CVE-2025-42882 Missing Authorization check in SAP NetWeaver Application Server for ABAP

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system...

CVE-2025-42882

SAP NetWeaver Application Server for ABAP is affected by a missing authorization check that allows an authenticated, low-privilege attacker to run a specific ABAP function module and exfiltrate restricted environment details. Impact is described as low confidentiality with no impact to integrity ...

CVE-2025-42882 Missing Authorization check in SAP NetWeaver Application Server for ABAP

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system...

CVE-2025-42939

SAP S/4HANA Manage Processing Rules - For Bank Statements allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing authorization check, the attacker can delete shared rule conditions that should...

CVE-2025-42939

SAP S/4HANA: The Manage Processing Rules – For Bank Statements component is affected by CVE-2025-42939. An authenticated attacker with basic privileges can tamper request parameters to delete conditions from any shared rule, due to a missing authorization check, compromising integrity without imp...

PT-2025-41844

Name of the Vulnerable Software and Affected Versions SAP S/4HANA affected versions not specified Description An authenticated attacker with basic privileges can delete conditions from any shared rule of any user by manipulating the request parameter. This is due to a missing authorization check,...

EUVD-2019-10999

Malware in sbrugna...

EUVD-2021-8761

Malicious code in bioql PyPI...

CVE-2024-44121

Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. The vulnerability could expose internal user data that should remain confidential. It does not impact the integrity and availability of th...

SAP S/4 HANA 安全漏洞

SAP S/4 HANA is an intelligent, integrated ERP software for large enterprises from SAP, Germany. A security vulnerability exists in SAP S/4 HANA that stems from the fact that, under certain circumstances, legal reports in SAP S/4 HANA allow an attacker with basic privileges to access information...

CVE-2024-6435

A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. Fo...

PT-2024-37624 · Rockwell Automation · Pavilion8

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A privilege escalation issue exists in the affected products, allowing a malicious user with basic privileges to access functions that should only be...

CVE-2022-31616

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure...

CVE-2021-21488

Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability...

ovirt-engine: Missing permissions check in web ui allows a user with basic privileges to delete disks

It was discovered that in the ovirt REST API, RemoveDiskCommand is triggered as an internal command, meaning the permission validation that should be performed against the calling user is skipped. A user with low privileges e.g. Basic Operations could exploit this flaw to delete disks attached to...