| Page(s) : 1 ... 131 132 133 134 135 136 137 138 139 140 [141] 142 143 144 145 146 147 148 149 150 151 ... | Result(s) : 312940 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 5.4 | 2025-03-11 | CVE-2025-27431 | cve | User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS). This could enable an attacker to inject malicious payl... |
| 2.4 | 2025-03-11 | CVE-2025-27432 | cve | The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transact... |
| 4.3 | 2025-03-11 | CVE-2025-27433 | cve | The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank state... |
| 8.8 | 2025-03-11 | CVE-2025-27434 | cve | Due to insufficient input validation, SAP Commerce (Swagger UI) allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an... |
| 4.3 | 2025-03-11 | CVE-2025-27436 | cve | The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is l... |
| 7.2 | 2025-03-11 | CVE-2024-11253 | cve | A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and ea... |
| 7.2 | 2025-03-11 | CVE-2024-12009 | cve | A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated a... |
| 7.2 | 2025-03-11 | CVE-2024-12010 | cve | A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authe... |
| 6.1 | 2025-03-11 | CVE-2024-13436 | cve | The Appsero Helper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce valida... |
| 9.8 | 2025-03-11 | CVE-2025-1661 | cve | The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 't... |
| N/A | 2025-03-11 | CVE-2025-26707 | cve | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. |
| 7.3 | 2025-03-11 | CVE-2025-2169 | cve | The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4. This i... |
| N/A | 2025-03-10 | CVE-2025-25907 | cve | tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations ... |
| N/A | 2025-03-10 | CVE-2025-25908 | cve | A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL... |
| N/A | 2025-03-10 | CVE-2025-27910 | cve | tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary opera... |
| N/A | 2025-03-10 | CVE-2025-27610 | cve | Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files under the specified `root:` even... |
| N/A | 2025-03-10 | CVE-2025-27924 | cve | Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the "Navigate to a URL" action. |
| N/A | 2025-03-10 | CVE-2025-27925 | cve | Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input. |
| N/A | 2025-03-10 | CVE-2025-27926 | cve | In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users. |
| N/A | 2025-03-10 | CVE-2022-43454 | cve | A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An app may be abl... |
| Page(s) : 1 ... 131 132 133 134 135 136 137 138 139 140 [141] 142 143 144 145 146 147 148 149 150 151 ... | Result(s) : 312940 |
