134 matches found
CVE-2024-42373
SAP Student Life Cycle Management SLcM fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing...
CVE-2024-53683
A valid set of credentials in a .js file and a static token for communication were obtained from the decompiled IPA. An attacker could use the information to disrupt normal use of the application by changing the translation files and thus weaken the integrity of normal use...
CVE-2024-41731
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application...
CVE-2024-42375
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application...
CVE-2024-28166
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application...
CVE-2023-42477
SAP NetWeaver AS Java GRMG Heartbeat application - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application...
CVE-2023-27897
In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform...
CVE-2022-30269
Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images as PLX/DAT/APP/CRC files are uploaded via the...
GHSA-9CWV-PXCR-HFJC LF Edge eKuiper Vulnerable to Stored XSS in Configuration Key Functionality
Summary Stored Cross-Site Scripting XSS vulnerability allows attackers to inject malicious scripts into web applications, which can then be executed in the context of other users' browsers. This can lead to unauthorized access to sensitive information, session hijacking, and spreading of malware,...
Zoom Workplace 注入漏洞
Zoom Workplace is a desktop application from Zoom USA. Zoom Workplace suffers from an injection vulnerability that stems from improper neutralization of a special element, which could affect application integrity...
CVE-2025-43006 Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog)
SAP Supplier Relationship Management Master Data Management Catalogue allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting XSS vulnerability. This has no impact on the availability of the application, but it can have som...
CVE-2025-43006
CVE-2025-43006 concerns SAP’s Supplier Relationship Management (Master Data Management Catalogue), where an unauthenticated attacker can inject and execute malicious scripts, resulting in Cross-Site Scripting (XSS). The impact is described as no availability impact with minor effects on confident...
SAP Field Logistics Manage Logistics 安全漏洞
SAP Field Logistics Manage Logistics is a solution module from SAP that is used to coordinate "field material supply". A security vulnerability exists in SAP Field Logistics Manage Logistics that originates from data tampering and could result in a low impact on application integrity...
PT-2025-17588 · Sap · Sap Field Logistics Manage Logistics
Name of the Vulnerable Software and Affected Versions: SAP Field Logistics Manage Logistics affected versions not specified Description: The SAP Field Logistics Manage Logistics application's OData meta-data property is susceptible to data tampering. This allows an attacker to externally modify...
CVE-2025-30013
SAP ERP BW Business Content is vulnerable to OS Command Injection through certain function modules. These function modules, when executed with elevated privileges, improperly handle user input, allowing attacker to inject arbitrary OS commands. This vulnerability allows the execution of unintende...
CVE-2025-31333
SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted...
CVE-2025-31333
The CVE-2025-31333 issue affects SAP S4CORE : an OData meta-data property vulnerability that could allow data tampering to externally modify an entity set, with low integrity impact and no impact to confidentiality or availability. Advisories note SAP has released patches to fix this and other SA...
Security Updates for Microsoft OneNote Products (April 2025)
The Microsoft OneNote Products are missing a security update. They are, therefore, affected by a security feature bypass vulnerability. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application. Note that...
CVE-2024-7035
In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...
GHSA-P5VX-9HJ8-CF4H Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF)
In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...