CVE-2022-31324

Chinese hackers behind attacks targeting SAP NetWeaver servers - SAP released an out-of-band emergency patch on April 24 to address this unauthenticated file upload security flaw (tracked as CVE-2025-31324) in SAP NetWeaver Visual Composer, days after cybersecurity company ReliaQuest first detected the ...
3 weeks ago Bleepingcomputer.com CVE-2025-31324

CVE-2022-48919 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago

Ransomware gangs join ongoing SAP NetWeaver attacks - Forescout Vedere Labs security researchers have also linked these ongoing attacks to a Chinese threat actor they track as Chaya_004, while EclecticIQ reported on Tuesday that three other Chinese APTs (i.e., UNC5221, UNC5174, and CL-STA-0048) are also ...
2 weeks ago Bleepingcomputer.com CVE-2025-31324 BianLian RansomEXX

SAP fixes critical Netweaver flaw exploited in attacks - "Unauthenticated attackers can abuse built-in functionality to upload arbitrary files to an SAP NetWeaver instance, which means full Remote Code Execution and total system compromise," stated watchTowr CEO Benjamin Harris. The vulnerability, ...
1 month ago Bleepingcomputer.com CVE-2025-31324

SAP fixes suspected Netweaver zero-day exploited in attacks - "Unauthenticated attackers can abuse built-in functionality to upload arbitrary files to an SAP NetWeaver instance, which means full Remote Code Execution and total system compromise," stated watchTowr CEO Benjamin Harris. The vulnerability, ...
1 month ago Bleepingcomputer.com CVE-2025-31324

Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw - Researchers reported that the threat actors are utilizing webshells with names like, "cache.jsp" and "helper.jsp." Howver, Nextron Research says they are also using random names, making it more difficult to find vulnerable Netweaver ...
1 month ago Bleepingcomputer.com CVE-2025-31324

CVE-2022-31324 - An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request. ...
2 years ago

Hackers Exploit Software Flaws within Hours Forcing Urgent Push for Faster Patches - This rapidly shrinking window between vulnerability discovery and active exploitation forces organizations to rethink traditional patching cycles and implement more agile security responses. In April, Microsoft disclosed that a zero-day vulnerability ...
2 weeks ago Cybersecuritynews.com CVE-2025-29824

Cybersecurity Weekly Digest: Key Attacks and Vulnerabilities From Last Week - A new malware campaign targets WordPress sites using a fake security plugin, “WP-antymalwary-bot.php.” Once installed, it grants attackers admin access, executes remote code, and injects malicious JavaScript for ad fraud. The attack chain ...
3 weeks ago Cybersecuritynews.com CVE-2025-31650

CVE-2021-31324 - The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution. ...
2 years ago

CVE-2024-31324 - In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution ...
10 months ago

CVE-2025-31324 - SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect ...
3 weeks ago CVE-2025-31324 CVE-2025-31191 CVE-2025-29824 CVE-2025-42999 CVE-2025-22224

400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks that Exploited in the Wild - Discovered in April 2025 by ReliaQuest security researchers during incident response activities, the vulnerability has already been weaponized in attacks against organizations running even fully-patched SAP installations. Organizations using SAP ...
1 month ago Cybersecuritynews.com CVE-2025-31324

Chinese Hackers Exploit SAP RCE Vulnerability to Upload Supershell Backdoors - A critical remote code execution vulnerability in SAP NetWeaver Visual Composer (CVE-2025-31324) is being actively exploited by a Chinese threat actor to compromise enterprise systems worldwide. Cyber Security News is a Dedicated News Platform For ...
3 weeks ago Cybersecuritynews.com CVE-2025-31324

SAP May 2025 Patch Tuesday - Patch for Actively Exploited 0-day & 15 Vulnerabilities - SAP’s May 2025 Security Patch Day includes an urgent update to the previously released emergency patch for a critical zero-day vulnerability (CVE-2025-31324) that continues to see active exploitation across multiple industries globally. With ...
2 weeks ago Cybersecuritynews.com CVE-2025-31324

Chinese Hackers Exploit SAP NetWeaver 0-Day Vulnerability To Attack Critical Infrastructures - In April 2025, security researchers identified a sophisticated campaign targeting critical infrastructure networks worldwide through a previously unknown vulnerability in SAP NetWeaver Visual Composer. The vulnerability, tracked as CVE-2025-31324, ...
2 weeks ago Cybersecuritynews.com CVE-2025-31324

31 Alarming Identity Theft Statistics for 2024 - Identity theft is a prevalent issue that affects millions of people annually. Although the numbers are startling, we've selected the 31 most concerning identity theft statistics to help you understand how to secure your identity. In 2022, the FTC ...
1 year ago Pandasecurity.com

SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022 - MSSPs took the lead in cybersecurity M&A in 2022 with twice as many deals as in 2021. An analysis conducted by SecurityWeek shows that more than 450 cybersecurity-related mergers and acquisitions were announced in 2022. In 2022, we tracked a total of ...
2 years ago Securityweek.com

CVE-2022-49911 - In the Linux kernel, the following vulnerability has been resolved: ...
4 weeks ago

CVE-2022-22012 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141. ...
3 years ago

CVE-2022-22013 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141. ...
3 years ago

CVE-2022-22014 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141. ...
3 years ago

CVE-2022-29141 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139. ...
3 years ago

CVE-2022-29128 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141. ...
3 years ago

CVE-2022-29129 - Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141. ...
3 years ago