Lucene search
K

190 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:24 p.m.5 views

Malicious code in Be.Vlaaոdеren.Basisrеgisters.ProjectiоnHandling.SqlStreamStore (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:24 p.m.4 views

Malicious code in Be.Vlaаnderen.Basisrеgisters.Utilities.ToStringBuilder (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:24 p.m.3 views

Malicious code in Be.Vlaаոdеren.Basisrеgisters.BlobStore (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
CVE
CVE
added 2024/02/13 2:30 a.m.68 views

CVE-2024-22131

CVE-2024-22131 affects SAP ABA (Application Basis) across versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I. The issue enables an authenticated user with remote execution privileges to use a vulnerable interface to invoke application functions beyond normal permissions, potentially readin...

9.1CVSS8.9AI score0.01079EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/02/13 2:15 a.m.3 views

CVE-2024-22128

SAP NWBC for HTML - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An unauthenticated attacker can inject malicious javascript to...

6.1CVSS5.4AI score0.00351EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/13 12:0 a.m.5 views

SAP NetWeaver Business Client for HTML Cross-Site Scripting Vulnerability

SAP NetWeaver Business Client for HTML SAP NWBC for HTML is a lightweight browser-based version of NWBC from SAP, Germany. SAP NetWeaver Business Client for HTML SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731 versions have a security...

6.1CVSS6.1AI score0.00351EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/13 12:0 a.m.3 views

SAP ABA 代码注入漏洞

SAP ABA Application Basis is an application transaction management system developed by SAP. A code injection vulnerability exists in the SAP ABA Application Basis interface, which can be exploited by a remote attacker to submit a special request that can be used to execute arbitrary code in the...

9.1CVSS8AI score0.01079EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.2 views

PT-2024-5016 · Sap · Sap Aba

Name of the Vulnerable Software and Affected Versions: SAP ABA Application Basis versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I Description: The issue in SAP ABA is related to incorrect code generation management, allowing an attacker with remote execution authorization to use a...

9.1CVSS7AI score0.01079EPSS
Exploits0References17
Wired Threat Level
Wired Threat Level
added 2024/02/11 1:0 p.m.14 views

A Celebrated Cryptography-Breaking Algorithm Just Got an Upgrade

Two researchers have improved a well-known technique for lattice basis reduction, opening up new avenues for practical experiments in cryptography and mathematics...

7.3AI score
Exploits0
OSV
OSV
added 2023/12/12 2:15 a.m.7 views

CVE-2023-49584

SAP Fiori launchpad - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, UI700 200, SAPBASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application...

4.3CVSS5.8AI score0.00479EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.34 views

CVE-2023-41120

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMSPROFILER to remove all accumulated profiling data on a system-wide basis,...

6.5CVSS6.6AI score0.00526EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2023/11/09 2:12 p.m.189 views

CVE-2023-47246: SysAid Zero-Day Vulnerability Exploited By Lace Tempest

On November 8, 2023, IT service management company SysAid disclosed CVE-2023-47426, a zero-day path traversal vulnerability affecting on-premise SysAid servers. According to Microsoft’s threat intelligence team, it has been exploited in the wild by DEV-0950 Lace Tempest in “limited attacks.” In a...

7.5CVSS9.4AI score0.99934EPSS
Exploits18
NVD
NVD
added 2023/09/12 3:15 a.m.26 views

CVE-2023-40624

SAP NetWeaver AS ABAP applications based on Unified Rendering - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 702, SAPBASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of...

5.5CVSS5.5AI score0.00346EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.10 views

PT-2023-27546 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP versions SAP UI 754 through SAP UI 758 SAP NetWeaver AS ABAP versions SAP BASIS 702, SAP BASIS 731 Description: The issue allows an attacker to inject JavaScript code that can be executed in the web-application,...

5.5CVSS7.3AI score0.00346EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/07/06 12:0 a.m.4 views

PT-2023-4244 · Sap · Abap Platform +1

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP BASIS 700, SAP BASIS 701, SAP BASIS 702, SAP BASIS 731, SAP BASIS 740, SAP BASIS 750, SAP BASIS 752, SAP BASIS 753, SAP BASIS 754, SAP BASIS 755, SAP BASIS 756, SAP BASIS...

6.5CVSS6.5AI score0.004EPSS
Exploits0References8
Rapid7 Blog
Rapid7 Blog
added 2023/06/01 3:23 p.m.212 views

Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability

Note: As of June 2, 2023, CVE-2023-34362 has been assigned to this vulnerability. On Friday, June 9, Progress Software released patches for a second vulnerability, CVE-2023-35036. On Thursday, June 15, a third vulnerability was announced and later assigned CVE-2023-35708. Progress has updates her...

7.5CVSS10.4AI score0.99934EPSS
Exploits15
Openbugbounty
Openbugbounty
added 2023/05/04 11:7 p.m.7 views

basis-wien.at Cross Site Scripting vulnerability OBB-3294595

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/04/26 4:54 p.m.303 views

Using Rapid7 Insight Agent and InsightVM Scan Assistant in Tandem

Background Rapid7 Insight Agent and InsightVM Scan Assistant are executables that can be deployed to assist in understanding the vulnerabilities in your environment. Frequently there are questions around when and where you would deploy each, if you need both, what they actually monitor, etc. This...

6.7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.3 views

SUSE CVE-2020-26974

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR...

7.5CVSS8.8AI score0.01455EPSS
Exploits0References14
NCSC
NCSC
added 2023/02/14 12:0 a.m.65 views

Vulnerabilities fixed in SAP products

SAP has released updates for several products, including SAP BASIS, Netweaver, HAMA, Business Planning & Consolidation, SAP CRM and SAP Solution Manager. A malicious party could potentially exploit and cause damage in the following categories: Cross-Site Scripting XSS Bypassing authentication...

9.1CVSS6.8AI score0.00855EPSS
Exploits0
Rows per page
Query Builder