229 matches found
Website Article Monetization By MageNet < 1.0.12 - Unauthenticated Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'abpauthkey' parameter due to insufficient input sanitization and output escaping and a missing authorization check. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...
CVE-2024-28254 SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The AlertUtil::validateExpression method evaluates an SpEL expression using getValue which by default uses the...
Authorization
Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner...
CVE-2024-27900 Missing Authorization check in SAP ABAP Platform
Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner...
OET-213H-BTS1 missing authorization check in the initial configuration
Overview OET-213H-BTS1 is a digital temperature measurement and face recognition terminal, developed by Zhejiang Uniview Technologies Co.,Ltd and provided by Atsumi Electric Co., Ltd. The initial configuration of the product is insecure CWE-1188, it does not perform an authorization check when...
LiteSpeed Cache < 5.7.0.1 - Unauthenticated CDN Status Update
Description The plugin is vulnerable to unauthorized modification of data due to a missing authorization check on the 'updatecdnstatus' function, allowing unauthenticated attackers to modify the plugin's CDN status...
CVE-2024-21736 Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)
SAP S/4HANA Finance for Advanced Payment Management - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the attacker to create in-house bank accounts leading to low impact on the confidentiality of the application...
CVE-2023-49229
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration...
CVE-2023-40309 Missing Authorization check in SAP CommonCryptoLib
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionalit...
CVE-2023-40309 Missing Authorization check in SAP CommonCryptoLib
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionalit...
CVE-2023-40625 Missing Authorization check in SAP Manage Purchase Contracts App
S4CORE Manage Purchase Contracts App - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and...
CVE-2023-39438 Missing Authorization check allows certain operations on CLA Assistant data
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as...
CVE-2023-39438 Missing Authorization check allows certain operations on CLA Assistant data
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as...
CVE-2023-37492 Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform
SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, SAPBASIS 740, SAPBASIS 750, SAPBASIS 752, SAPBASIS 753, SAPBASIS 754, SAPBASIS 755, SAPBASIS 756, SAPBASIS 757, SAPBASIS 758, SAPBASIS 793, SAPBASIS 804, does not perform...
CVE-2023-33992 Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA
The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAPBW 730, SAPBW 731, SAPBW 740, SAPBW 730, SAPBW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs...
CVE-2023-36000
The CVE-2023-36000 entry concerns the Insider Threat Management Server (Proofpoint) where a missing authorization check in the MacOS agent configuration endpoint allows an adjacent-network attacker to obtain sensitive information after obtaining a valid agent authentication token. Affected versio...
OpenEMR < 7.0.1 Multiple Vulnerabilities
OpenEMR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:open-emr:openemr"; ifdescription...
CVE-2023-32112 Missing Authorization Check in Vendor Master Hierarchy
Vendor Master Hierarchy - versions SAPAPPL 500, SAPAPPL 600, SAPAPPL 602, SAPAPPL 603, SAPAPPL 604, SAPAPPL 605, SAPAPPL 606, SAPAPPL 616, SAPAPPL 617, SAPAPPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lea...
CVE-2022-36051
ZITADEL combines the ease of Auth0 and the versatility of Keycloak.Actions, introduced in ZITADEL 1.42.0 on the API and 1.56.0 for Console, is a feature, where users with role.ORGOWNER are able to create Javascript Code, which is invoked by the system at certain points during the login. Actions,...
WordPress plugin Popup Maker 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...