Lucene search
+L

229 matches found

WPVulnDB
WPVulnDB
added 2024/03/19 12:0 a.m.18 views

Website Article Monetization By MageNet < 1.0.12 - Unauthenticated Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'abpauthkey' parameter due to insufficient input sanitization and output escaping and a missing authorization check. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will...

6.1CVSS6.3AI score0.00522EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/15 7:55 p.m.18 views

CVE-2024-28254 SpEL Injection in `GET /api/v1/events/subscriptions/validation/condition/<expr>` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎AlertUtil::validateExpression method evaluates an SpEL expression using getValue which by default uses the...

8.8CVSS8.9AI score0.45725EPSS
Exploits3References5
Prion
Prion
added 2024/03/12 1:15 a.m.23 views

Authorization

Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner...

4CVSS4.6AI score0.00393EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/12 12:44 a.m.11 views

CVE-2024-27900 Missing Authorization check in SAP ABAP Platform

Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner...

4.3CVSS6.8AI score0.00393EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/02/29 5:59 a.m.4 views

OET-213H-BTS1 missing authorization check in the initial configuration

Overview OET-213H-BTS1 is a digital temperature measurement and face recognition terminal, developed by Zhejiang Uniview Technologies Co.,Ltd and provided by Atsumi Electric Co., Ltd. The initial configuration of the product is ​insecure CWE-1188, it does not perform an authorization check when...

8.3CVSS6.6AI score0.00333EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2024/02/29 12:0 a.m.28 views

LiteSpeed Cache < 5.7.0.1 - Unauthenticated CDN Status Update

Description The plugin is vulnerable to unauthorized modification of data due to a missing authorization check on the 'updatecdnstatus' function, allowing unauthenticated attackers to modify the plugin's CDN status...

8.2CVSS6.7AI score0.00413EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/01/09 1:15 a.m.31 views

CVE-2024-21736 Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)

SAP S/4HANA Finance for Advanced Payment Management - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the attacker to create in-house bank accounts leading to low impact on the confidentiality of the application...

6.4CVSS6.6AI score0.00274EPSS
Exploits0References2
NVD
NVD
added 2023/12/28 4:15 a.m.21 views

CVE-2023-49229

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration...

4.3CVSS0.00488EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/09/12 2:21 a.m.18 views

CVE-2023-40309 Missing Authorization check in SAP CommonCryptoLib

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionalit...

9.8CVSS9.8AI score0.00748EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/12 2:21 a.m.29 views

CVE-2023-40309 Missing Authorization check in SAP CommonCryptoLib

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionalit...

9.8CVSS9.8AI score0.00748EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/12 2:0 a.m.37 views

CVE-2023-40625 Missing Authorization check in SAP Manage Purchase Contracts App

S4CORE Manage Purchase Contracts App - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and...

5.4CVSS6AI score0.00305EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/15 4:23 p.m.31 views

CVE-2023-39438 Missing Authorization check allows certain operations on CLA Assistant data

A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as...

8.1CVSS8.1AI score0.00392EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/15 4:23 p.m.13 views

CVE-2023-39438 Missing Authorization check allows certain operations on CLA Assistant data

A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as...

8.1CVSS6.7AI score0.00392EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/08 12:47 a.m.42 views

CVE-2023-37492 Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform

SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, SAPBASIS 740, SAPBASIS 750, SAPBASIS 752, SAPBASIS 753, SAPBASIS 754, SAPBASIS 755, SAPBASIS 756, SAPBASIS 757, SAPBASIS 758, SAPBASIS 793, SAPBASIS 804, does not perform...

4.9CVSS6.6AI score0.004EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/07/11 2:34 a.m.30 views

CVE-2023-33992 Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA

The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAPBW 730, SAPBW 731, SAPBW 740, SAPBW 730, SAPBW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs...

4.5CVSS6.6AI score0.00444EPSS
Exploits0References2
CVE
CVE
added 2023/06/27 2:32 p.m.39 views

CVE-2023-36000

The CVE-2023-36000 entry concerns the Insider Threat Management Server (Proofpoint) where a missing authorization check in the MacOS agent configuration endpoint allows an adjacent-network attacker to obtain sensitive information after obtaining a valid agent authentication token. Affected versio...

6.5CVSS6.4AI score0.0031EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2023/05/10 12:0 a.m.12 views

OpenEMR < 7.0.1 Multiple Vulnerabilities

OpenEMR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:open-emr:openemr"; ifdescription...

8.8CVSS6.1AI score0.96731EPSS
Exploits11References10
Cvelist
Cvelist
added 2023/05/09 1:42 a.m.35 views

CVE-2023-32112 Missing Authorization Check in Vendor Master Hierarchy

Vendor Master Hierarchy - versions SAPAPPL 500, SAPAPPL 600, SAPAPPL 602, SAPAPPL 603, SAPAPPL 604, SAPAPPL 605, SAPAPPL 606, SAPAPPL 616, SAPAPPL 617, SAPAPPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lea...

2.8CVSS5.7AI score0.00149EPSS
Exploits0References2
NVD
NVD
added 2022/08/31 11:15 p.m.45 views

CVE-2022-36051

ZITADEL combines the ease of Auth0 and the versatility of Keycloak.Actions, introduced in ZITADEL 1.42.0 on the API and 1.56.0 for Console, is a feature, where users with role.ORGOWNER are able to create Javascript Code, which is invoked by the system at certain points during the login. Actions,...

8.8CVSS0.00788EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/06 12:0 a.m.7 views

WordPress plugin Popup Maker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

3.5CVSS5.5AI score0.00409EPSS
Exploits0References2
Rows per page
Query Builder