EUVD-2025-20336

Malicious code in bioql PyPI...

EUVD-2025-20348

Malicious code in bioql PyPI...

CVE-2025-10489

CVE-2025-10489 SureForms (WordPress) — Vulnerable to unauthorized form creation due to a missing capability check in register_post_types() for all versions up to 1.12.0. Authenticated attackers with Contributor-level access and above can create forms even when the UI blocks it. Impact per availab...

CVE-2025-10040

The CVE-2025-10040 entry concerns the WordPress plugin WP Import – Ultimate CSV XML Importer. Affected: plugin versions up to 7.27. Issue: missing capability check on the get_ftp_details AJAX action, enabling authenticated users with Subscriber-level access and above to disclose configured SFTP/F...

Improper Access Control

apachesuperset is vulnerable to Improper Access Control. The vulnerability is due to a missing authorization check in the /explore endpoint, which allows an attacker to enumerate datasourceid values and disclose sensitive metadata about protected datasources...

Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution

A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft. The exploit in question chains together CVE-2025-31324 and CVE-2025-42999 to bypass authentication and achieve remote code...

CVE-2025-42949 Missing Authorization check in ABAP Platform

Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console. This could enable an attacker to access and read the contents of database tables without proper...

CVE-2025-42936 Missing Authorization check in SAP NetWeaver Application Server for ABAP

The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impac...

CVE-2025-42987

SAP Manage Processing Rules For Bank Statement allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the attacker can edit rules that should be restricted, compromising the integrity of the application...

CVE-2025-42993 Missing Authorization Check in SAP S/4HANA (Enterprise Event Enablement)

Due to a missing authorization check vulnerability in SAP S/4HANA Enterprise Event Enablement, an attacker with access to the Inbound Binding Configuration could create an RFC destination and assign an arbitrary high-privilege user. This allows the attacker to consume events via the RFC...

CVE-2024-2231

The allows any authenticated user to join a private group due to a missing authorization check on a function...

CVE-2023-3998

The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post...

CVE-2021-27598

SAP NetWeaver AS JAVA Customer Usage Provisioning Servlet, versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet...

CVE-2020-8772

The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwpmmbsetrequest in init.php. Any attacker who knows the username of an administrator can log in...

CVE-2020-6316

SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check...

CVE-2020-6256

SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check...

CVE-2020-6306

Missing authorization check in a transaction within SAP Leasing update provided in SAPAPPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17...

CVE-2020-6273

SAP S/4 HANA Fiori UI for General Ledger Accounting, versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check...

CVE-2020-6258

SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check...

CVE-2020-6259

Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check...