47725 matches found
CVE-2026-25530 Kanboard is missing authorization check in getSwimlane API allows cross-project data access
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...
CVE-2026-25530 Kanboard is missing authorization check in getSwimlane API allows cross-project data access
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...
Exploit for Improper Access Control in Oracle Http_Server
CVE-2026-21962 Concurrent WebLogic Scanner/Exploiter High-per...
Navigating MiCA: A Practical Compliance Guide for European CASPs
MiCA creates a single EU crypto rulebook, replacing national regimes with unified licensing, capital, and compliance rules for all CASPs...
CVE-2026-22613
The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the...
Yokogawa FAST/TOOLS
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to redirected users to malicious sites, decrypt communications, perform a man-in-the-middle MITM attack, execute malicious scripts, steal files, and perform other various attacks. 2. RECOMMENDED PRACTICES...
ZLAN Information Technology Co. ZLAN5143D
RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker bypassing authentication, or resetting the device password. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...
CVE-2026-24322
SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability...
CVE-2026-23681
Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan...
CVE-2026-24322
CVE-2026-24322 affects the SAP Solution Tools Plug-In (ST-PI). A function module does not perform required authorization checks for authenticated users, enabling disclosure of sensitive information. Impact is confined to confidentiality (high) per the provided metrics (CVSS 3.1: base 7.7, HIGH). ...
CVE-2026-24322 Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)
SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability...
CVE-2026-23681
CVE-2026-23681 affects SAP Support Tools Plug-In where a missing authorization check in a function module allows an authenticated attacker to invoke certain function modules and retrieve system and configuration information. The vulnerability risks only low confidentiality impact for the applicat...
CVE-2026-23681 Missing Authorization check in a function module in SAP Support Tools Plug-In
Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan...
SAP Solution Tools Plug-In 安全漏洞
SAP Solution Tools Plug-In is a basic component plugin developed by the German company SAP. The SAP Solution Tools Plug-In contains a security vulnerability; this vulnerability stems from the lack of necessary authorization checks, which may lead to the disclosure of sensitive information...
KLA90880 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in CSS can be exploited to cause denial of service or execute...
PT-2026-7236
Name of the Vulnerable Software and Affected Versions Agentflow versions affected versions not specified Description Agentflow, developed by Flowring, exhibits an authentication bypass condition. Unauthenticated remote attackers can exploit a specific functionality to obtain arbitrary user...
PT-2026-7221
Name of the Vulnerable Software and Affected Versions SAP Solution Tools Plug-In affected versions not specified Description The SAP Solution Tools Plug-In ST-PI includes a function module lacking proper authorization checks for authenticated users, potentially leading to the disclosure of...
VulnCheck KEV: CVE-2026-21962
Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Proxy Plug-in for IIS. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0...
libssh 代码问题漏洞
libssh is a C-language development package from the libssh organization that allows access to SSH services. It can execute remote commands, perform file transfers, and provide a secure transmission channel for remote programs. libssh has code vulnerabilities, which stem from insecure default...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 145 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 145.0.7632.45 Linux 145.0.7632.45/46 Windows/Mac contains a number of fixes and improvements -- a list of changes is availab...