11652 matches found
CVE-2024-45282
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...
Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability
This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the allowPassThrough method. The issue results from...
SAP S/4 HANA 安全漏洞
SAP S/4 HANA is an intelligent, integrated ERP software for large enterprises from SAP. A security vulnerability exists in SAP S/4 HANA, which stems from a field in the "read only" state that can be modified via the MERGE method...
Ivanti Avalanche validateAMCWSConnection Server-Side Request Forgery Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the validateAMCWSConnection method. The issue results fro...
CVE-2024-46446
Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover...
PT-2024-7173 · Sap · Sap S/4Hana
Name of the Vulnerable Software and Affected Versions: SAP S/4HANA affected versions not specified Description: The issue is related to the Manage Bank Statement Handler component of the SAP S/4HANA platform. It is caused by the lack of a mechanism to prevent unintended changes to resources when...
U.S. Dept Of Defense: Cross-Site Scripting (XSS) Vulnerability via parameter c0-id + Akamai Firewall Bypass
A Cross-Site Scripting XSS vulnerability was discovered on a specific website. The vulnerability was found in the POST method, allowing the injection of malicious scripts that could be executed. Exploitation of this vulnerability could have led to consequences such as cookie theft and session...
U.S. Dept Of Defense: Cross-Site Scripting (XSS) Vulnerability via POST Method + Akamai Firewall Bypass
A Cross-Site Scripting XSS vulnerability was discovered in the POST method on the target website. The vulnerability allowed the injection of malicious scripts that could be executed. A payload was provided to bypass the Akamai firewall. The vulnerability was reported and the affected products and...
Huawei HarmonyOS/EMUI Access Privilege Verification Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scene distributed operating system based on a microkernel. EMUI formerly known as Emotion UI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS/EMUI suffers from an access...
CVE-2024-33368
An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen...
CVE-2024-47294
Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2024-47294
Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2024-47294
Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2024-47294
CVE-2024-47294 affects Huawei HarmonyOS/EMUI via an access rights/permission verification vulnerability in the Input Method Framework module. The primary impact stated is availability disruption on exploitation, with CVSS v3.1 base metrics indicating high availability impact (NVD: AV:N/AC:L/PR:N/...
Plasmo RPShare 安全漏洞
RPShare is a client-side Fabric mod and server-side Paper plugin open-sourced by Plasmo. It allows players to quickly share resource packs. A security vulnerability exists in Plasmo RPShare version v.1.0.0, which stems from a vulnerability that allows remote attackers to execute arbitrary code vi...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scene distributed operating system based on a microkernel. EMUI formerly known as Emotion UI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS/EMUI suffers from an access...
PT-2024-25216 · Unknown · Plasmoapp Rpshare Fabric Mod
Name of the Vulnerable Software and Affected Versions: Plasmoapp RPShare Fabric mod version 1.0.0 Description: The issue allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen. Recommendations: For Plasmoapp RPShare Fabric mod version 1.0.0, consider...
PT-2024-32505 · Huawei · Emui +1
Name of the Vulnerable Software and Affected Versions: Input method framework module affected versions not specified Description: The issue is related to an access permission verification vulnerability in the input method framework module. Successful exploitation of this vulnerability may affect...
Dozzle 安全漏洞
Dozzle is a small, lightweight application by the individual developer Amir Raminfar. A security vulnerability exists in Dozzle versions prior to 8.5.3 that stems from the use of sha-256 as a password hash, which makes it vulnerable to rainbow table attacks...
Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials
Preconditions - The code login method is enabled with the passwordlessenabled flag set to true . - A 2FA method such as totp is enabled. - requiredaal of the whomai check or the settings flow is set to highestavailable. AAL stands for Authenticator Assurance Levels and can range from 0 no factor ...