Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2026/06/09 12:21 a.m.8 views

CVE-2026-44751 Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...

7.1CVSS5.6AI score0.00207EPSS
Exploits0References2
OSV
OSV
added 2026/04/25 11:34 p.m.7 views

GHSA-74M3-9QVM-RP9H zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write

Summary The zrok WebDAV drive backend davServer.Dir restricts path traversal through lexical normalization but does not prevent symlink following. When a symbolic link inside the shared DriveRoot points to a location outside that root, remote WebDAV consumers can read files and—on shares without...

8.7CVSS5.9AI score0.0033EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/30 8:53 p.m.12 views

CVE-2025-27702

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexi...

6.9CVSS7AI score0.00258EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/28 8:42 p.m.14 views

CVE-2025-27702 Permissions bypass in the management console of Absolute Secure Access prior to version 13.54

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexi...

6.9CVSS6.7AI score0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/20 12:0 a.m.5 views

PT-2024-27488 · Unknown · Absolute Secure Access

Name of the Vulnerable Software and Affected Versions: Absolute Secure Access versions prior to 13.06 Description: There is a cross-site scripting issue in the Secure Access administrative UI. Attackers can pass a limited-length script to the administrative UI, which is then stored where an...

5.4CVSS6.3AI score0.00219EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/06/30 9:7 p.m.27 views

CVE-2023-22815 Post-authentication remote command injection vulnerability on Western Digital My Cloud OS 5 devices

Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have...

6.2CVSS8AI score0.01315EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/19 9:15 p.m.6 views

CVE-2022-21497

Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware component: Web Services Security. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

8.1CVSS6.9AI score0.01577EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder