Javafaces LFI

An Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware...

SAP NetWeaver AS ABAP Authorization Bypass Vulnerability

The remote SAP NetWeaver ABAP server may be affected by an authorization bypass vulnerability. SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the...

CVE-2024-45443

Directory traversal vulnerability in the cust module Impact: Successful exploitation of this vulnerability will affect availability and confidentiality...

CVE-2024-42033

Access control vulnerability in the security verification module mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality...

CVE-2023-5801

Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality...

Alibaba Cloud Linux 3 : 0146: cockpit (ALINUX3-SA-2023:0146)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0146 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3660: Cockpit and its plugins do...

CVE-2025-43011 Missing Authorization Check in SAP Landscape Transformation (PCL Basis)

Under certain conditions, SAP Landscape Transformation's PCL Basis module does not perform the necessary authorization checks, allowing authenticated users to access restricted functionalities or data. This can lead to a high impact on confidentiality with no impact on the integrity or availabili...

CVE-2025-46588

Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...

CVE-2025-1726

Summary (CVE-2025-1726): Esri ArcGIS Monitor (versions 2023.0 through 2024.x on Windows and Linux) has a SQL injection vulnerability that can be exploited by a remote, authenticated attacker with low privileges to read limited database schema information. The confidentiality impact is labeled as ...

CVE-2025-24414

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

Palo Alto Networks PAN-OS 10.1.x < 10.1.14-h9 / 10.2.x < 10.2.7-h24 / 11.1.x < 11.1.6-h1 / 11.2.x < 11.2.4-h4 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.14-h9 or 10.2.x prior to 10.2.7-h24 or 11.1.x prior to 11.1.6-h1 or 11.2.x prior to 11.2.4-h4. It is, therefore, affected by a vulnerability. An authentication bypass in the in the management web interface...

Security Bulletin: IBM Instana Observability is vulnerable to Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip

Summary A vulnerability that could cause unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip was remediated in IBM Observability with Instana Build 289 CVE-2024-24790. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6...

CVE-2023-52953

Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality...

CVE-2024-54099

CVE-2024-54099 concerns a file replacement vulnerability in Huawei EMUI and HarmonyOS. Multiple connected sources describe impact to integrity and confidentiality with local exploitation paths. The NVD entry lists a Local/Low-Complexity attack with Low privileges required (varies by source), and ...

CVE-2024-39592

CVE-2024-39592 concerns SAP PDCE missing authorization checks for authenticated users, enabling privilege escalation and read-access to sensitive data. Affected component: PDCE; root cause: lack of necessary authorization controls. Impact: high confidentiality risk (per CVSS and multiple sources)...

CVE-2023-45229 Out-of-Bounds Read in EDK II Network Package

EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IANA or IATA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...

CVE-2023-21927

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Interoperability SEC. Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards...

Design/Logic Flaw

A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of...

CVE-2022-45139 WAGO: Origin validation error through CORS misconfiguration

A CORS Misconfiguration in the web-based management allows a malicious third party webserver to misuse all basic information pages on the webserver. In combination with CVE-2022-45138 this could lead to disclosure of device information like CPU diagnostics. As there is just a limited amount of...

K15313: Java SE vulnerabilities CVE-2014-0456, CVE-2014-0457, and CVE-2014-2421

Security Advisory Description CVE-2014-0456 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. CVE-2014-0457 Unspecified vulnerability in...