CVE-2022-26102

Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transactio...

CVE-2023-26102

All versions of the package rangy are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype...

CVE-2024-50631

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQL commands, limited to write operations, via...

CVE-2021-26102

A relative path traversal vulnerability CWE-23 in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to...

CVE-2021-26102

creationtimestamp| type| source ---|---|--- 2024-12-19 14:00:41+00:00| seen| https://infosec.exchange/users/cve/statuses/113679849262599272 2024-12-19 14:15:27+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ldo2oqqlt62a 2024-12-19 15:39:21+00:00| seen|...

CVE-2021-26102

A relative path traversal vulnerability CWE-23 in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to...

CVE-2021-26102

A relative path traversal vulnerability CWE-23 in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to...

CVE-2024-26102 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browse...

CVE-2024-26102

CVE-2024-26102 affects Adobe Experience Manager (AEM) 6.5.19 and earlier and is a reflected XSS vulnerability. The issue permits executing malicious JavaScript in a victim’s browser if a crafted URL references a vulnerable page. The vulnerability is documented with a Medium severity (CVSS 3.1: 5....

CVE-2023-26102

creationtimestamp| type| source ---|---|--- 2023-02-24 07:18:52+00:00| seen| https://t.me/cibsecurity/58842...

rk-editor (=2.2.11) potentially affected by CVE-2023-26102 via rangy (=1.3.1)

rangy NPM version =1.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on rangy and may be impacted: - rk-editor =2.2.11 Source cves: CVE-2023-26102 Source advisory: OSV:GHSA-65RP-MHQF-8GJ3...

CVE-2023-26102

CVE-2023-26102 affects the rangy package, where all versions are vulnerable to a prototype pollution flaw in the extend() function of rangy-core.js. The vulnerability arises from an unsafe recursive merge that can copy attacker-controlled properties onto Object.prototype, enabling pollution of al...

CVE-2023-26102

All versions of the package rangy are vulnerable to Prototype Pollution when using the extend function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototype...

rk-editor (=2.2.11) potentially affected by CVE-2023-26102 via rangy (=1.3.1)

rangy NPM version =1.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on rangy and may be impacted: - rk-editor =2.2.11 Source cves: CVE-2023-26102 Source advisory: SNYK:JS-RANGY-3175702...

CVE-2022-26102

creationtimestamp| type| source ---|---|--- 2022-03-10 20:19:11+00:00| seen| https://t.me/cibsecurity/38682...

CVE-2022-26102

Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transactio...

CVE-2022-26102

CVE-2022-26102 affects SAP NetWeaver Application Server for ABAP in versions 700, 701, 702, and 731, due to a missing authorization check that allows an authenticated attacker to access content on the start screen of any transaction within the same SAP system, even when not authorized for that tr...

CVE-2020-26102

In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM SEC-550...

CVE-2020-26102

CVE-2020-26102 affects cPanel before 88.0.3 where Dovecot on a templated VM uses an insecure auth policy API key (SEC-550). The vulnerability is evidenced by public records showing a policy-key weakness in the Dovecot integration within cPanel’s VM templating. Public CVSS metrics indicate medium ...