96 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-40994
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestDat...
EUVD-2026-36204
Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...
Insecure Defaults
Overview Affected versions of this package are vulnerable to Insecure Defaults due to the Wss4jSecurityInterceptor class in Wss4jSecurityInterceptor.java initializing its bspCompliant flag to false, so inbound validation always calls RequestData.setDisableBSPEnforcementtrue and disables WSS4J's...
CVE-2026-24323
The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...
CVE-2026-24327 Missing Authorization Check in SAP Strategic Enterprise Management (Balanced Scorecard in BSP Application)
Due to missing authorization check in SAP Strategic Enterprise Management Balanced Scorecard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This leads to low impact on confidentiality and no effect on integrity or...
CVE-2026-24323 Multiple vulnerabilities in BSP Applications of SAP Document Management System
The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...
CVE-2026-24323
CVE-2026-24323 affects BSP applications of SAP Document Management System. An unauthenticated user can inject malicious script via user-controlled URL parameters that are not sufficiently sanitized, causing script execution in the victim’s browser. Impact is described as low for confidentiality a...
CVE-2026-24323 Multiple vulnerabilities in BSP Applications of SAP Document Management System
The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...
CVE-2026-0505 Multiple vulnerabilities in BSP Applications of SAP Document Management System
The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the...
CVE-2026-0505
CVE-2026-0505 affects BSP applications where unauthenticated users can manipulate user-controlled URL parameters that are not sufficiently validated, resulting in unvalidated redirects to attacker-controlled websites. Root cause: insufficient validation of URL parameters. Impact per provided metr...
CVE-2026-0505 Multiple vulnerabilities in BSP Applications of SAP Document Management System
The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the...
CVE-2023-25614
SAP NetWeaver AS ABAP BSP Framework application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive...
EUVD-2020-3611
Malware in sbrugna...
EUVD-2020-3612
Malware in sbrugna...
EUVD-2020-3613
Malware in sbrugna...
EUVD-2023-42353
Malicious code in bioql PyPI...
EUVD-2023-28547
Malicious code in bioql PyPI...
EUVD-2022-30307
Malicious code in bioql PyPI...
DEBIAN-CVE-2025-39681
In the Linux kernel, the following vulnerability has been resolved: x86/cpu/hygon: Add missing resctrlcpudetect in bspinit helper Since 923f3a2b48bd "x86/resctrl: Query LLC monitoring properties once during boot" resctrlcpudetect has been moved from common CPU initialization code to the...
CVE-2025-39681
In the Linux kernel, the following vulnerability has been resolved: x86/cpu/hygon: Add missing resctrlcpudetect in bspinit helper Since 923f3a2b48bd "x86/resctrl: Query LLC monitoring properties once during boot" resctrlcpudetect has been moved from common CPU initialization code to the...