5.4
CVE-2025-42936 - Missing Authorization check in SAP NetWeaver Application Server for ABAP
The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impact โฆ
4.1
CVE-2025-42935 - Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communโฆ
The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the confidentiality of the aโฆ
4.3
CVE-2025-42934 - CRLF Injection vulnerability in SAP S/4HANA (Supplier invoice)
SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level privileges can bypass the allowlist and insert untrusted sites into the 'Trusted Sites' configuration by injecting line feed (LF) characters into application inputs. This vulnerability has a low impact on the โฆ
7.0
CVE-2025-38500 - xfrm: interface: fix use-after-free after changing collect_md xfrm interface
In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation, thus xfrmi_changelink() should fail when called on such interfaces. The checโฆ
5.1
CVE-2025-55159 - slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check
slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the get_disjoint_mut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This hasโฆ
6.9
CVE-2025-55157 - Vim heap use-after-free vulnerability when processing recursive tuple data types
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vimโs internal tuple reference management. Specifically, the tuple_unref() function may access alreaโฆ
6.9
CVE-2025-55158 - Vim double-free vulnerability during Vim9 script import operations
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vimโs internal typed value (typval_T) management. Specifically, the clear_tv() fโฆ
8.6
CVE-2025-55161 - Stirling-PDF SSRF vulnerability on /api/v1/convert/markdown/pdf
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitizatโฆ
7.8
CVE-2025-55156 - PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter
pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched โฆ
8.6
CVE-2025-55150 - Stirling-PDF SSRF vulnerability on /api/v1/convert/html/pdf
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization whicโฆ