Lucene search
K

109 matches found

CNNVD
CNNVD
added 2025/09/22 12:0 a.m.3 views

WordPress plugin Trustpilot Reviews 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.2AI score0.00244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/25 12:0 a.m.3 views

CVE-2025-45968

An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference IDOR vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by thi...

6.7AI score0.00584EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/14 2:24 a.m.25 views

CVE-2025-42936

The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impac...

5.4CVSS7AI score0.0017EPSS
Exploits0References1
NVD
NVD
added 2025/08/12 3:15 a.m.3 views

CVE-2025-42936

The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impac...

5.4CVSS0.0017EPSS
Exploits0References2
CVE
CVE
added 2025/08/12 2:5 a.m.22 views

CVE-2025-42936

CVE-2025-42936 affects SAP NetWeaver Application Server for ABAP. The root cause is missing support for distinguishing authorizations across roles, allowing authenticated users to access restricted objects in the barcode interface and causing privilege escalation. Impact is described as low for c...

5.4CVSS7AI score0.0017EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.4 views

PT-2025-32602 · Sap · Sap Netweaver Application Server Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server for ABAP affected versions not specified Description: The application server does not allow administrators to assign distinguished authorizations for different user roles. This allows authenticated users to...

5.4CVSS6.8AI score0.0017EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/06/15 12:0 a.m.11 views

Ping Identity PingFederate 安全漏洞

Ping Identity PingFederate is a flagship software-based federation server from US-based Ping Identity, Inc. for identity management. Ping Identity PingFederate suffers from a security vulnerability that stems from duplicate OAuth2 authorizations in the PostgreSQL persistence store, which could le...

2.1CVSS6.6AI score0.00288EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:3 a.m.6 views

CVE-2023-33989

An attacker with non-administrative authorizations in SAP NetWeaver BI CONT ADD ON - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system...

8.7CVSS6.6AI score0.00807EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/29 4:35 a.m.20 views

CVE-2025-46329 Snowflake Connector for C/C++ inserts client-side encryption key in DEBUG logs

libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage durin...

3.3CVSS0.00097EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/08/02 12:0 a.m.7 views

FOGProject 安全漏洞

FOGProject is a free open source network computer cloning and management solution from FOGProject Open Source. It can be used to deploy and manage any desktop operating system. A security vulnerability exists in FOGProject 1.5.10.41.4 and prior versions, which stems from the ability to disclose...

5.3CVSS6.5AI score0.00568EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2024/03/07 11:11 a.m.26 views

Human vs. Non-Human Identity in SaaS

In today's rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of activity dormant, active, hyperactive, thei...

6.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/01/17 8:29 p.m.28 views

Broken Access Control order API in Shopware

Impact In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for orders are still able to change the order stat...

6.5CVSS6.8AI score0.004EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2024/01/17 8:29 p.m.24 views

GHSA-3867-JC5C-66QF Broken Access Control order API in Shopware

Impact In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for orders are still able to change the order stat...

4.9CVSS5.6AI score0.004EPSS
Exploits0References5
Veracode
Veracode
added 2024/01/17 8:16 a.m.17 views

Broken Access Control

shopware/core and shopware/platform are vulnerable to Broken Access Control. The vulnerability is due to a insufficiency in verifying user authorizations for actions that modify the payment, delivery, and/or order status resulting in users lacking write permissions for orders being able to change...

6.5CVSS6.8AI score0.004EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2024/01/16 10:29 p.m.39 views

CVE-2024-22407 Broken Access Control order API in Shopware

Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for order...

4.9CVSS6.6AI score0.004EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/10/20 12:0 a.m.4 views

WordPress Plugin BEAR Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS6.8AI score0.00479EPSS
Exploits0References4
Veracode
Veracode
added 2023/07/22 9:16 p.m.21 views

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. A business logic error in Project Import under certain conditions may show an unauthorized user in the Access Granted column in the project membership pages, which allows an authenticated attacker to bypass authorizations...

2.7CVSS6.7AI score0.00609EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/07/11 3:15 a.m.21 views

CVE-2023-33992

The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAPBW 730, SAPBW 731, SAPBW 740, SAPBW 730, SAPBW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs...

6.5CVSS5.1AI score0.00378EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/07/11 2:34 a.m.27 views

CVE-2023-33992 Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA

The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAPBW 730, SAPBW 731, SAPBW 740, SAPBW 730, SAPBW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs...

4.5CVSS6.6AI score0.00378EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/11 2:28 a.m.11 views

CVE-2023-33989 Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON)

An attacker with non-administrative authorizations in SAP NetWeaver BI CONT ADD ON - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system...

8.7CVSS6.7AI score0.00807EPSS
Exploits0References2
Rows per page
Query Builder