80 matches found
PT-2025-36115
Name of the Vulnerable Software and Affected Versions: NMC G2 affected versions not specified Description: An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. Recommendations: At the moment,...
Eaton NMC G2 安全漏洞
Eaton NMC G2 is a network management card from Eaton Corporation USA. A security vulnerability exists in the Eaton NMC G2 that originates from a privileged attacker being able to modify the contents of non-sensitive files via path traversal in a CLI restricted shell...
Eaton Rack PDU G4 安全漏洞
The Eaton Rack PDU G4 is a vertical assembly power unit from Eaton Corporation USA. A security vulnerability exists in Eaton Rack PDU G4 version 3.5.0 and earlier, which stems from privileged access to potentially modify the contents of non-sensitive files via a CLI limited shell...
CVE-2025-42968
SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on...
CVE-2025-42996
SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the ability to access or modify non-sensitive information or consume sufficient resources which could degrade the performance of the server causing...
CVE-2023-42479
An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information...
CVE-2022-3866
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...
CVE-2022-3711
A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA...
Preserving Privacy and Utility in LLM-Based Product Recommendations
Large Language Model LLM-based recommendation systems leverage powerful language models to generate personalized suggestions by processing user interactions and preferences. Unlike traditional recommendation systems that rely on structured data and collaborative filtering, LLM-based models proces...
CVE-2025-27437
CVE-2025-27437 affects SAP NetWeaver Application Server ABAP, specifically the Virus Scanner Interface. The vulnerability is a missing authorization check that allows an attacker authenticated as a non-administrative user to initiate a transaction and access but not modify non-sensitive data, wit...
CVE-2025-27437 Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface)
A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further...
CVE-2024-51539
The Dell Secure Connect Gateway SCG Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attack...
CVE-2024-51539
The Dell Secure Connect Gateway SCG Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attack...
CVE-2024-51539
The Dell Secure Connect Gateway SCG Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attack...
CVE-2024-51539
The Dell Secure Connect Gateway SCG Application and Appliance, versions prior to 5.28, contains a SQL injection vulnerability due to improper neutralization of special elements used in an SQL command. This vulnerability can only be exploited locally on the affected system. A high-privilege attack...
CVE-2025-21106
Dell Recover Point for Virtual Machines 6.0.X contains a Weak file system permission vulnerability. A low privileged Local attacker could potentially exploit this vulnerability, leading to impacting only non-sensitive resources in the system...
Synology Active Backup for Business 路径遍历漏洞
Synology Active Backup for Business is a backup program from Synology, a Chinese company. A path traversal vulnerability exists in Synology Active Backup for Business, which can be exploited to allow a remote authenticated user with administrator privileges to read specific files containing...
CVE-2025-0556
In Progress® Telerik® Report Server, versions prior to 2025 Q1 11.0.25.211 when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local netwo...
CVE-2024-28134
An unauthenticated remote attacker can extract a session token with a MitM attack and gain web-based management access with the privileges of the currently logged in user due to cleartext transmission of sensitive information. No additional user interaction is required. The access is limited as...
CVE-2024-55550
Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access...