CVE-2026-41032

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...

EUVD-2026-34070

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...

CVE-2026-41032 Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...

PT-2026-45912

It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information...

EUVD-2026-29829

PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...

Subnet Solutions PowerSYSTEM Center 安全漏洞

Subnet Solutions PowerSYSTEM Center is a power solution offered by Subnet Solutions Corporation. There is a security vulnerability present in Subnet Solutions PowerSYSTEM Center, which stems from the fact that device endpoints allow low-privilege authenticated users to access information that is...

CVE-2026-27683

SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user�s browser, potentially exposing restricted information. This results in a low impact...

EUVD-2026-22156

SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user�s browser, potentially exposing restricted information. This results in a low impact...

PT-2026-29219

Name of the Vulnerable Software and Affected Versions 1millionbot Millie chatbot affected versions not specified Description A prompt injection issue exists in the 1millionbot Millie chatbot. This occurs when a user bypasses chat restrictions using Boolean prompt injection techniques, constructin...

CVE-2026-24314

Under certain conditions SAP S/4HANA Manage Payment Media allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted...

CVE-2025-12757

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to...

CVE-2025-12757

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to...

CVE-2025-12757

The CVE-2025-12757 entry concerns Axis Camera Station Pro where a feature allows a non-admin user to view information they are not permitted to access. Metrics show CVSS 3.1 base score 4.6 (Medium), with an Adjacent attack vector, Low privileges required, No user interaction, and Confidentiality/...

CVE-2025-12757

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to...

PT-2026-7230

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to...

CVE-2021-27599

SAP NetWeaver ABAP Server and ABAP Platform Process Integration - Integration Builder Framework, versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted...

EUVD-2025-60996

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system...

CVE-2025-42882 Missing Authorization check in SAP NetWeaver Application Server for ABAP

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system...

CVE-2024-12125

A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information...

CVE-2024-12125

The CVE-2024-12125 affects the 3scale Developer Portal. The flaw allows account creation or updates where fields configured as read-only or hidden can be modified, exposing restricted information. Root cause: server-side validation does not enforce read-only/hidden constraints on account operatio...