35 matches found
Symfony Conflicting Headers Information Disclosure
The remote web application is using Symfony, a PHP framework. It is affected by an information disclosure vulnerability arising from conflicting proxy headers. When both 'Forwarded' and 'X-Forwarded-' headers are present in a request, a misconfiguration in Symfony's trusted proxy settings can...
SAP NetWeaver AS ABAP Missing Authorization Check (3643337)
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system...
CVE-2025-42882
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system...
EUVD-2025-60996
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system...
CVE-2025-42882
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system...
CVE-2025-42882
SAP NetWeaver Application Server for ABAP is affected by a missing authorization check that allows an authenticated, low-privilege attacker to run a specific ABAP function module and exfiltrate restricted environment details. Impact is described as low confidentiality with no impact to integrity ...
CVE-2025-42882 Missing Authorization check in SAP NetWeaver Application Server for ABAP
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system...
PT-2025-46223
Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP affected versions not specified Description An authenticated attacker with basic privileges could execute a function module in ABAP to retrieve restricted technical information from the system due to a...
EUVD-2023-54734
Malicious code in bioql PyPI...
PT-2025-9117 · Unknown · Dario Health
Name of the Vulnerable Software and Affected Versions: Dario Health affected versions not specified Description: The issue concerns the exposure of development environment details in the Dario Health Internet-based server infrastructure, potentially leading to unsafe functionality. Recommendation...
IBM Cognos Controller 安全漏洞
IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. An information disclosure vulnerability exists in IBM...
ZZCMS 跨站脚本漏洞
ZZCMS is a content management system CMS by the ZZCMS team in China. A cross-site scripting vulnerability exists in ZZCMS v.2023 and prior versions, which stems from a phpinfo function that discloses detailed information about the PHP environment, including server configuration, loaded modules, a...
Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes
Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the...
BIT-GITLAB-2023-4895 Missing Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of...
CVE-2023-4895
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of...
Information disclosure
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of...
UBUNTU-CVE-2023-4895
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of...
CVE-2023-4895
Affected product: GitLab Enterprise Edition (GitLab EE). Vulnerable components: environment details exposure via bypassing group IP restriction, across versions 12.0–16.7.6, 16.8 before 16.8.3, and 16.9 before 16.9.1. Root cause: bypass of group IP restriction settings enabling unauthorized acces...
CVE-2023-4895
Removed by vendor...
CVE-2023-4895 Missing Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of...