EUVD-2025-200711

Malicious code in elf-stats-silvered-ornament-756 npm...

Malicious code in elf-stats-silvered-ornament-756 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af252b50c8c74e272e044881e74ec3f39d777d81d281d86fdea3b8428c3f5958 The package elf-stats-silvered-ornament-756 was found to contain malicious code...

MAL-2025-191954 Malicious code in elf-stats-silvered-ornament-756 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af252b50c8c74e272e044881e74ec3f39d777d81d281d86fdea3b8428c3f5958 The package elf-stats-silvered-ornament-756 was found to contain malicious code...

EUVD-2021-33356

Malicious code in bioql PyPI...

CVE-2023-28763

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the...

CVE-2022-26101

Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2023-49584

SAP Fiori launchpad - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, UI700 200, SAPBASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application...

Design/Logic Flaw

SAP Fiori launchpad - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, UI700 200, SAPBASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application...

CVE-2023-49580

SAP GUI for Windows and SAP GUI for Java — affected: SAP_BASIS 755, 756, 757, 758. Unauthenticated attacker can access restricted/confidential information and can create Layout configurations in the ABAP List Viewer, causing mild impacts to integrity and availability (e.g., increased ABAP respons...

Code injection

A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...

CVE-2023-27998

A lack of custom error pages vulnerability CWE-756 in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTPs paths...

CVE-2023-27998

CVE-2023-27998 affects FortiPresence up to 1.2.1 (and all 1.0–1.2.1 per PT-2023-21471) due to a lack of custom error pages. An unauthenticated attacker who can access the login GUI can navigate to specific HTTP(S) paths to disclose sensitive information. The underlying issue is the absence of pro...

CVE-2023-33991 Stored Cross-Site Scripting (Stored XSS) vulnerability in SAP UI5 Variant Management

SAP UI5 Variant Management - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting Stored XSS vulnerability. After successful exploitation, an attacke...

SAP Variant Management 跨站脚本漏洞

SAP Variant Management is a platform from SAP, Germany, for storing user-created settings for Smart Filter Fields and settings created for Smart Forms. A cross-site scripting vulnerability exists in SAP Variant Management that stems from the presence of a stored cross-site scripting XSS...

CVE-2023-30743

Due to improper neutralization of input in SAPUI5 - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by th...

CVE-2023-29111

The SAP AIF ODATA service - versions 755, 756, discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component. As a result, an attacker can cause a low impact on the confidentiality of the application...

Design/Logic Flaw

The SAP AIF ODATA service - versions 755, 756, discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component. As a result, an attacker can cause a low impact on the confidentiality of the application...

SAP NetWeaver Application Server 资源管理错误漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A resource management error vulnerability exists in SAP NetWeaver Application Server, which stems from the presence of an error handling class, and can be exploited by an attacker to consume the server's resources to mak...

CVE-2021-46680

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field...

CVE-2021-46681

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field...