EUVD-2024-19353

Malicious code in bioql PyPI...

EUVD-2021-29052

Malicious code in bioql PyPI...

EUVD-2024-1506

Malicious code in bioql PyPI...

CVE-2024-21738

SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation...

CVE-2022-28216

SAP BusinessObjects Business Intelligence Platform BI Workspace - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation, an attacker can access certain reports causing ...

CVE-2021-33668

Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application...

CVE-2025-30018

The Live Auction Cockpit in SAP Supplier Relationship Management SRM allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the...

CVE-2025-25242

SAP NetWeaver Application Server ABAP allows malicious scripts to be executed in the application, potentially leading to a Cross-Site Scripting XSS vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity...

Open Redirection

@sap/approuter is vulnerable to Open Redirection. The vulnerability is due to improper session handling due to an attacker injecting a malicious payload when trading an authorization code, allowing session hijacking and impacting the application's confidentiality and integrity...

CVE-2024-42376 Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework

SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application...

CVE-2024-37178 Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation

SAP Financial Consolidation does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. These endpoints are exposed over the network. The vulnerability can exploit resources beyond the vulnerable component. On successful exploitation, an attacker can...

CVE-2024-21736

SAP S/4HANA Finance for Advanced Payment Management - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the attacker to create in-house bank accounts leading to low impact on the confidentiality of the application...

Improper Access Control in alanaktion/mchostpanel

✍️ Description The php file install.php creates an admin account using POST parameter user, pass, dir, ram, port without any access control enforced nor check if the admin account has been created nor check if the file .installed exists before account creation. It is possible for any network user...

CVE-2021-29457

There's a flaw in exiv2. An attacker who is able to supply a crafted file to an application linked against exiv2 could trigger an out-of-bounds write in heap memory. The highest risk of this flaw is to application confidentiality, integrity, and availability...

Information Disclosure

mysql server is vulnerable to information disclosure. An easily exploitable vulnerability allows a privileged user to affect the confidentiality of the application...