Lucene search
K

21409 matches found

OSV
OSV
added 2026/01/13 9:7 a.m.6 views

BIT-GITLAB-2025-13781 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations...

6.5CVSS6.7AI score0.00406EPSS
Exploits0References4
NVD
NVD
added 2026/01/13 2:15 a.m.9 views

CVE-2026-0506

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines FORMs in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs...

8.1CVSS0.00228EPSS
Exploits0References2
OSV
OSV
added 2026/01/13 2:15 a.m.8 views

CVE-2026-0506

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines FORMs in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs...

8.1CVSS5.9AI score0.00228EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/13 1:14 a.m.30 views

CVE-2026-0506 Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines FORMs in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs...

8.1CVSS0.00228EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/13 1:14 a.m.4 views

CVE-2026-0506 Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform

Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines FORMs in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs...

8.1CVSS6.6AI score0.00228EPSS
Exploits0References2
CVE
CVE
added 2026/01/13 1:14 a.m.22 views

CVE-2026-0506

The CVE-2026-0506 issue affects SAP NetWeaver ABAP/ABAP Platform (Application Server ABAP) and is caused by a Missing Authorization Check in an RFC function that can execute FORM routines. An authenticated attacker could write/modify data accessible via FORMs and invoke system functionality expos...

8.1CVSS6.6AI score0.00228EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/13 1:13 a.m.28 views

CVE-2026-0497 Missing Authorization check in Business Server Pages Application (Product Designer Web UI)

SAP Product Designer Web UI of Business Server Pages allows authenticated non-administrative users to access non-sensitive information. This results in a low impact on confidentiality, with no impact on integrity or availability of the application...

4.3CVSS0.00195EPSS
Exploits0References2
CVE
CVE
added 2026/01/13 1:13 a.m.12 views

CVE-2026-0497

CVE-2026-0497 affects SAP Product Designer Web UI of Business Server Pages. The issue arises from a missing authorization check, allowing authenticated non-administrative users to access non-sensitive information. Reported impact is limited to confidentiality (low); no impact on integrity or avai...

4.3CVSS6.1AI score0.00195EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.10 views

PT-2026-2340

Name of the Vulnerable Software and Affected Versions Application Server ABAP and ABAP Platform affected versions not specified Description A missing authorization check exists in Application Server ABAP and ABAP Platform. An authenticated attacker can misuse an RFC function to execute form...

8.1CVSS6.6AI score0.00228EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/12 12:0 a.m.6 views

FreeBSD : Gitlab -- vulnerabilities (c9b610e9-eebc-11f0-b051-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c9b610e9-eebc-11f0-b051-2cf05da270f3 advisory. Gitlab reports: Stored Cross-site Scripting issue in GitLab Flavored Markdown placeholders...

9.6CVSS5.9AI score0.0062EPSS
Exploits0References9
Hacker One
Hacker One
added 2026/01/10 7:52 p.m.7 views

GitHub: Missing Access Control in MigrationFile allows attacker to upload files to any Migration

A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized content to be uploaded to a user's repository migration export due to a missing authorization check in the repository migration upload endpoint. The vulnerability could be exploited by...

6.5CVSS5.9AI score0.0039EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.3 views

CVE-2025-14360

Missing Authorization vulnerability in Kaira Blockons blockons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockons: from n/a through = 1.2.19...

7.5CVSS5.9AI score0.00287EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.5 views

CVE-2025-14358

Missing Authorization vulnerability in sizam REHub Framework rehub-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects REHub Framework: from n/a through = 19.9.5...

7.5CVSS5.9AI score0.00287EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.3 views

CVE-2025-67926

Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through = 1.10.4...

6.5CVSS5.9AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.4 views

CVE-2025-67913

Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through 3.0.3...

6.5CVSS5.9AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.3 views

CVE-2025-67917

Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through = 3.2.6...

6.5CVSS5.9AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.6 views

CVE-2025-22715

Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WPAttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: fro...

7.5CVSS5.9AI score0.0038EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.2 views

CVE-2026-0676

Missing Authorization vulnerability in G5Theme Zorka zorka allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zorka: from n/a through = 1.5.7...

5.3CVSS5.9AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:40 a.m.3 views

CVE-2026-22517

Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through = 2.10.0...

5.4CVSS5.9AI score0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/10 5:40 a.m.4 views

CVE-2026-22522

Missing Authorization vulnerability in Munir Kamal Block Slider block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through = 2.2.3...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References1
Rows per page
Query Builder