Tagged: Cybersecurity Alert

The Simple SEO WordPress plugin before 2.0.32 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site...

SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability...

SAP S/4HANA (Manage Processing Rules – For Bank Statements) allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing...

A vulnerability in SAP Financial Service Claims Management RFC function ICL_USER_GET_NAME_AND_ADDRESS allows user enumeration and potential disclosure of personal data through response discrepancies, causing low impact on confidentiality with no impact on integrity or...

SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially...

Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAP, an authenticated attacker could initiate transactions directly via the session manager, bypassing the first transaction screen and the associated...

SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in an existing SAP CAL appliances to gain access to other appliances. This has low...

Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These files could include executables which might be downloaded and executed by the...

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user’s browser when accessing the affected functionality of BAPI explorer. This has low impact...

Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket to the SAP application server. This...

SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. More information : https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025

SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. More information : https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025

SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. More information : https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025

SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. More information : https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025