Page 102 of 10582 results (0.178 seconds)

CVSS: 5.0EPSS: 0%CPEs: -EXPL: 0

Under certain conditions, the memory of SAP GUI for Windows contains the password used to log on to an SAP system, which might allow an attacker to get hold of the password and impersonate the affected user. As a result, it has a high impact on the confidentiality but there is no impact on the integrity and availability. Bajo ciertas condiciones, la memoria de SAP GUI para Windows contiene la contraseña utilizada para iniciar sesión en un sistema SAP, lo que podría permitir a un atacante obtener la contraseña y hacerse pasar por el usuario afectado. Como resultado, tiene un alto impacto en la confidencialidad pero no hay impacto en la integridad y disponibilidad. • https://me.sap.com/notes/3461110 https://url.sap/sapsecuritypatchday • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: -EXPL: 0

On successful exploitation this can result in information disclosure. • https://me.sap.com/notes/3458789 https://url.sap/sapsecuritypatchday • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0

On successful exploitation this can result in information disclosure. • https://me.sap.com/notes/3467377 https://url.sap/sapsecuritypatchday • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response. • https://me.sap.com/notes/3466801 https://url.sap/sapsecuritypatchday • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.1EPSS: 0%CPEs: -EXPL: 0

A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability also enables attackers to perform actions on behalf of the user, such as deleting projects or sending messages. The issue arises from the lack of proper origin validation, allowing unauthorized cross-origin requests to be executed. The vulnerability is present in all versions of the repository, as no fixed version has been specified. Error de validación de origen en el repositorio de GitHub stitionai/devika antes de -. • https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2 https://huntr.com/bounties/7ffeb896-27c8-429d-b241-4f7d6dda0afd • CWE-346: Origin Validation Error •