7 matches found
CVE-2026-44751 Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform
Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...
GHSA-74M3-9QVM-RP9H zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write
Summary The zrok WebDAV drive backend davServer.Dir restricts path traversal through lexical normalization but does not prevent symlink following. When a symbolic link inside the shared DriveRoot points to a location outside that root, remote WebDAV consumers can read files and—on shares without...
CVE-2025-27702
CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexi...
CVE-2025-27702 Permissions bypass in the management console of Absolute Secure Access prior to version 13.54
CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexi...
PT-2024-27488 · Unknown · Absolute Secure Access
Name of the Vulnerable Software and Affected Versions: Absolute Secure Access versions prior to 13.06 Description: There is a cross-site scripting issue in the Secure Access administrative UI. Attackers can pass a limited-length script to the administrative UI, which is then stored where an...
CVE-2023-22815 Post-authentication remote command injection vulnerability on Western Digital My Cloud OS 5 devices
Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have...
CVE-2022-21497
Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware component: Web Services Security. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...