Urgent security alert for SAP users! A critical vulnerability (CVE-2025-42957) allows attackers to take full control of your…

Posted by Alan Coopersmith on Sep 05https://sqlite.org/cves.html lists CVE-2025-6965 as fixed in 3.50.2 (released 2025-06-28) with the description of "An attacker who can inject arbitrary SQL statements into an application might be able to cause an integer ov…

Experts warn of an actively exploited vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), in SAP S/4HANA software. A critical command injection vulnerability, tracked as CVE-2025-42957 (CVSS score of 9.9), in SAP S/4HANA is under active exploitation. …

A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers “to a limited extent”, the Dutch National Cyber Security Center (NCSC NL) has warned on Friday. Their alert seems to be based on a r…

A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part…

Article URL: https://www.crowdfense.com/cve-2025-53149-windows-ksthunk-heap-overflow/ Comments URL: https://news.ycombinator.com/item?id=45137097 Points: 5 # Comments: 0

Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” Among the fixed flaws is also CVE-2025-48539, a critical vulnerability in the System component th…

Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability (CVE-2025-24204) that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. The issue stems from Apple mistakenly granting the /usr/bin/g…

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-38352 Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability CVE-2025-485…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, noting that there is evidence of them being exploited in the wild. …

WhatsApp / WhatsApp Business for iOS, WhatsApp for Mac hatsApp若、識сiOS/macOS㍽綣掩'水罔⒦/a> (腦 2025.09.02) iOS / macOS 「CVE-2025-55177 Apple 0-day 絲上 (iOS / iPadOS, macOS) т信罩ｃ CVE-2025-43300 ф─罕 Android Android篁吟若、識э2…

When I am thinking about the security of manufacturing environments, I am usually focusing on IoT devices integrated into production lines. All the little sensors and actuators are often very difficult to secure. On the other hand, there is also "big software…

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2023-50224 TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability CVE-2025-9377 TP-Link Arc…

Some memory corruption bugs are much harder to exploit than others. They can involve race conditions, crash the system, and impose limitations that make a researcher's life difficult. Working with such fragile vulnerabilities demands significant time and effo…

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2020-24363 TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability CVE-2025-5517…

A vulnerability has been identified in in WhatsApp. A remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system. Note: CVE-2025-55177 is being scattered exploited. This vulnerability allow an unrelated…

CVE-2025-7783 is a very recent vulnerability affecting a lot of applications in the Node.js ecosystem including those which use axios or the deprecated request library. In all honesty, this vulnera…

WhatsApp has patched a critical 0-day (CVE-2025-55177) that allowed zero-click spyware attacks on iOS and Mac users. The…

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 Over 300,000 internet-facing Plex Media Server instances are still vulnerable to …

WatchTowr Labs uncovers a zero-day exploit (CVE-2025-54309) in CrushFTP. The vulnerability lets hackers gain admin access via the…