GHSA-RWWW-X45W-P52W free5GC's NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptions

Summary free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token to read PFD application data via GET...

CVE-2026-0501 SQL Injection Vulnerability in SAP S/4HANA Private Cloud and On-Premise (Financials � General Ledger)

Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise Financials General Ledger, an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on the confidentiality, integrity, and availability of...

ABB多款产品 SQL注入漏洞

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

facileManager SQL注入漏洞

facileManager is a suite of modular Web applications from facileManager, Inc. facileManager suffers from an SQL injection vulnerability that originates from an unsafe call to the extract function in admin-logs.php. An attacker can use this vulnerability to view, add, modify, or delete information...

IBM Sterling B2B Integrator SQL注入漏洞

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. IBM Sterling B2B Integrator...

CVE-2021-37478

In NavigateCMS version 2.9.4 and below, function block is vulnerable to sql injection on parameter block-order, which results in arbitrary sql query execution in the backend database...

IBM Emptoris Spend Analysis SQL Injection Vulnerability (CNVD-2020-13057)

IBM Emptoris Spend Analysis is a product within IBM's suite of procurement solutions for consolidating, cleansing and categorizing spend data from decentralized systems. A SQL injection vulnerability exists in IBM Emptoris Spend Analysis versions 10.1.3.x, 10.1.1.x, and 10.1.0.x. The vulnerabilit...

Broadcom Brocade SANnav Trust Management Issues Vulnerability (CNVD-2019-41467)

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A trust management issue vulnerability exists in Broadcom Brocade SANnav versions prior to 2.0, which stems from the program's use of hard-coded passwords. A local attacker could exploit this vulnerability to access...

Password Reset Vulnerability in the Frontend of Nanjing Pintech Medical Online Exam System

Ltd. is a high-tech company dedicated to the research, development and sales of software products in the medical science and education industry. Nanjing Pinde Technology Medical Online Exam System There is a password reset vulnerability in the foreground, attackers can use the vulnerability to...