21409 matches found
BIT-GITLAB-2025-13781 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations...
CVE-2026-0506
Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines FORMs in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs...
CVE-2026-0506
Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines FORMs in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs...
CVE-2026-0506 Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform
Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines FORMs in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs...
CVE-2026-0506 Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform
Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines FORMs in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs...
CVE-2026-0506
The CVE-2026-0506 issue affects SAP NetWeaver ABAP/ABAP Platform (Application Server ABAP) and is caused by a Missing Authorization Check in an RFC function that can execute FORM routines. An authenticated attacker could write/modify data accessible via FORMs and invoke system functionality expos...
CVE-2026-0497 Missing Authorization check in Business Server Pages Application (Product Designer Web UI)
SAP Product Designer Web UI of Business Server Pages allows authenticated non-administrative users to access non-sensitive information. This results in a low impact on confidentiality, with no impact on integrity or availability of the application...
CVE-2026-0497
CVE-2026-0497 affects SAP Product Designer Web UI of Business Server Pages. The issue arises from a missing authorization check, allowing authenticated non-administrative users to access non-sensitive information. Reported impact is limited to confidentiality (low); no impact on integrity or avai...
PT-2026-2340
Name of the Vulnerable Software and Affected Versions Application Server ABAP and ABAP Platform affected versions not specified Description A missing authorization check exists in Application Server ABAP and ABAP Platform. An authenticated attacker can misuse an RFC function to execute form...
FreeBSD : Gitlab -- vulnerabilities (c9b610e9-eebc-11f0-b051-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c9b610e9-eebc-11f0-b051-2cf05da270f3 advisory. Gitlab reports: Stored Cross-site Scripting issue in GitLab Flavored Markdown placeholders...
GitHub: Missing Access Control in MigrationFile allows attacker to upload files to any Migration
A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized content to be uploaded to a user's repository migration export due to a missing authorization check in the repository migration upload endpoint. The vulnerability could be exploited by...
CVE-2025-14360
Missing Authorization vulnerability in Kaira Blockons blockons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockons: from n/a through = 1.2.19...
CVE-2025-14358
Missing Authorization vulnerability in sizam REHub Framework rehub-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects REHub Framework: from n/a through = 19.9.5...
CVE-2025-67926
Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through = 1.10.4...
CVE-2025-67913
Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through 3.0.3...
CVE-2025-67917
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through = 3.2.6...
CVE-2025-22715
Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WPAttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: fro...
CVE-2026-0676
Missing Authorization vulnerability in G5Theme Zorka zorka allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zorka: from n/a through = 1.5.7...
CVE-2026-22517
Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through = 2.10.0...
CVE-2026-22522
Missing Authorization vulnerability in Munir Kamal Block Slider block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through = 2.2.3...