CVE-2025-42891 Missing Authorization check in SAP Enterprise Search for ABAP

Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on...

BIT-TYPO3-2022-31046

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details...

CVE-2021-21468

The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table...

UBUNTU-CVE-2020-27662

In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference IDOR vulnerability that allows an attacker to read data from any database table e.g., glpitickets, glpiusers, etc...