CVE-2026-40132 Missing Authorization Check in SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard)

Due to missing authorization check in SAP Strategic Enterprise Management Scorecard Wizard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and...

CVE-2026-4399

The CVE-2026-4399 entry describes a prompt injection vulnerability in the 1millionbot Millie chatbot. The issue arises when a user bypasses chat restrictions via Boolean prompt injection, causing the model to execute an injected instruction after an affirmative ('true') response. Consequences sta...

CVE-2026-32123 OpenEMR: Therapy Group Sensitivity ACL No Longer Enforced

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broken because the code only consults formencounter for sensitivity, while group encounters store sensitivity in...

Incorrect Authorization

Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to Incorrect Authorization during the dataset creation process. An attacker can gain unauthorized access to restricted data by overwriting the SQL query o...

CVE-2025-57707

An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...

CVE-2025-57707

CVE-2025-57707 concerns File Station 5, where an improper neutralization of directives in statically saved code (Static Code Injection) may allow a user with an account to access restricted data/files. The fixed version is File Station 5.5.6.5166 and later. CVSS 4.0 base vector indicates Network ...

CVE-2025-57707

An improper neutralization of directives in statically saved code 'Static Code Injection' vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to access restricted data / files. We have already fixed the...

QNAP Systems File Station 5 安全漏洞

QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems File Station 5 prior to 5.5.6.5166 contained security vulnerabilities. These vulnerabilities were caused by static code injection, which could lead to acce...

CVE-2026-0494

Under certain conditions SAP Fiori App Intercompany Balance Reconciliation application allows an attacker to access information which would otherwise be restricted. This has low impact on confidentiality of the application, integrity and availability are not impacted...

EUVD-2024-55065

A flaw was found in the 3scale developer portal. This issue can allow account creation or updates passed through hidden or read-only fields, the contents of which may be altered. This flaw allows an attacker to access or modify restricted information...

EUVD-2022-41310

Malicious code in bioql PyPI...

D-Link DIR-818L Injection Vulnerability

The D-Link DIR-818L is a WiFi router from the Chinese company AUO D-Link. The D-Link DIR-818L suffers from an injection vulnerability that originates from a misbehavior in the file /htdocs/cgibin, which can be exploited by an attacker to bypass authentication and access restricted data by injecti...

D-Link DIR-818L 注入漏洞

The D-Link DIR-818L is a WiFi router from the Chinese company AUO D-Link. The D-Link DIR-818L suffers from an injection vulnerability that originates from a misbehavior in the file /htdocs/cgibin, which can be exploited by an attacker to bypass authentication and access restricted data by injecti...

CVE-2025-53029

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.1.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle ...

Improper Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization via improper authorization. An attacker can gain access to restricted information by bypassing security controls without requiring user interaction...

CVE-2025-48383

Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data...

GHSA-WJRH-HJ83-3WH7 Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking

Impact Instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can secret access tokens across requests. This can allow users to access restricted querysets and restricted data. Patches The problem has been patched in version 8.4.1 and all following...

CVE-2024-34651

Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files...

CVE-2022-20517

In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2021-27621

Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name...