Node.js Test CI Security Incident

Node.js Test CI Security Incident Update 23-April-2025 Node.js Test CI Security Incident – Full Disclosure Summary On March 21, 2025, we received a security report via HackerOne link restricted at time of writing, detailing a successful compromise of several Node.js test CI hosts. According to th...

VulnCheck KEV: CVE-2021-33690

Server-Side Request Forgery SSRF vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to...

SAP NetWeaver Development Infrastructure跨站脚本漏洞

SAP NetWeaver Development Infrastructure is an SAP company that provides a consistent development environment, development teams, and support for software development throughout the product lifecycle. A cross-site scripting vulnerability exists in SAP NetWeaver Development Infrastructure, which c...

CVE-2022-29618

Due to insufficient input validation, SAP NetWeaver Development Infrastructure Design Time Repository - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or...

CVE-2022-29618

The connected records confirm a cross-site scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Design Time Repository) affecting versions 7.30, 7.31, 7.40, and 7.50. Root cause: insufficient input validation that lets an unauthenticated attacker inject script into the URL, ...

CVE-2021-33691

NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability.SAP NetWeaver Development Infrastructure Notification Service allows a threat actor to send crafted scripts to a victim. If the victim ha...

CVE-2021-33690

Server-Side Request Forgery SSRF vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the...

CVE-2021-33690

Server-Side Request Forgery SSRF vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the...

CVE-2021-33691

The CVE-2021-33691 issue affects SAP NetWeaver Development Infrastructure (NWDI) Notification Service, specifically versions 7.31, 7.40, and 7.50. The root cause is insufficient encoding of user-supplied inputs, which enables Cross-Site Scripting (XSS). A threat actor could send crafted scripts t...

CVE-2021-33690

SAP NetWeaver Development Infrastructure Component Build Service (NWDI Build Service) versions 7.11–7.50 are affected by a Server-Side Request Forgery (SSRF) vulnerability. The issue allows an attacker with server access to perform proxy requests, potentially exposing sensitive data and affecting...

SAP NetWeaver 代码问题漏洞

SAP NetWeaver Development Infrastructure is a SAP company that provides a consistent development environment, development team, and support for software development throughout the product lifecycle. A code issue vulnerability exists in SAP NetWeaver Development Infrastructure, which is due to...

CVE-2013-6820

Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure NWDI allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors...

Unrestricted file upload

Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure NWDI allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors...

CVE-2013-6820

CVE-2013-6820 describes an unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) that allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors. According to NVD, the issue yields a CVSS v2 ba...