Lucene search
+L

229 matches found

CNNVD
CNNVD
added 2024/12/13 12:0 a.m.4 views

WordPress plugin Brands for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS6.4AI score0.00485EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/13 12:0 a.m.6 views

WordPress plugin Ovic Product Bundle 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS8.6AI score0.00521EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/04 12:20 p.m.28 views

CVE-2024-51559 Improper Access Control Vulnerability in Wave 2.0

This vulnerability exists in the Wave 2.0 due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API input parameters to gain unauthorized access and perform malicious activities on other user accounts...

7.1CVSS0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/10 4:57 a.m.23 views

CVE-2024-45284 Missing authorization check in SAP Student Life Cycle Management (SLcM)

An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application...

2.4CVSS0.00242EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/10 4:3 a.m.27 views

CVE-2024-44112 Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution)

Due to missing authorization check in SAP for Oil & Gas Transportation and Distribution, an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or...

4.3CVSS0.0025EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/10 4:0 a.m.18 views

CVE-2024-41728 Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects...

2.7CVSS7AI score0.00288EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/10 4:0 a.m.32 views

CVE-2024-41728 Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects...

2.7CVSS0.00288EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/10 3:56 a.m.11 views

CVE-2024-45286 Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface)

Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability...

6.5CVSS6.9AI score0.00326EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/10 3:6 a.m.28 views

CVE-2024-44114 Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application...

2CVSS0.00242EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/13 4:53 a.m.16 views

CVE-2024-42373 Missing Authorization Check in SAP Student Life Cycle Management (SLcM)

SAP Student Life Cycle Management SLcM fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing...

4.3CVSS7.1AI score0.0025EPSS
Exploits0References2
NVD
NVD
added 2024/07/03 6:15 a.m.26 views

CVE-2024-2231

The allows any authenticated user to join a private group due to a missing authorization check on a function...

6.5CVSS0.00374EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.5 views

PT-2024-19332

Name of the Vulnerable Software and Affected Versions Software affected versions not specified Description The issue allows any authenticated user to join a private group due to a missing authorization check on a function. Recommendations At the moment, there is no information about a newer versi...

6.5CVSS6.2AI score0.00374EPSS
Exploits1References6
Cvelist
Cvelist
added 2024/06/11 2:22 a.m.25 views

CVE-2024-34691 Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files)

Manage Incoming Payment Files F1680 of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the system...

6.5CVSS0.00282EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/11 2:17 a.m.37 views

CVE-2024-34690 Missing Authorization check in SAP Student Life Cycle Management (SLcM)

SAP Student Life Cycle Management SLcM fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted,...

5.4CVSS0.00223EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/14 3:7 a.m.14 views

CVE-2024-32731 Missing Authorization check in SAP My Travel Requests

SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality,...

5.5CVSS7.1AI score0.00363EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/26 4:6 p.m.16 views

CVE-2024-32730 Missing authorization check in SAP Enable Now Manager

SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker with the role 'Learner' could gain access to other user's data in manager which will lead to a high impact to the...

6.5CVSS7.2AI score0.00552EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/09 1:3 a.m.20 views

CVE-2024-30217 Missing Authorization check in SAP S/4 HANA (Cash Management)

Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application...

4.3CVSS7.6AI score0.00318EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/09 1:2 a.m.28 views

CVE-2024-30216 Missing Authorization check in SAP S/4 HANA (Cash Management)

Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the...

4.3CVSS5.4AI score0.00318EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/23 12:0 a.m.4 views

WordPress Plugin EventPrime 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.2CVSS8.5AI score0.00439EPSS
Exploits0References2
Veracode
Veracode
added 2024/03/22 11:44 a.m.26 views

Missing Authorization Check

djangorestframeworksimplejwt is vulnerable to Missing Authorization Check. The vulnerability is due to the foruser function which fails to check if a user is active before generation. Django's built in user model contains the isactive field which can be used to block a user from authenticating. I...

7.2AI score0.00804EPSS
Exploits4References4Affected Software1
Rows per page
Query Builder