exploit available. Applying a patch is the recommended action to fix this issue.
vuldb.com

CVE-2025-64182 | AcademySoftwareFoundation OpenEXR up to 3.2.4/3.3.5/3.4.2 EXR File Parser buffer overflow (GHSA-vh63-9mqx-wmjr)

VulDB Recent Entries
3 months ago
A vulnerability categorized as critical has been discovered in AcademySoftwareFoundation OpenEXR up to 3.2.4/3.3.5/3.4.2. This impacts an unknown function of the component EXR File Parser. Executing manipulation can lead to buffer overflow. This vulnerability is registered as CVE-2025-64182. The attack needs to be launched locally. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-42882 | SAP NetWeaver Application Server for ABAP SAP_BASIS 700 up to SAP_BASIS 758 authorization

VulDB Recent Entries
3 months ago
A vulnerability was found in SAP NetWeaver Application Server for ABAP. It has been declared as problematic. The impacted element is an unknown function. Such manipulation leads to missing authorization. This vulnerability is listed as CVE-2025-42882. The attack may be performed from remote. There is no available exploit. A patch should be applied to remediate this issue.
vuldb.com

CVE-2025-42884 | SAP NetWeaver Enterprise Portal 7.50 data query logic injection

VulDB Recent Entries
3 months ago
A vulnerability was found in SAP NetWeaver Enterprise Portal 7.50. It has been classified as critical. The affected element is an unknown function. This manipulation causes improper neutralization of special elements in data query logic. This vulnerability is tracked as CVE-2025-42884. The attack is possible to be carried out remotely. No exploit exists. It is suggested to install a patch to address this issue.
vuldb.com

CVE-2018-25124 | RainbowFish PacsOne Server up to 6.6.2 nocache.php path path traversal (Exploit 43907 / EDB-43907)

VulDB Recent Entries
3 months ago
A vulnerability has been found in RainbowFish PacsOne Server up to 6.6.2 and classified as critical. This issue affects some unknown processing of the file nocache.php. The manipulation of the argument path leads to path traversal. This vulnerability is referenced as CVE-2018-25124. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com

CVE-2025-64484 | OAuth2-Proxy up to 7.12.x HTTP Header http headers for scripting syntax (GHSA-vjrc-mh2v-45x6)

VulDB Recent Entries
3 months ago
A vulnerability, which was classified as critical, was found in OAuth2-Proxy up to 7.12.x. This vulnerability affects unknown code of the component HTTP Header Handler. Executing manipulation can lead to improper neutralization of http headers for scripting syntax. The identification of this vulnerability is CVE-2025-64484. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2025-64519 | TorrentPier up to 2.8.8 topic_id sql injection (GHSA-4rwr-8c3m-55f6)

VulDB Recent Entries
3 months ago
A vulnerability, which was classified as critical, has been found in TorrentPier up to 2.8.8. This affects an unknown part. Performing manipulation of the argument topic_id results in sql injection. This vulnerability was named CVE-2025-64519. The attack may be initiated remotely. There is no available exploit. Applying a patch is the recommended action to fix this issue.
vuldb.com

CISOs are cracking under pressure

Help Net Security
3 months ago

Cybersecurity leaders are hitting their limit. A new report from Nagomi Security shows that most CISOs are stretched thin, dealing with nonstop incidents, too many tools, and growing pressure from their boards. The pressures are so intense that many say they are burned out and thinking about walking away. CISOs under strain The personal cost is beginning to affect business readiness. Nearly half said burnout has already hurt their ability to prepare for breaches. The … More →

The post CISOs are cracking under pressure appeared first on Help Net Security.

Sinisa Markovic

ZDI-CAN-28265: GIMP

ZDI: Upcoming Advisories
3 months ago
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]' was reported to the affected vendor on: 2025-11-11, 95 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-28311: GIMP

ZDI: Upcoming Advisories
3 months ago
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-11-11, 36 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-28158: GIMP

ZDI: Upcoming Advisories
3 months ago
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-11-11, 95 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-28273: GIMP

ZDI: Upcoming Advisories
3 months ago
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-11-11, 36 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-28405: GIMP

ZDI: Upcoming Advisories
3 months ago
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-11-11, 95 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-28416: GIMP

ZDI: Upcoming Advisories
3 months ago
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-11-11, 95 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-28376: GIMP

ZDI: Upcoming Advisories
3 months ago
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-11-11, 36 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-28248: GIMP

ZDI: Upcoming Advisories
3 months ago
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-11-11, 36 days ago. The vendor is given until 2026-03-11 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Managed ad