CVE-2024-34689

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...

EUVD-2025-34689

When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

MAL-2025-34689 Malicious code in tempest_dsknp_fxvk1_wander (npm)

The package tempestdsknpfxvk1wander was found to contain malicious code...

CVE-2024-34689

creationtimestamp| type| source ---|---|--- 2024-07-09 07:38:40+00:00| seen| https://t.me/cvedetector/251...

CVE-2024-34689

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...

CVE-2024-34689 [CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...

CVE-2024-34689

The CVE-2024-34689 issue affects SAP Business Workflow’s WebFlow Services. An authenticated attacker can enumerate HTTP endpoints accessible on the internal network by sending specially crafted HTTP requests, leading to information disclosure. The impact is limited to confidentiality (information...

Researchers Release PoC Exploit for Windows CryptoAPI Bug Discovered by NSA

Proof-of-concept Poc code has been released for a now-patched high-severity security flaw in the Windows CryptoAPI that the U.S. National Security Agency NSA and the U.K. National Cyber Security Centre NCSC reported to Microsoft last year. Tracked as CVE-2022-34689 CVSS score: 7.5, the spoofing...

CVE-2022-34689

creationtimestamp| type| source ---|---|--- 2022-10-11 22:32:23+00:00| seen| https://t.me/cibsecurity/51174 2023-01-26 12:08:05+00:00| published-proof-of-concept| https://t.me/truesecator/3989 2023-01-26 15:22:03+00:00| published-proof-of-concept| https://t.me/proxybar/1331 2023-01-26...

CVE-2022-34689

Windows CryptoAPI Spoofing Vulnerability...

CVE-2022-34689

CVE-2022-34689 is a Windows CryptoAPI spoofing vulnerability in which the certificate cache index key (MD5-based) can be exploited to masquerade as a legitimate entity. A PoC was released (HIVEPRO PoC report) detailing the attack, underscoring public proof-of-concept availability. The advisory co...

CVE-2021-34689

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files...

CVE-2021-34689

Affected product: iDrive RemotePC on Windows. Version affected: prior to 7.6.48. Vulnerability type: information disclosure due to a flaw that allows a locally authenticated attacker to read the system’s Personal Key from world-readable log files in %PROGRAMDATA%. Root cause: Personal Key written...

CVE-2025-34689

CVE-2025-34689 entry is rejected/not used and does not represent an active vulnerability.

CVE-2025-34689

...