EUVD-2025-209952

The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root...

CVE-2025-27702

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexi...

PT-2025-23166 · Aptiov · Aptiov

Name of the Vulnerable Software and Affected Versions: APTIOV affected versions not specified Description: The issue is related to an Improper Input Validation in the BIOS, which can be exploited locally by an attacker. This could potentially impact the integrity of the system. Recommendations: A...

CVE-2025-27703

CVE-2025-27703 affects Absolute Secure Access prior to version 13.54, with a privilege-escalation in the management console. Attackers with administrative access to a subset of privileged features can elevate permissions to access additional console features. Reported impacts: confidentiality low...

CVE-2024-37350

There is a cross-site scripting vulnerability in the policy management UI of Absolute Secure Access prior to version 13.06. Attackers can interfere with a system administrator’s use of the policy management UI when the attacker convinces the victim administrator to follow a crafted link to the...

CVE-2024-37347

There is a cross-site scripting vulnerability in the pool configuration component of the management UI of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can pass a limited length script to be run by another administrator. The scope is unchanged, there is no...

CVE-2022-41264

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacke...

Absolute Secure Access Security Vulnerability

Absolute Secure Access is an application from Absolute, Inc. to provide Secure Service Edge SSE optimized for hybrid and mobile working models. A security vulnerability exists in versions prior to Absolute Secure Access 13.06. An attacker exploited the vulnerability resulting in a significant...

CVE-2023-45618

There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI Aruba's access point management protocol. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files on the underlying operating system, which could lead to the...

CVE-2021-46741

The basic framework and setting module have defects, which were introduced during the design. Successful exploitation of this vulnerability may affect system integrity...