|
501
|
6.1 |
MEDIUM
Network
|
kubiq
|
pdf_thumbnail_generator
|
The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and inc…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8737
|
2024-09-27 04:18 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
502
|
4.3 |
MEDIUM
Network
|
sentry
|
sentry
|
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-45606
|
2024-09-27 04:16 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
503
|
- |
|
-
|
-
|
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.
New
|
-
|
CVE-2024-8118
|
2024-09-27 04:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
504
|
- |
|
-
|
-
|
SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availab…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-33008
|
2024-09-27 04:15 |
2024-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
505
|
- |
|
-
|
-
|
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection v…
Update
|
CWE-77
Command Injection
|
CVE-2024-22127
|
2024-09-27 04:15 |
2024-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
506
|
4.3 |
MEDIUM
Network
|
sap
|
business_one
|
SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. …
Update
|
CWE-611
XXE
|
CVE-2023-41365
|
2024-09-27 04:15 |
2023-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
507
|
7.5 |
HIGH
Network
sap
|
netweaver_application_server_abap
web_dispatcher
content_server
hana_database
host_agent
extended_application_services_and_runtime
sapssoext
commoncryptolib
netweaver_applicat…
|
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2023-40308
|
2024-09-27 04:15 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
508
|
5.3 |
MEDIUM
Network
sap
|
powerdesigner
|
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password…
Update
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2023-37484
|
2024-09-27 04:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
509
|
5.3 |
MEDIUM
Network
sap
|
host_agent
|
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-36926
|
2024-09-27 04:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
510
|
6.5 |
MEDIUM
Network
|
hashicorp
|
consul
|
Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service…
Update
|
NVD-CWE-noinfo
|
CVE-2023-2816
|
2024-09-27 04:15 |
2023-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
