51
|
9.8 |
CRITICAL
Network
sap
|
powerdesigner
|
SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy.
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-37483
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
52
|
5.3 |
MEDIUM
Network
sap
|
enable_now
|
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated …
Update
|
CWE-213
|
CVE-2023-36919
|
2024-09-29 07:15 |
2023-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
53
|
7.4 |
HIGH
Network
|
sap
|
netweaver_application_server_abap
|
SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-35874
|
2024-09-29 07:15 |
2023-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
54
|
7.3 |
HIGH
Network
sap
|
s4core
|
When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leadi…
Update
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-35870
|
2024-09-29 07:15 |
2023-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
55
|
7.1 |
HIGH
Local
|
sap
|
sql_anywhere
|
SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local sys…
Update
|
CWE-277 CWE-732
Insecure Inherited Permissions Incorrect Permission Assignment for Critical Resource
|
CVE-2023-33990
|
2024-09-29 07:15 |
2023-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
56
|
2.7 |
LOW
Network
|
sap
|
netweaver
|
SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program…
Update
|
-
|
CVE-2023-32114
|
2024-09-29 07:15 |
2023-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
57
|
- |
|
-
|
-
|
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is the function delete_category of the file /classes/Master.php?f=delete_cat…
New
|
CWE-89
SQL Injection
|
CVE-2024-9317
|
2024-09-29 06:15 |
2024-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
58
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. Affected is an unknown function of the file /admin/blood/update/B+.php. The manipulation of th…
New
|
CWE-89
SQL Injection
|
CVE-2024-9316
|
2024-09-29 05:15 |
2024-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
59
|
- |
|
-
|
-
|
A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance…
New
|
CWE-89
SQL Injection
|
CVE-2024-9315
|
2024-09-29 04:15 |
2024-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
60
|
7.8 |
HIGH
Local
|
ui
|
unifi_network_application
|
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell acces…
Update
|
CWE-77
Command Injection
|
CVE-2024-42025
|
2024-09-29 03:35 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|