156 matches found
EUVD-2026-29829
PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...
Subnet Solutions PowerSYSTEM Center 安全漏洞
Subnet Solutions PowerSYSTEM Center is a power solution offered by Subnet Solutions Corporation. There is a security vulnerability present in Subnet Solutions PowerSYSTEM Center, which stems from the fact that device endpoints allow low-privilege authenticated users to access information that is...
EUVD-2026-22156
SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user�s browser, potentially exposing restricted information. This results in a low impact...
PT-2026-29219
Name of the Vulnerable Software and Affected Versions 1millionbot Millie chatbot affected versions not specified Description A prompt injection issue exists in the 1millionbot Millie chatbot. This occurs when a user bypasses chat restrictions using Boolean prompt injection techniques, constructin...
CVE-2025-12757
An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to...
CVE-2025-12757
The CVE-2025-12757 entry concerns Axis Camera Station Pro where a feature allows a non-admin user to view information they are not permitted to access. Metrics show CVSS 3.1 base score 4.6 (Medium), with an Adjacent attack vector, Low privileges required, No user interaction, and Confidentiality/...
CVE-2025-12757
An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to...
CVE-2021-27599
SAP NetWeaver ABAP Server and ABAP Platform Process Integration - Integration Builder Framework, versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted...
EUVD-2025-60996
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system...
CVE-2025-42882 Missing Authorization check in SAP NetWeaver Application Server for ABAP
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system...
CVE-2024-12125
A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information...
CVE-2024-12125 3scale-porta: readonly fields not validated server-side
A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information...
CVE-2024-12125
The CVE-2024-12125 affects the 3scale Developer Portal. The flaw allows account creation or updates where fields configured as read-only or hidden can be modified, exposing restricted information. Root cause: server-side validation does not enforce read-only/hidden constraints on account operatio...
CVE-2024-12125 3scale-porta: readonly fields not validated server-side
A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information...
CVE-2025-64132
Jenkins MCP Server Plugin 0.84.v50ca24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud configuration they should not be able to access...
EUVD-2020-24773
Malware in sbrugna...
EUVD-2020-24772
Malware in sbrugna...
EUVD-2006-6968
Malware in sbrugna...
EUVD-2006-6965
Malware in sbrugna...
EUVD-2006-6969
Malware in sbrugna...