Apache NiFi - Information Disclosure

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

Apache OpenOffice 安全漏洞

Apache OpenOffice is an open source office software suite from the American Apache Apache Foundation. A security vulnerability exists in Apache OpenOffice, which stems from improper authorization checking, and can be exploited by remote attackers to automatically load external files containing DD...

SAP NetWeaver Server ABAP Authorization Issues Vulnerability

SAP NetWeaver Server ABAP is an application server from SAP, Germany. SAP NetWeaver Server ABAP suffers from an authorization issue vulnerability that stems from a lack of authorization checking in the virus scanning interface, which could be exploited by an attacker to access sensitive data...

Unspecified Vulnerability in SAP S/4HANA (CNVD-2025-08314)

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A security vulnerability exists in SAP S/4HANA that stems from a lack of authorization checking, which could be exploited by an attacker to gain unauthorized access to...

Vercel Next.js Privilege Bypass Vulnerability

Next.js is Vercel open source a React framework. Vercel Next.js suffers from a privilege bypass vulnerability that stems from the fact that if authorization checking occurs in middleware, an attacker can use the vulnerability to bypass authorization checking...

CVE-2024-56512 Apache NiFi: Missing Complete Authorization for Parameter and Service References

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

Lunary Elevation of Privilege Vulnerability

lunary is lunary open source a production toolkit for LLM . An elevation of privilege vulnerability exists in lunary that stems from a lack of authorization checking and can be exploited by an attacker to delete any dataset...

CVE-2024-0593

The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetchquickjob function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can b...

Authorization

The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetchquickjob function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can b...

CVE-2022-40673

KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache...

CVE-2022-40673

KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache...

CVE-2022-20747 Cisco SD-WAN vManage Software Information Disclosure Vulnerability

A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization checking on the underlying operating system. An attacker cou...

CVE-2021-40884

Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application...

SAP NetWeaver Application Server for Java Access Control Error Vulnerability

SAP Netweaver is the German SAP SAP company's set of service-oriented integration of the application platform, the platform mainly for SAP applications to provide a development environment. The platform mainly for SAP applications to provide a development and runtime environment.SAP NetWeaver...

CVE-2020-4794

IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force...

CVE-2020-4794

IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force...

Authorization

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. A...

CVE-2020-3374 Cisco SD-WAN vManage Software Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The...

Cisco SD-WAN vManage Software Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The...

Cisco Firepower Management Center Remote Command Execution Vulnerability

A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance ASA 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device. The vulnerability is due...