Lucene search
K

134 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:55 a.m.10 views

CVE-2024-42373

SAP Student Life Cycle Management SLcM fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing...

5.4CVSS7.1AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:14 a.m.6 views

CVE-2024-53683

A valid set of credentials in a .js file and a static token for communication were obtained from the decompiled IPA. An attacker could use the information to disrupt normal use of the application by changing the translation files and thus weaken the integrity of normal use...

5.6CVSS6.6AI score0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:39 a.m.9 views

CVE-2024-41731

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application...

4.3CVSS6.9AI score0.00373EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:37 a.m.6 views

CVE-2024-42375

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application...

4.3CVSS6.9AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:37 a.m.9 views

CVE-2024-28166

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application...

4.3CVSS6.9AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:56 a.m.18 views

CVE-2023-42477

SAP NetWeaver AS Java GRMG Heartbeat application - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application...

6.5CVSS6.8AI score0.00414EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:25 a.m.9 views

CVE-2023-27897

In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform...

6.3CVSS7.2AI score0.00651EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:47 p.m.10 views

CVE-2022-30269

Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images as PLX/DAT/APP/CRC files are uploaded via the...

8.8CVSS7.4AI score0.00392EPSS
Exploits0References1
OSV
OSV
added 2025/05/14 9:41 p.m.7 views

GHSA-9CWV-PXCR-HFJC LF Edge eKuiper Vulnerable to Stored XSS in Configuration Key Functionality

Summary Stored Cross-Site Scripting XSS vulnerability allows attackers to inject malicious scripts into web applications, which can then be executed in the context of other users' browsers. This can lead to unauthorized access to sensitive information, session hijacking, and spreading of malware,...

6.3CVSS5.2AI score0.00242EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.7 views

Zoom Workplace 注入漏洞

Zoom Workplace is a desktop application from Zoom USA. Zoom Workplace suffers from an injection vulnerability that stems from improper neutralization of a special element, which could affect application integrity...

6.1CVSS7AI score0.00251EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/13 12:19 a.m.10 views

CVE-2025-43006 Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog)

SAP Supplier Relationship Management Master Data Management Catalogue allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting XSS vulnerability. This has no impact on the availability of the application, but it can have som...

6.1CVSS6.1AI score0.00263EPSS
Exploits0References2
CVE
CVE
added 2025/05/13 12:19 a.m.51 views

CVE-2025-43006

CVE-2025-43006 concerns SAP’s Supplier Relationship Management (Master Data Management Catalogue), where an unauthenticated attacker can inject and execute malicious scripts, resulting in Cross-Site Scripting (XSS). The impact is described as no availability impact with minor effects on confident...

6.1CVSS6.1AI score0.00263EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.5 views

SAP Field Logistics Manage Logistics 安全漏洞

SAP Field Logistics Manage Logistics is a solution module from SAP that is used to coordinate "field material supply". A security vulnerability exists in SAP Field Logistics Manage Logistics that originates from data tampering and could result in a low impact on application integrity...

4.3CVSS6.4AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.11 views

PT-2025-17588 · Sap · Sap Field Logistics Manage Logistics

Name of the Vulnerable Software and Affected Versions: SAP Field Logistics Manage Logistics affected versions not specified Description: The SAP Field Logistics Manage Logistics application's OData meta-data property is susceptible to data tampering. This allows an attacker to externally modify...

4.3CVSS6AI score0.00238EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/04/10 8:26 a.m.23 views

CVE-2025-30013

SAP ERP BW Business Content is vulnerable to OS Command Injection through certain function modules. These function modules, when executed with elevated privileges, improperly handle user input, allowing attacker to inject arbitrary OS commands. This vulnerability allows the execution of unintende...

6.7CVSS7.6AI score0.00776EPSS
Exploits0References1
NVD
NVD
added 2025/04/08 8:15 a.m.7 views

CVE-2025-31333

SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted...

4.3CVSS0.00268EPSS
Exploits0References2
CVE
CVE
added 2025/04/08 7:15 a.m.61 views

CVE-2025-31333

The CVE-2025-31333 issue affects SAP S4CORE : an OData meta-data property vulnerability that could allow data tampering to externally modify an entity set, with low integrity impact and no impact to confidentiality or availability. Advisories note SAP has released patches to fix this and other SA...

4.3CVSS7AI score0.00268EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/08 12:0 a.m.15 views

Security Updates for Microsoft OneNote Products (April 2025)

The Microsoft OneNote Products are missing a security update. They are, therefore, affected by a security feature bypass vulnerability. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application. Note that...

7.8CVSS7.9AI score0.00783EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/22 1:22 p.m.10 views

CVE-2024-7035

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

6.9CVSS7.1AI score0.00234EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 12:32 p.m.6 views

GHSA-P5VX-9HJ8-CF4H Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF)

In version v0.3.8 of open-webui/open-webui, sensitive actions such as deleting and resetting are performed using the GET method. This vulnerability allows an attacker to perform Cross-Site Request Forgery CSRF attacks, where an unaware user can unintentionally perform sensitive actions by simply...

6.9CVSS7AI score0.00234EPSS
Exploits1References3
Rows per page
Query Builder