| Page(s) : 1 ... 762 763 764 765 766 767 768 769 770 771 [772] 773 774 775 776 777 778 779 780 781 782 ... | Result(s) : 300103 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 6.8 | 2025-03-11 | CVE-2025-26658 | cve | The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions. D... |
| 6.1 | 2025-03-11 | CVE-2025-26659 | cve | SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to DOM-basedCross-Site Scripting (XSS) vulnerability. This allows an attacker ... |
| 4.3 | 2025-03-11 | CVE-2025-26660 | cve | SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vul... |
| 8.8 | 2025-03-11 | CVE-2025-26661 | cve | Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileg... |
| 3.5 | 2025-03-11 | CVE-2025-27430 | cve | Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This fla... |
| 5.4 | 2025-03-11 | CVE-2025-27431 | cve | User management functionality in SAP NetWeaver Application Server Java is vulnerable to Stored Cross-Site Scripting (XSS). This could enable an attacker to inject malicious payl... |
| 2.4 | 2025-03-11 | CVE-2025-27432 | cve | The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transact... |
| 4.3 | 2025-03-11 | CVE-2025-27433 | cve | The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank state... |
| 8.8 | 2025-03-11 | CVE-2025-27434 | cve | Due to insufficient input validation, SAP Commerce (Swagger UI) allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an... |
| 4.3 | 2025-03-11 | CVE-2025-27436 | cve | The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is l... |
| 7.2 | 2025-03-11 | CVE-2024-11253 | cve | A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and ea... |
| 7.2 | 2025-03-11 | CVE-2024-12009 | cve | A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated a... |
| 7.2 | 2025-03-11 | CVE-2024-12010 | cve | A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authe... |
| 6.1 | 2025-03-11 | CVE-2024-13436 | cve | The Appsero Helper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce valida... |
| 9.8 | 2025-03-11 | CVE-2025-1661 | cve | The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 't... |
| N/A | 2025-03-11 | CVE-2025-26707 | cve | Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. |
| 7.3 | 2025-03-11 | CVE-2025-2169 | cve | The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4. This i... |
| N/A | 2025-03-10 | CVE-2025-25907 | cve | tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations ... |
| N/A | 2025-03-10 | CVE-2025-25908 | cve | A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL... |
| N/A | 2025-03-10 | CVE-2025-27910 | cve | tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary opera... |
| Page(s) : 1 ... 762 763 764 765 766 767 768 769 770 771 [772] 773 774 775 776 777 778 779 780 781 782 ... | Result(s) : 300103 |
