Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
business one vulnerabilities and exploits
(subscribe to this query)
9.6
CVSSv3
CVE-2023-32680
Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that requirement. This lack...
Metabase Metabase
5.4
CVSSv3
CVE-2022-4790
The WP Google My Business Auto Publish WordPress plugin prior to 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Auto Publish For Google My Business Project Auto Publish For Google My Business
8.5
CVSSv3
CVE-2022-41127
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
Microsoft Dynamics Nav 2017
Microsoft Dynamics Nav 2016
Microsoft Dynamics 365 Business Central 2019
Microsoft Dynamics Nav 2018
Microsoft Dynamics 365 Business Central 2020
Microsoft Dynamics 365 Business Central 2021
Microsoft Dynamics 365 Business Central 2022
1 Article
7.8
CVSSv3
CVE-2022-35292
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversari...
Sap Business One 10.0
7.8
CVSSv3
CVE-2022-36336
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local malicious user to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpd...
Trendmicro Apex One 2019
Trendmicro Worry-free Business Security 10.0
Trendmicro Worry-free Business Security Services -
Trendmicro Apex One -
8.8
CVSSv3
CVE-2022-31593
SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
Sap Business One 10.0
7.5
CVSSv3
CVE-2022-35168
Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative.
Sap Business One 10.0
7.5
CVSSv3
CVE-2022-32249
Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit?s data volume to gain access to highly sensitive information (e.g., high privileged account credentials)
Sap Business One 10.0
7.5
CVSSv3
CVE-2022-28771
Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated malicious user to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible.
Sap Business One License Service Api 10.0
8.8
CVSSv3
CVE-2022-24854
Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, ...
Metabase Metabase
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »