28 matches found
EUVD-2025-206260
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery SSRF vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actio...
EUVD-2022-44480
Malicious code in bioql PyPI...
CVE-2023-30744
In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and...
CVE-2024-39799
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpnserversetup functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...
New Cloud MyOffice SDK Collaborative Editing Server 安全漏洞
MyOffice SDK is an office software development kit from MyOffice, Inc. A security vulnerability exists in New Cloud MyOffice SDK Collaborative Editing Server versions 2.2.2 through 2.8, which originates from a vulnerability that allows server-side request forgery to be implemented by manipulating...
CVE-2023-31461
Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability...
SteelSeries GG 路径遍历漏洞
SteelSeries GG is an all-in-one gaming platform from Danish company SteelSeries. It bundles powerful gaming applications into an easy-to-use interface. A path traversal vulnerability exists in SteelSeries GG version 36.0.0, which can be exploited by an attacker to create a sub-application via an...
SAP NetWeaver AS Java Improper Access Control (May 2023)
SAP NetWeaver Application Server for Java is affected by improper access control vulnerability. An unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization...
CVE-2023-30744
In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and...
CVE-2023-30744 Improper access control during application start-up in SAP AS NetWeaver JAVA.
In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and...
PT-2023-8732 · Sap · Sap Netweaver As Java
Name of the Vulnerable Software and Affected Versions: SAP AS NetWeaver JAVA versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50 Description: The issue is related to the lack of authentication for a critical function in SAP AS NetWeaver JAVA, allowing an unauthenticated attacker to attach t...
CVE-2023-28761
In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity...
CVE-2023-24527
SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will...
Design/Logic Flaw
In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity...
CVE-2023-28761 Missing Authentication check in SAP NetWeaver Enterprise Portal
In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity...
CVE-2023-24527 Improper Access Control in SAP NetWeaver AS Java for Deploy Service
SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will...
PT-2023-21943 · Sap · Sap Netweaver Enterprise Portal
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Enterprise Portal version 7.50 Description: An unauthenticated attacker can attach to an open interface and make use of an open API to access a service, enabling them to access or modify server settings and data. This leads to...
CVE-2023-27268
SAP NetWeaver AS Java Object Analyzing Service - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify...
CVE-2023-23857
Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services...
Authorization
SAP NetWeaver AS Java Object Analyzing Service - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify...