CVE-2026-4399 Multiple vulnerabilities in 1millionbot Millie chatbot

Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques formulating a question in such a way that, upon receiving an affirmative response 'true', the model executes the injected instruction,...

CVE-2026-24327 Missing Authorization Check in SAP Strategic Enterprise Management (Balanced Scorecard in BSP Application)

Due to missing authorization check in SAP Strategic Enterprise Management Balanced Scorecard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This leads to low impact on confidentiality and no effect on integrity or...

DEBIAN-CVE-2025-48383

Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...

OESA-2024-2164 three-eight-nine-ds-base security update

389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration. Security Fixes: An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed...

CVE-2022-25342

An issue was discovered on Olivetti d-COLOR MF3555 2XDS000.002.271 devices. The Web Application is affected by Broken Access Control. It does not properly validate requests for access to data and functionality under the /mngset/authset path. By not verifying permissions for access to resources, i...

CVE-2020-6311

Banking services from SAP 9.0 Bank Analyzer, version - 500, and SAP S/4HANA for financial products subledger, version � 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create...

PT-2020-19085 · Sap · Sap 9.0 +1

Name of the Vulnerable Software and Affected Versions: SAP 9.0 Bank Analyzer version 500 SAP S/4HANA for financial products subledger version 100 Description: The issue arises from improper authorization checks for authenticated users, potentially leading to privilege escalation and exposure of...

CVE-2018-2500

Under certain conditions SAP Mobile Secure Android client before version 6.60.19942.0 SP28 1711 allows an attacker to access information which would otherwise be restricted...

CVE-2017-8441

Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias...