229 matches found
WordPress plugin Brands for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin Ovic Product Bundle 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-51559 Improper Access Control Vulnerability in Wave 2.0
This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts...
CVE-2024-45284 Missing authorization check in SAP Student Life Cycle Management (SLcM)
An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application...
CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)
Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...
CVE-2024-41728 Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects...
CVE-2024-41728 Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects...
CVE-2024-45286 Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)
Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability...
CVE-2024-44114 Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application...
CVE-2024-42373 Missing Authorization Check in SAP Student Life Cycle Management (SLcM)
SAP Student Life Cycle Management SLcM fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing...
CVE-2024-2231
The allows any authenticated user to join a private group due to a missing authorization check on a function...
PT-2024-19332
Name of the Vulnerable Software and Affected Versions Software affected versions not specified Description The issue allows any authenticated user to join a private group due to a missing authorization check on a function. Recommendations At the moment, there is no information about a newer versi...
CVE-2024-34691 Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files)
Manage Incoming Payment Files F1680 of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the system...
CVE-2024-34690 Missing Authorization check in SAP Student Life Cycle Management (SLcM)
SAP Student Life Cycle Management SLcM fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted,...
CVE-2024-32731 Missing Authorization check in SAP My Travel Requests
SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality,...
CVE-2024-32730 Missing authorization check in SAP Enable Now Manager
SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker with the role 'Learner' could gain access to other user's data in manager which will lead to a high impact to the...
CVE-2024-30217 Missing Authorization check in SAP S/4 HANA (Cash Management)
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application...
CVE-2024-30216 Missing Authorization check in SAP S/4 HANA (Cash Management)
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the...
WordPress Plugin EventPrime 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Missing Authorization Check
djangorestframeworksimplejwt is vulnerable to Missing Authorization Check. The vulnerability is due to the foruser function which fails to check if a user is active before generation. Django's built in user model contains the isactive field which can be used to block a user from authenticating. I...