A high-severity SQL injection vulnerability (CVE-2025-59397) has been identified in Open Web Analytics (OWA) version 1.8.0 and likely affects earlier versions. The flaw allows authenticated users to inject arbitrary SQL commands.

A flaw has been identified in FlatPress v1.4.1 that allows an administrator to change their password without providing the current password. This bug undermines standard authentication practices and could lead to unauthorized access.

A stack-based buffer overflow vulnerability has been identified in `libelf` version 0.8.12, specifically within the `gmo2msg` utility. The flaw stems from unbounded `sprintf` operations on a fixed-size buffer when handling user-supplied input.

The flaw resides in the "Description" field of the Address Book edit functionality, allowing attackers to inject persistent JavaScript payloads that execute in the context of the victim's browser.

A security bypass in Microsoft Windows allows unprivileged users to circumvent user group policies by leveraging the OFFREG.dll library to create a modified offline registry hive.

A stored cross-site scripting (XSS) vulnerability has been identified in ERPNext v15.53.1. The flaw resides in the `user_image` field of the user profile page, where an authenticated user can inject malicious JavaScript.

The `pass` parameter is not properly sanitized, allowing an unauthenticated remote attacker to manipulate backend SQL logic and potentially extract sensitive information.

Multiple critical vulnerabilities have been identified in SAP GuiXT scripting, enabling attackers to execute remote code, steal NTLM hashes, perform Client-Side Request Forgery (CSRF), and cause Denial-of-Service (DoS).

A critical authenticated SQL injection vulnerability has been identified in the Frappe Framework, specifically affecting the `frappe.desk.reportview.get_list` API endpoint in version v15.56.1.

A critical authentication bypass vulnerability (CVE-2025-30072) has been identified in the Tiiwee X1 Alarm System (version TWX1HAKV2). The system's use of unencrypted 433 MHz radio communication allows attackers to perform capture-replay attacks.