Aggregator

CVE-2025-43010 | SAP S4HANA/S4HANA Cloud Private Edition up to 714 SCM Master Data Layer code injection (EUVD-2025-14339)

Vuldb Updates
7 months ago
A vulnerability was found in SAP S4HANA and S4HANA Cloud Private Edition up to 714 and classified as critical. Affected by this issue is some unknown functionality of the component SCM Master Data Layer. The manipulation leads to code injection. This vulnerability is handled as CVE-2025-43010. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-43009 | SAP Service Parts Management up to SAP_APPL 600 SPM authorization (EUVD-2025-14340)

Vuldb Updates
7 months ago
A vulnerability, which was classified as critical, has been found in SAP Service Parts Management up to SAP_APPL 600. Affected by this issue is some unknown functionality of the component SPM. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2025-43009. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-43011 | SAP Landscape Transformation up to S4CORE 102 PCL Basis Module authorization (EUVD-2025-14338)

Vuldb Updates
7 months ago
A vulnerability, which was classified as problematic, was found in SAP Landscape Transformation up to S4CORE 102. This affects an unknown part of the component PCL Basis Module. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-43011. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-4632 | Samsung Electronics MagicINFO 9 Server 21.1050 path traversal (EUVD-2025-14362)

Vuldb Updates
7 months ago
A vulnerability, which was classified as critical, has been found in Samsung Electronics MagicINFO 9 Server 21.1050. Affected by this issue is some unknown functionality. The manipulation leads to path traversal. This vulnerability is handled as CVE-2025-4632. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-22249 | VMware Aria Automation up to 8.18.1 Patch 1 URL cross site scripting (EUVD-2025-14367)

Vuldb Updates
7 months ago
A vulnerability classified as problematic was found in VMware Aria Automation, Cloud Foundation and Telco Cloud Platform up to 8.18.1 Patch 1. This vulnerability affects unknown code of the component URL Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-22249. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Moldovan Police arrested a 45-year-old foreign man participating in ransomware attacks on Dutch companies

Security Affairs
7 months ago
A 45-year-old foreign man has been arrested in Moldova for allegedly participating in ransomware attacks on Dutch companies in 2021. Moldovan police arrested a 45-year-old foreign man as a result of a joint international operation involving Moldovan and Dutch authorities. He is internationally wanted for multiple cybercrime, including ransomware attacks, blackmail, and money laundering, targeting […]
Pierluigi Paganini

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA News
7 months ago

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2025-30400 Microsoft Windows DWM Core Library Use-After-Free Vulnerability
  • CVE-2025-32701 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
  • CVE-2025-32706 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
  • CVE-2025-30397 Microsoft Windows Scripting Engine Type Confusion Vulnerability
  • CVE-2025-32709 Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA

Five Years Later: Evolving IoT Cybersecurity Guidelines

NIST | Cybersecurity Insights
7 months ago
The Background…and NIST’s Plan for Improving IoT Cybersecurity The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet connectivity of physical devices, this legislation tasked NIST with developing cybersecurity guidelines to manage and secure IoT effectively. As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to cybersecurity for manufacturers
Katerina Megas, Michael Fagan

CVE-2025-31329 | SAP NetWeaver Application Server ABAP and ABAP Platform parameter/argument delimiters (EUVD-2025-14351)

Vuldb Updates
7 months ago
A vulnerability classified as problematic was found in SAP NetWeaver Application Server ABAP and ABAP Platform up to 758. This vulnerability affects unknown code. The manipulation leads to improper neutralization of parameter/argument delimiters. This vulnerability was named CVE-2025-31329. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-43004 | SAP Digital Manufacturing 1.0 Production Operator Dashboard authorization (EUVD-2025-14345)

Vuldb Updates
7 months ago
A vulnerability, which was classified as problematic, has been found in SAP Digital Manufacturing 1.0. This issue affects some unknown processing of the component Production Operator Dashboard. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2025-43004. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Managed ad