31 matches found
EUVD-2026-35286
The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...
CVE-2026-24040
A flaw was found in jsPDF. When jsPDF is used in a concurrent environment, such as a Node.js web server, a race condition in the addJS method can lead to cross-user data leakage. This occurs because a shared variable used to store JavaScript content can be overwritten by simultaneous requests. As...
CVE-2023-25615
Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead t...
EUVD-2020-5866
Malware in sbrugna...
EUVD-2023-41374
Malicious code in bioql PyPI...
QNAP QTS and QuTS hero path traversal vulnerability (CNVD-2025-27805)
QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...
CVE-2025-3082
A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version...
UBUNTU-CVE-2025-3082
A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version...
postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
A flaw was found in PostgreSQL. This vulnerability allows a less-privileged application user to view or change unintended rows using SET ROLE, SET SESSION AUTHORIZATION, or equivalent features resulting in loss of confidentiality integrity and availability...
CVE-2024-10490 Authentication bypass flaw in several mapp components
An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an...
CVE-2024-49766 Werkzeug safe_join not safe on Windows
Werkzeug is a Web Server Gateway Interface web application library. On Python = 3.11, or not using Windows, are not vulnerable. Werkzeug version 3.0.6 contains a patch...
CVE-2024-32971
Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in unintended data or...
CVE-2024-32971
CVE-2024-32971 affects Apollo Router when using distributed query plan caching. A bug in the router’s cache retrieval logic may cause an operation (query, mutation, or subscription) to execute a modified version of a previously run operation, potentially yielding unexpected results or errors. Pub...
CVE-2024-32971 Defect in query plan cache may cause incorrect operations to be executed in Apollo Router
Apollo Router is a configurable, graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. The affected versions of Apollo Router contain a bug that in limited circumstances, could lead to unexpected operations being executed which can result in unintended data or...
CVE-2023-5368
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to re...
CVE-2023-5368 msdosfs data disclosure
On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to re...
CVE-2022-22447
IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648...
CVE-2023-37487
SAP Business One Service Layer - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application...
CVE-2023-25615 SQL Injection vulnerability in SAP ABAP Platform
Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead t...
CVE-2022-21713
An Insecure Direct Object Reference IDOR vulnerability was found on Grafana Teams APIs. This flaw impacts the /teams/:teamId, /teams/:search, /teams/:teamId/members API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for tea...