EUVD-2025-34118

SAP S/4HANA Manage Processing Rules - For Bank Statements allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing authorization check, the attacker can delete shared rule conditions that should...

CVE-2025-42939 Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statements)

SAP S/4HANA Manage Processing Rules - For Bank Statements allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing authorization check, the attacker can delete shared rule conditions that should...

CVE-2025-42939 Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statements)

SAP S/4HANA Manage Processing Rules - For Bank Statements allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing authorization check, the attacker can delete shared rule conditions that should...

PT-2025-41844

Name of the Vulnerable Software and Affected Versions SAP S/4HANA affected versions not specified Description An authenticated attacker with basic privileges can delete conditions from any shared rule of any user by manipulating the request parameter. This is due to a missing authorization check,...

EUVD-2025-7778

Malicious code in bioql PyPI...

EUVD-2025-7780

Malicious code in bioql PyPI...

CVE-2025-9022

A vulnerability was identified in SourceCodester Online Bank Management System up to 1.0. This issue affects some unknown processing of the file /bank/statements.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely...

PT-2025-33456 · Sourcecodester · Online Bank Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Bank Management System version 1.0 Description: A vulnerability exists in the processing of the /bank/statements.php file. Manipulation of the email argument can lead to SQL injection, potentially allowing for remote...

Aussie Fintech Vroom Exposes Thousands of Records After AWS Misconfiguration

Cybersecurity researcher Jeremiah Fowler discovered a data exposure at Australian fintech Vroom by YouX, exposing 27,000 records, including driver's licenses, bank statements, and more...

CVE-2025-27436

The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a low impact on...

CVE-2025-27433

The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on confidentiality and...

CVE-2025-27433 Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)

The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on confidentiality and...

CVE-2024-45282 HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements)

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...

Black Friday Shopping: Protect Your Identity

Black Friday is one of the most lucrative shopping days of the year for retailers in brick-and-mortar shops and online, but shoppers aren't the only ones looking for deals. Malicious people may be able to obtain personal information such as credit card numbers, phone numbers, account numbers, and...

Website of Lush Cosmetics Hacked

The website of cosmetic company Lush has apparently been targeted by hackers as customers who’ve made purchases on their UK website, Lush.co.uk, are being encouraged to check their bank statements for suspicious activity, according to a post on ZDNet. It remains to be seen how exactly the site wa...