Lucene search
K

3161 matches found

Nuclei
Nuclei
added 12 hours ago37 views

Leantime < 2.4 - Authenticated SQL Injection

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

6.5CVSS6.6AI score0.01872EPSS
Exploits0References1
NVD
NVD
added 18 hours ago4 views

CVE-2026-44761

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token...

9.1CVSS
Exploits0References2
NVD
NVD
added 18 hours ago6 views

CVE-2026-44770

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...

4.3CVSS
Exploits0References2
NVD
NVD
added 18 hours ago6 views

CVE-2026-44753

SAP HANA Database user self service tools allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts,...

3.7CVSS
Exploits0References2
NVD
NVD
added 18 hours ago4 views

CVE-2026-0487

SAProuter on Microsoft Windows allows an unauthenticated attacker to load library DLL files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impac...

8.4CVSS
Exploits0References2
Cvelist
Cvelist
added 19 hours ago8 views

CVE-2026-44771 Missing Authorization check in SAP S/4HANA (Draft operation)

SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of...

4.3CVSS
Exploits0References2
EUVD
EUVD
added 19 hours ago7 views

EUVD-2026-43595

SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of...

4.3CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 19 hours ago9 views

CVE-2026-44770 Missing Authorization check in SAP S/4 HANA (Create Single Payment)

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...

4.3CVSS
Exploits0References2
EUVD
EUVD
added 19 hours ago7 views

EUVD-2026-43594

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...

4.3CVSS6.1AI score
Exploits0References2
CVE
CVE
added 19 hours ago8 views

CVE-2026-44769

CVE-2026-44769 affects SAP S/4HANA Project Management (PPM-PRO). The connected documents describe a vulnerability where an attacker with high privileges can induce crafted database queries, resulting in exposure of the backend database. The impact is specified as low for confidentiality (C:H) wit...

5.5CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 19 hours ago5 views

EUVD-2026-43593

SAP S/4HANA application Project Management PPM-PRO allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application...

5.5CVSS6.2AI score
Exploits0References2
EUVD
EUVD
added 19 hours ago6 views

EUVD-2026-43588

SAP HANA Database user self service tools allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts,...

3.7CVSS6.1AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/06 5:32 a.m.7 views

nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch

A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS Transport Layer Security hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security...

7.7CVSS5.9AI score0.00674EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 5:48 a.m.7 views

BIT-NODE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS7.1AI score0.00674EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 1:14 a.m.12 views

CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS6.7AI score0.00674EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/26 1:14 a.m.1 views

CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS7.1AI score0.00674EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in edk2

EDK2 contains a vulnerability in the BIOS, where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” through local access. Successful exploitation of this vulnerability could lead to possible information disclosure or escalation of privileges, thereby affecting...

5.8CVSS7AI score0.00123EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 2:50 p.m.4 views

BIT-NODE-MIN-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS5.8AI score0.00208EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 2:50 p.m.5 views

BIT-NODE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS5.9AI score0.00208EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2026/06/22 4:47 p.m.13 views

K000161730: PostgreSQL vulnerability CVE-2026-2003

Security Advisory Description Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Version...

4.3CVSS5.8AI score0.00281EPSS
Exploits0Affected Software1
Rows per page
Query Builder