Total
7743 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24524 | 1 Sap | 1 S\/4hana | 2025-03-20 | 6.5 Medium |
| SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability. | ||||
| CVE-2023-24528 | 1 Sap | 1 Fiori | 2025-03-20 | 6.5 Medium |
| SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally exposed over the network and successful exploitation can lead to exposure of data like travel documents. | ||||
| CVE-2023-44472 | 1 Brizy | 1 Unyson | 2025-03-20 | 4.3 Medium |
| Missing Authorization vulnerability in ThemeFuse Unyson.This issue affects Unyson: from n/a through 2.7.28. | ||||
| CVE-2024-23520 | 1 Accessally | 1 Popupally | 2025-03-20 | 4.3 Medium |
| Missing Authorization vulnerability in AccessAlly PopupAlly.This issue affects PopupAlly: from n/a through 2.1.0. | ||||
| CVE-2023-0019 | 1 Sap | 1 Grc Process Control | 2025-03-20 | 6.5 Medium |
| In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the database. Successful exploitation of this vulnerability can expose user credentials from client-specific tables of the database, leading to high impact on confidentiality. | ||||
| CVE-2024-22298 | 1 Tms-outsource | 1 Amelia | 2025-03-20 | 5.3 Medium |
| Missing Authorization vulnerability in TMS Amelia ameliabooking.This issue affects Amelia: from n/a through 1.0.98. | ||||
| CVE-2024-34799 | 1 Reputeinfosystems | 1 Bookingpress | 2025-03-20 | 6.5 Medium |
| Missing Authorization vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.82. | ||||
| CVE-2024-43331 | 1 Veronalabs | 1 Wp Sms | 2025-03-19 | 5.3 Medium |
| Missing Authorization vulnerability in VeronaLabs WP SMS.This issue affects WP SMS: from n/a through 6.9.3. | ||||
| CVE-2024-32143 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | 4.3 Medium |
| Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0. | ||||
| CVE-2024-32712 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-19 | 7.5 High |
| Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14. | ||||
| CVE-2023-25768 | 1 Jenkins | 1 Azure Credentials | 2025-03-19 | 6.5 Medium |
| A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | ||||
| CVE-2023-25766 | 1 Jenkins | 1 Azure Credentials | 2025-03-19 | 4.3 Medium |
| A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2023-23854 | 1 Sap | 1 Netweaver Application Server Abap | 2025-03-19 | 3.8 Low |
| SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2023-23850 | 1 Jenkins | 1 Synopsys Coverity | 2025-03-18 | 4.3 Medium |
| A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2023-23848 | 1 Jenkins | 1 Synopsys Coverity | 2025-03-18 | 4.3 Medium |
| Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2024-31813 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | 8.4 High |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. | ||||
| CVE-2024-27953 | 1 Coolplugins | 1 Cryptocurrency Widgets | 2025-03-18 | 4.7 Medium |
| Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.8. | ||||
| CVE-2024-24835 | 1 Pluginus | 1 Bear - Woocommerce Bulk Editor And Products Manager Professional | 2025-03-18 | 4.3 Medium |
| Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4. | ||||
| CVE-2025-21527 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2025-03-17 | 6.1 Medium |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Design Tools SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2025-21514 | 1 Oracle | 1 Jd Edwards Enterpriseone Tools | 2025-03-17 | 5.3 Medium |
| Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | ||||