78 matches found
EUVD-2025-27228
Malicious code in bioql PyPI...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
CVE-2025-42912
SAP HCM My Timesheet Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected...
CVE-2025-59018
Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access...
CVE-2025-45968
An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...
SAP NetWeaver 安全漏洞
SAP NetWeaver is a set of integrated service-oriented application platforms from SAP, Germany. The platform primarily provides a development and runtime environment for SAP applications. A security vulnerability exists in SAP NetWeaver, which stems from a lack of authorization checks and allows...
CVE-2023-1874
The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiplerolesupdate function. This makes it possible for authenticated attackers, with minimal permissions such as a...
CVE-2020-6188
VAT Pro-Rata reports in SAP ERP SAPAPPL versions 600, 602, 603, 604, 605, 606, 616 and SAPFIN versions 617, 618, 700, 720, 730 and SAP S/4 HANA versions 100, 101, 102, 103, 104 do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check...
SAP ERP HCM和SAP S/4HANA 安全漏洞
SAP ERP HCM and SAP S/4HANA are both products of SAP, an enterprise human resource management solution, and SAP S/4HANA, an enterprise resource management software based on the SAP HANA in-memory database system. SAP ERP HCM and SAP S/4HANA have an authorization issue vulnerability that stems fro...
SAP Just In Time 安全漏洞
SAP Just In Time SAP JIT is an application from SAP, Germany, designed to enable efficient demand-driven production and logistics throughout the supply chain. A security vulnerability exists in SAP Just In Time that stems from a failure to perform required authorization checks, which could result...
SAP Business Warehouse 安全漏洞
SAP Business Warehouse is a key component for executing business processes from SAP, Germany, that allows users to design, implement, and manage business processes, ensure process compliance, and reduce the need for manual operations through automation. A security vulnerability exists in SAP...
PT-2025-1182 · Sap · Sap Netweaver Application Server Abap
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP affected versions not specified Description: The issue is related to an obsolete functionality in SAP NetWeaver Application Server ABAP that did not perform necessary authorization checks. This allows an...
PT-2025-42566
Name of the Vulnerable Software and Affected Versions mediawiki affected versions not specified Description The software contains a flaw related to missing authorization checks for the extracts endpoint. This could potentially allow unauthorized access to data. Recommendations At the moment, ther...
Rapid7 Insight Platform 安全漏洞
Rapid7 Insight Platform is a platform for managing profiles, users, products, API keys and settings from Rapid7 USA. Rapid7 Insight Platform has a security vulnerability that stems from a lack of authorization checks. An attacker can exploit the vulnerability to elevate privileges...
CVE-2024-33005
Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server ABAP and Java, and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on confidentiality and a...
PT-2024-37877 · National Instruments · Ni Veristand
Name of the Vulnerable Software and Affected Versions: NI VeriStand versions 2024 Q2 and prior Description: The issue is related to missing authorization checks in the NI VeriStand Gateway when accessing Project resources, potentially leading to remote code execution. Recommendations: For NI...
SAP S/4HANA Security Vulnerabilities
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A security vulnerability exists in SAP S/4HANA that stems from a failure to perform the required authorization checks for authenticated users, resulting in an escalation of...
SAP S/4 HANA 安全漏洞
SAP S/4 HANA is an intelligent, integrated ERP software for large enterprises from SAP, a German company. A security vulnerability exists in SAP S/4 HANA that stems from not performing the required authorization checks on authenticated users, which can lead to privilege escalation...
PT-2024-24817 · Sap · Sap Enable Now Manager
Name of the Vulnerable Software and Affected Versions: SAP Enable Now Manager affected versions not specified Description: The issue is related to the lack of necessary authorization checks for authenticated users, leading to escalation of privileges. An attacker with the 'Learner' role could...
SAP LT Replication Server 授权问题漏洞
SAP LT Replication Server is a solution from SAP Germany. An authorization issue vulnerability exists in SAP LT Replication Server that stems from not performing required authorization checks. An attacker with elevated privileges could exploit the vulnerability to perform malicious actions,...